Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is one of the series of standards Personal health information code which is composed of:
——GB/T 38961-2020 Personal health information code - Reference model;
——GB/T 38962-2020 Personal health information code - Data format;
——GB/T 38963-2020 Personal health information code - Application interface.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by the E-government Office of the General Office of the State Council.
This standard is under the jurisdiction of SAC/TC 28 National Technical Committee on Information Technology of Standardization Administration of China.
Introduction
In the process of preventing, controlling and eliminating the hazards of public health emergencies [such as novel coronavirus-infected pneumonia (COVID-19)], it is necessary to collect, store and process personal health information to achieve various management purposes, including:
——quickly obtaining relevant information about personal health;
——statistics of information about an epidemic or disease;
——managing the personnel flow between different regions;
——mutual recognition of health information service levels.
In the process of prevention and control of COVID-19 epidemic and resumption of work and production since February 2020, the pandemic prevention health information code provided by the national integrated online government service platform (hereinafter referred to as "integrated platform”) and the "PHI-code" established and used by some provinces (autonomous regions and municipalities), as an important form of personal health information code, have become an effective way to quickly collect, store and process personal health information. In the practical application of personal health information code, there are some problems, such as inconsistent code system composition, inconsistent data format, lack of data sharing and mutual recognition mechanism, which restrict the cross-regional flow of personnel and goods. Therefore, from the perspective of the current practice and long-term application requirements, it is necessary to achieve the consistent standards of personal health information codes. In addition to the emergency handling of public health emergencies, personal health information codes are also applicable in the management process of personal medical treatment, health care or other major public activities.
If the specific matters specified herein are otherwise stipulated by laws and regulations (such as the Cybersecurity Law of the People's Republic of China and the Law of the People's Republic of China on Prevention and Treatment of Infectious Diseases), such provisions shall be complied with.
Personal health information code - Reference model
1 Scope
This standard specifies the composition and structure, code system and presentation form, application system reference model and application requirements of personal health information code.
This standard is applicable to the design, development and system integration of personal health information code related application systems, and may be referred to by other application systems related to authorized release, inquiry and utilization of personal health information.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 2260 Codes for the administrative divisions of the Peoples Republic of China
GB/T 2659 Codes for the representation of names of countries and regions
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 35273-2020 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 38962-2020 Personal health information code - Data format
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
personal information
various information recorded electronically or otherwise that can, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person
Note 1: Personal information includes name, date of birth, ID number, personal biometric identifying information, address, communication and contact information, communication record and content, account and password, property information, credit information, whereabouts, accommodation information, health and physiology information, and transaction information.
Note 2: The information formed by the personal information controller by processing personal information or other information, such as user profiling or features, labels, is regarded as personal information if it can be used to, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person.
[GB/T 35273-2020, Definition 3.1]
3.2
personal health information
personal information related to the health status of identified or identifiable natural person
3.3
personal information subject
natural person identified by or connected to personal information, i.e., the subject of personal data
Note: It is revised from GB/T 35273-2020, Definition 3.3.
3.4
personal information controller
organization or individual that has the power to determine the purpose, manner, etc. of the processing of the personal information
[GB/T 35273-2020, Definition 3.4]
3.5
explicit consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information through a written or oral statement, in either electronic or paper form, or making affirmative actions in an initiative manner
[GB/T 35273-2020, Definition 3.6]
3.6
consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information
[GB/T 35273-2020, Definition 3.7]
3.7
cyber trusted identity
CTID
electronic documents used to prove residents' personal identity in cyberspace, which has a one-to-one correspondence with resident identity documents
3.8
cyber identifier
code issued by the CTID online authentication service system to the CTID application system to identify the resident's personal identity
Note 1: In the same CTID application system, there is a one-to-one correspondence between the cyber identifier and the resident's real identity.
Note 2: The same resident has different cyber identifiers in different CTID application systems.
3.9
personal health information code
PHI-code
a sequence of numbers or letters bound to the cyber trusted identity, expressing that the user authorizes others or organizations to temporarily access his/her specific personal health information, for which two-dimensional barcode is usually used as the storage medium
3.10
PHI-code service
service of providing the users who have passed identity authentication with production, distribution and verification of PHI-codes containing specific application authorization information or their corresponding two-dimensional barcodes
3.11
PHI-code application
application software providing or identifying the PHI-codes used
Example: "PHI-code of XX Province” and "PHI-code of XX City".
3.12
personal health information service
service of, under the premise of user authorization, providing personal health information declared by individuals voluntarily or legally owned by related organizations
3.13
PHI-code application system
generic term for software and hardware systems that support the collection, query and use of personal health information, generally consisting of PHI-code service, PHI-code application, and personal health information service
3.14
personal health information list
summary result formed via cleaning and processing to comprehensively reflect the personal health status, which is generally provided to superior department for collection and use
4 Composition of PHI-code
4.1 Structure of PHI-code
PHI-code consists of numbers and/or letters, and its structure is shown in Figure 1.
Figure 1 Structure of PHI-code
PHI-code consists of three segments, i.e., A, B and S, as follows:
a) Segment A is the user identity, which needs to be obtained upon real-person authentication with a real name, and represents the identity of the personal information subject. The CTID data may be used, and the CTID may be used to realize cross-system identity intercommunication and mutual recognition. The first two bytes of the data are 16-bit big-endian unsigned integers, representing the length of Segment A.
b) Segment B is service data, which represents the code type, code making platform identifier, code expiration time, and summary of authorization record of information subject:
1) Part 1 is length and version, of which the first two bytes are 16-bit big-endian unsigned integers, representing the length of Segment B, and the last two bytes represent the version number;
2) Part 2 is the code type declaration consisting of 4 letters or digits, which is also designated as "JKM1" in this standard;
3) Part 3 is the identifier assigned when various PHI-code services are registered in the mutual recognition mechanism, which consists of 6 digits and should use the codes for the administrative divisions specified in GB/T 2260;
4) Part 4 is the expiration time (UTC time) of the PHI-code;
5) Part 5 is the summary of authorization record of information subject. The algorithm meeting the national cryptography administration requirements shall be used during summarization, see the algorithm marked as "1.2.156.10197.1.401" in GB/T 33560-2017.
c) Segment S is the digital signature value for the A+B content. The algorithm meeting the national cryptography administration requirements shall be used when signing, see the algorithm marked as "1.2.156.10197.1.501" in GB/T 33560-2017.
Parts 2 and 3 (code type and platform identifier) of Segment B in the PHI-code are used to prompt the PHI-code processor to accurately identify and route to the PHI-code service that generates the PHI-code, which are the basis of establishing intercommunication and mutual recognition of PHI-codes. The code expiration time may be used to quickly identify expired authorizations.
4.2 Authorization record
Authorization record shall fully express the authorization of personal information subjects to their personal information and processing methods. The main elements include authorization subject information, authorization validity period, authorized subject information, personal information controller information, category or index of personal information authorized to operate, etc., as detailed in Table 1.
Table 1 Elements of personal information authorization record
Element name Short name Constraint Description
Authorization subject SQZT Mandatory It refers to an individual issuing authorization, which shall be the subject with full capacity for civil conduct. Sufficient and necessary relevant information shall be provided, such as name, certificate type and number and nationality
Validity period YXQX Mandatory It includes the time when the authorization is issued and the starting and ending time of the validity period of the authorization
Authorized subject BSQZT Optional It refers to an individual or organization authorized to access or operate personal information, which shall provide sufficient and necessary identification information. For individuals, it is necessary to provide name, certificate type and number, nationality, etc.; for organizations, it is necessary to provide the organization name, certificate type and number, etc.
Personal information controller XXKZZ Optional Various application systems for storing and managing personal information and their classification information. In certain scenarios, there may be default settings
Authorized information category XXLB Optional Determined according to the application goal, such as the category or group of personal information. In certain scenarios, there may be default settings
Authorized information index XXSY Optional Index information needed to query information, such as personal information subject information and information identifier, among which the personal information subject may be the authorization subject by default
Authorized operation authority CZQX Optional Operation that may be performed on the information obtained, such as read-only, retaining query voucher, downloading and dumping, which is read-only by default
For the PHI-code used for traffic, the information authorized to access (its data format shall conform to GB/T 38962-2020) and the authorized object (not specified explicitly, but generally the inspector of each traffic control checkpoint) are clear, so it is only necessary to record the summary information of the authorization subject. The plaintext of authorization status is composed of the name, ID number, ID type, etc. of the personal health information subject, which are spliced in the form of "B1|B2|B3|B4^B5":
a) B1 is the name of the personal health information subject;
b) B2 is the ID number of the personal health information subject;
c) B3 is the ID type code of the personal health information subject, of which the value is shown in Annex A;
d) B4 is the country or region code of the personal health information subject, which shall adopt the "three-letter code" specified in GB/T 2659;
e) B5 is the authorization time of the personal health information subject, which shall be in the format of YYYYMMDDHHMMSS.
4.3 Coding and subsequent processing
After the PHI-code is generated, it may be coded into a two-dimensional barcode image according to the corresponding code system in the PHI-code service or PHI-code application. Digital watermarks may be embedded or traceability identifiers may be added in two-dimensional barcode images to enhance the use safety of two-dimensional barcodes.
Foreword II Introduction III 1 Scope 2 Normative references 3 Terms and definitions 4 Composition of PHI-code 4.1 Structure of PHI-code 4.2 Authorization record 4.3 Coding and subsequent processing 5 Code system and presentation form 5.1 PHI-code terminal application 5.2 PHI-code emergency management 6 PHI-code application system reference model 6.1 System composition 6.2 PHI-code use process 6.3 Mutual recognition of PHI-codes 7 PHI-code application requirements 7.1 General 7.2 Identity authentication requirements 7.3 Application interfacing requirements 7.4 Information protection requirements 7.5 Safety requirements Annex A (Normative) Code sets Annex B (Informative) Pandemic prevention health information service system scheme for national integrated online government service platform Annex C (Informative) PHI-code application scenarios Bibliography
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is one of the series of standards Personal health information code which is composed of:
——GB/T 38961-2020 Personal health information code - Reference model;
——GB/T 38962-2020 Personal health information code - Data format;
——GB/T 38963-2020 Personal health information code - Application interface.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by the E-government Office of the General Office of the State Council.
This standard is under the jurisdiction of SAC/TC 28 National Technical Committee on Information Technology of Standardization Administration of China.
Introduction
In the process of preventing, controlling and eliminating the hazards of public health emergencies [such as novel coronavirus-infected pneumonia (COVID-19)], it is necessary to collect, store and process personal health information to achieve various management purposes, including:
——quickly obtaining relevant information about personal health;
——statistics of information about an epidemic or disease;
——managing the personnel flow between different regions;
——mutual recognition of health information service levels.
In the process of prevention and control of COVID-19 epidemic and resumption of work and production since February 2020, the pandemic prevention health information code provided by the national integrated online government service platform (hereinafter referred to as "integrated platform”) and the "PHI-code" established and used by some provinces (autonomous regions and municipalities), as an important form of personal health information code, have become an effective way to quickly collect, store and process personal health information. In the practical application of personal health information code, there are some problems, such as inconsistent code system composition, inconsistent data format, lack of data sharing and mutual recognition mechanism, which restrict the cross-regional flow of personnel and goods. Therefore, from the perspective of the current practice and long-term application requirements, it is necessary to achieve the consistent standards of personal health information codes. In addition to the emergency handling of public health emergencies, personal health information codes are also applicable in the management process of personal medical treatment, health care or other major public activities.
If the specific matters specified herein are otherwise stipulated by laws and regulations (such as the Cybersecurity Law of the People's Republic of China and the Law of the People's Republic of China on Prevention and Treatment of Infectious Diseases), such provisions shall be complied with.
Personal health information code - Reference model
1 Scope
This standard specifies the composition and structure, code system and presentation form, application system reference model and application requirements of personal health information code.
This standard is applicable to the design, development and system integration of personal health information code related application systems, and may be referred to by other application systems related to authorized release, inquiry and utilization of personal health information.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 2260 Codes for the administrative divisions of the Peoples Republic of China
GB/T 2659 Codes for the representation of names of countries and regions
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 27766-2011 Two-dimensional barcode - Grid matrix code
GB/T 33560-2017 Information security technology - Cryptographic application identifier criterion specification
GB/T 35273-2020 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 38962-2020 Personal health information code - Data format
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
personal information
various information recorded electronically or otherwise that can, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person
Note 1: Personal information includes name, date of birth, ID number, personal biometric identifying information, address, communication and contact information, communication record and content, account and password, property information, credit information, whereabouts, accommodation information, health and physiology information, and transaction information.
Note 2: The information formed by the personal information controller by processing personal information or other information, such as user profiling or features, labels, is regarded as personal information if it can be used to, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person.
[GB/T 35273-2020, Definition 3.1]
3.2
personal health information
personal information related to the health status of identified or identifiable natural person
3.3
personal information subject
natural person identified by or connected to personal information, i.e., the subject of personal data
Note: It is revised from GB/T 35273-2020, Definition 3.3.
3.4
personal information controller
organization or individual that has the power to determine the purpose, manner, etc. of the processing of the personal information
[GB/T 35273-2020, Definition 3.4]
3.5
explicit consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information through a written or oral statement, in either electronic or paper form, or making affirmative actions in an initiative manner
[GB/T 35273-2020, Definition 3.6]
3.6
consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information
[GB/T 35273-2020, Definition 3.7]
3.7
cyber trusted identity
CTID
electronic documents used to prove residents' personal identity in cyberspace, which has a one-to-one correspondence with resident identity documents
3.8
cyber identifier
code issued by the CTID online authentication service system to the CTID application system to identify the resident's personal identity
Note 1: In the same CTID application system, there is a one-to-one correspondence between the cyber identifier and the resident's real identity.
Note 2: The same resident has different cyber identifiers in different CTID application systems.
3.9
personal health information code
PHI-code
a sequence of numbers or letters bound to the cyber trusted identity, expressing that the user authorizes others or organizations to temporarily access his/her specific personal health information, for which two-dimensional barcode is usually used as the storage medium
3.10
PHI-code service
service of providing the users who have passed identity authentication with production, distribution and verification of PHI-codes containing specific application authorization information or their corresponding two-dimensional barcodes
3.11
PHI-code application
application software providing or identifying the PHI-codes used
Example: "PHI-code of XX Province” and "PHI-code of XX City".
3.12
personal health information service
service of, under the premise of user authorization, providing personal health information declared by individuals voluntarily or legally owned by related organizations
3.13
PHI-code application system
generic term for software and hardware systems that support the collection, query and use of personal health information, generally consisting of PHI-code service, PHI-code application, and personal health information service
3.14
personal health information list
summary result formed via cleaning and processing to comprehensively reflect the personal health status, which is generally provided to superior department for collection and use
4 Composition of PHI-code
4.1 Structure of PHI-code
PHI-code consists of numbers and/or letters, and its structure is shown in Figure 1.
Figure 1 Structure of PHI-code
PHI-code consists of three segments, i.e., A, B and S, as follows:
a) Segment A is the user identity, which needs to be obtained upon real-person authentication with a real name, and represents the identity of the personal information subject. The CTID data may be used, and the CTID may be used to realize cross-system identity intercommunication and mutual recognition. The first two bytes of the data are 16-bit big-endian unsigned integers, representing the length of Segment A.
b) Segment B is service data, which represents the code type, code making platform identifier, code expiration time, and summary of authorization record of information subject:
1) Part 1 is length and version, of which the first two bytes are 16-bit big-endian unsigned integers, representing the length of Segment B, and the last two bytes represent the version number;
2) Part 2 is the code type declaration consisting of 4 letters or digits, which is also designated as "JKM1" in this standard;
3) Part 3 is the identifier assigned when various PHI-code services are registered in the mutual recognition mechanism, which consists of 6 digits and should use the codes for the administrative divisions specified in GB/T 2260;
4) Part 4 is the expiration time (UTC time) of the PHI-code;
5) Part 5 is the summary of authorization record of information subject. The algorithm meeting the national cryptography administration requirements shall be used during summarization, see the algorithm marked as "1.2.156.10197.1.401" in GB/T 33560-2017.
c) Segment S is the digital signature value for the A+B content. The algorithm meeting the national cryptography administration requirements shall be used when signing, see the algorithm marked as "1.2.156.10197.1.501" in GB/T 33560-2017.
Parts 2 and 3 (code type and platform identifier) of Segment B in the PHI-code are used to prompt the PHI-code processor to accurately identify and route to the PHI-code service that generates the PHI-code, which are the basis of establishing intercommunication and mutual recognition of PHI-codes. The code expiration time may be used to quickly identify expired authorizations.
4.2 Authorization record
Authorization record shall fully express the authorization of personal information subjects to their personal information and processing methods. The main elements include authorization subject information, authorization validity period, authorized subject information, personal information controller information, category or index of personal information authorized to operate, etc., as detailed in Table 1.
Table 1 Elements of personal information authorization record
Element name Short name Constraint Description
Authorization subject SQZT Mandatory It refers to an individual issuing authorization, which shall be the subject with full capacity for civil conduct. Sufficient and necessary relevant information shall be provided, such as name, certificate type and number and nationality
Validity period YXQX Mandatory It includes the time when the authorization is issued and the starting and ending time of the validity period of the authorization
Authorized subject BSQZT Optional It refers to an individual or organization authorized to access or operate personal information, which shall provide sufficient and necessary identification information. For individuals, it is necessary to provide name, certificate type and number, nationality, etc.; for organizations, it is necessary to provide the organization name, certificate type and number, etc.
Personal information controller XXKZZ Optional Various application systems for storing and managing personal information and their classification information. In certain scenarios, there may be default settings
Authorized information category XXLB Optional Determined according to the application goal, such as the category or group of personal information. In certain scenarios, there may be default settings
Authorized information index XXSY Optional Index information needed to query information, such as personal information subject information and information identifier, among which the personal information subject may be the authorization subject by default
Authorized operation authority CZQX Optional Operation that may be performed on the information obtained, such as read-only, retaining query voucher, downloading and dumping, which is read-only by default
For the PHI-code used for traffic, the information authorized to access (its data format shall conform to GB/T 38962-2020) and the authorized object (not specified explicitly, but generally the inspector of each traffic control checkpoint) are clear, so it is only necessary to record the summary information of the authorization subject. The plaintext of authorization status is composed of the name, ID number, ID type, etc. of the personal health information subject, which are spliced in the form of "B1|B2|B3|B4^B5":
a) B1 is the name of the personal health information subject;
b) B2 is the ID number of the personal health information subject;
c) B3 is the ID type code of the personal health information subject, of which the value is shown in Annex A;
d) B4 is the country or region code of the personal health information subject, which shall adopt the "three-letter code" specified in GB/T 2659;
e) B5 is the authorization time of the personal health information subject, which shall be in the format of YYYYMMDDHHMMSS.
4.3 Coding and subsequent processing
After the PHI-code is generated, it may be coded into a two-dimensional barcode image according to the corresponding code system in the PHI-code service or PHI-code application. Digital watermarks may be embedded or traceability identifiers may be added in two-dimensional barcode images to enhance the use safety of two-dimensional barcodes.
Contents of GB/T 38961-2020
Foreword II
Introduction III
1 Scope
2 Normative references
3 Terms and definitions
4 Composition of PHI-code
4.1 Structure of PHI-code
4.2 Authorization record
4.3 Coding and subsequent processing
5 Code system and presentation form
5.1 PHI-code terminal application
5.2 PHI-code emergency management
6 PHI-code application system reference model
6.1 System composition
6.2 PHI-code use process
6.3 Mutual recognition of PHI-codes
7 PHI-code application requirements
7.1 General
7.2 Identity authentication requirements
7.3 Application interfacing requirements
7.4 Information protection requirements
7.5 Safety requirements
Annex A (Normative) Code sets
Annex B (Informative) Pandemic prevention health information service system scheme for national integrated online government service platform
Annex C (Informative) PHI-code application scenarios
Bibliography
