Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
This standard is one of the series of standards Personal health information code which is composed of:
——GB/T 38961-2020 Personal health information code - Reference model;
——GB/T 38962-2020 Personal health information code - Data format;
——GB/T 38963-2020 Personal health information code - Application interface.
This standard is developed in accordance with the rules given in GB/T 1.1-2009.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. The issuing body of this document shall not be held responsible for identifying any or all such patent rights.
This standard was proposed by the E-government Office of the General Office of the State Council.
This standard is under the jurisdiction of SAC/TC 28 National Technical Committee on Information Technology of Standardization Administration of China.
Introduction
In the process of preventing, controlling and eliminating the hazards of public health emergencies [such as novel coronavirus-infected pneumonia (COVID-19)], it is necessary to collect, store and process personal health information to achieve various management purposes, including:
——quickly obtaining relevant information about personal health;
——statistics of information about an epidemic or disease;
——managing the personnel flow between different regions;
——mutual recognition of health information service levels.
In the process of prevention and control of COVID-19 epidemic and resumption of work and production since February 2020, the pandemic prevention health information code provided by the national integrated online government service platform (hereinafter referred to as "integrated platform”) and the "PHI-code" established and used by some provinces (autonomous regions and municipalities), as an important form of personal health information code, have become an effective way to quickly collect, store and process personal health information. In the practical application of personal health information code, there are some problems, such as inconsistent code system composition, inconsistent data format, lack of data sharing and mutual recognition mechanism, which restrict the cross-regional flow of personnel and goods. Therefore, from the perspective of the current practice and long-term application requirements, it is necessary to achieve the consistent standards of personal health information codes. In addition to the emergency handling of public health emergencies, personal health information codes are also applicable in the management process of personal medical treatment, health care or other major public activities.
If the specific matters specified herein are otherwise stipulated by laws and regulations (such as the Cybersecurity Law of the People's Republic of China and the Law of the People's Republic of China on Prevention and Treatment of Infectious Diseases), such provisions shall be complied with.
Personal health information code - Reference model
1 Scope
This standard specifies the composition and structure, code system and presentation form, application system reference model and application requirements of personal health information code.
This standard is applicable to the design, development and system integration of personal health information code related application systems, and may be referred to by other application systems related to authorized release, inquiry and utilization of personal health information.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 2260 Codes for the administrative divisions of the Peoples Republic of China
GB/T 2659 Codes for the representation of names of countries and regions
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 35273-2020 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 38962-2020 Personal health information code - Data format
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
personal information
various information recorded electronically or otherwise that can, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person
Note 1: Personal information includes name, date of birth, ID number, personal biometric identifying information, address, communication and contact information, communication record and content, account and password, property information, credit information, whereabouts, accommodation information, health and physiology information, and transaction information.
Note 2: The information formed by the personal information controller by processing personal information or other information, such as user profiling or features, labels, is regarded as personal information if it can be used to, either alone or in combination with other information, identify a particular natural person or reflect the activity of such a person.
[GB/T 35273-2020, Definition 3.1]
3.2
personal health information
personal information related to the health status of identified or identifiable natural person
3.3
personal information subject
natural person identified by or connected to personal information, i.e., the subject of personal data
Note: It is revised from GB/T 35273-2020, Definition 3.3.
3.4
personal information controller
organization or individual that has the power to determine the purpose, manner, etc. of the processing of the personal information
[GB/T 35273-2020, Definition 3.4]
3.5
explicit consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information through a written or oral statement, in either electronic or paper form, or making affirmative actions in an initiative manner
[GB/T 35273-2020, Definition 3.6]
3.6
consent
behavior, of a personal information subject, of explicit authorization in terms of the specific processing of his or her personal information
[GB/T 35273-2020, Definition 3.7]
3.7
cyber trusted identity
CTID
electronic documents used to prove residents' personal identity in cyberspace, which has a one-to-one correspondence with resident identity documents
3.8
cyber identifier
code issued by the CTID online authentication service system to the CTID application system to identify the resident's personal identity
Note 1: In the same CTID application system, there is a one-to-one correspondence between the cyber identifier and the resident's real identity.
Note 2: The same resident has different cyber identifiers in different CTID application systems.
3.9
personal health information code
PHI-code
a sequence of numbers or letters bound to the cyber trusted identity, expressing that the user authorizes others or organizations to temporarily access his/her specific personal health information, for which two-dimensional barcode is usually used as the storage medium
3.10
PHI-code service
service of providing the users who have passed identity authentication with production, distribution and verification of PHI-codes containing specific application authorization information or their corresponding two-dimensional barcodes
3.11
PHI-code application
application software providing or identifying the PHI-codes used
Example: "PHI-code of XX Province” and "PHI-code of XX City".
3.12
personal health information service
service of, under the premise of user authorization, providing personal health information declared by individuals voluntarily or legally owned by related organizations
3.13
PHI-code application system
generic term for software and hardware systems that support the collection, query and use of personal health information, generally consisting of PHI-code service, PHI-code application, and personal health information service
3.14
personal health information list
summary result formed via cleaning and processing to comprehensively reflect the personal health status, which is generally provided to superior department for collection and use
4 Composition of PHI-code
4.1 Structure of PHI-code
PHI-code consists of numbers and/or letters, and its structure is shown in Figure 1.
Figure 1 Structure of PHI-code
PHI-code consists of three segments, i.e., A, B and S, as follows:
a) Segment A is the user identity, which needs to be obtained upon real-person authentication with a real name, and represents the identity of the personal information subject. The CTID data may be used, and the CTID may be used to realize cross-system identity intercommunication and mutual recognition. The first two bytes of the data are 16-bit big-endian unsigned integers, representing the length of Segment A.
b) Segment B is service data, which represents the code type, code making platform identifier, code expiration time, and summary of authorization record of information subject:
1) Part 1 is length and version, of which the first two bytes are 16-bit big-endian unsigned integers, representing the length of Segment B, and the last two bytes represent the version number;
2) Part 2 is the code type declaration consisting of 4 letters or digits, which is also designated as "JKM1" in this standard;
3) Part 3 is the identifier assigned when various PHI-code services are registered in the mutual recognition mechanism, which consists of 6 digits and should use the codes for the administrative divisions specified in GB/T 2260;
4) Part 4 is the expiration time (UTC time) of the PHI-code;
5) Part 5 is the summary of authorization record of information subject. The algorithm meeting the national cryptography administration requirements shall be used during summarization, see the algorithm marked as "1.2.156.10197.1.401" in GB/T 33560-2017.
c) Segment S is the digital signature value for the A+B content. The algorithm meeting the national cryptography administration requirements shall be used when signing, see the algorithm marked as "1.2.156.10197.1.501" in GB/T 33560-2017.
Parts 2 and 3 (code type and platform identifier) of Segment B in the PHI-code are used to prompt the PHI-code processor to accurately identify and route to the PHI-code service that generates the PHI-code, which are the basis of establishing intercommunication and mutual recognition of PHI-codes. The code expiration time may be used to quickly identify expired authorizations.
4.2 Authorization record
Authorization record shall fully express the authorization of personal information subjects to their personal information and processing methods. The main elements include authorization subject information, authorization validity period, authorized subject information, personal information controller information, category or index of personal information authorized to operate, etc., as detailed in Table 1.
Table 1 Elements of personal information authorization record
Element name Short name Constraint Description
Authorization subject SQZT Mandatory It refers to an individual issuing authorization, which shall be the subject with full capacity for civil conduct. Sufficient and necessary relevant information shall be provided, such as name, certificate type and number and nationality
Validity period YXQX Mandatory It includes the time when the authorization is issued and the starting and ending time of the validity period of the authorization
Authorized subject BSQZT Optional It refers to an individual or organization authorized to access or operate personal information, which shall provide sufficient and necessary identification information. For individuals, it is necessary to provide name, certificate type and number, nationality, etc.; for organizations, it is necessary to provide the organization name, certificate type and number, etc.
Personal information controller XXKZZ Optional Various application systems for storing and managing personal information and their classification information. In certain scenarios, there may be default settings
Authorized information category XXLB Optional Determined according to the application goal, such as the category or group of personal information. In certain scenarios, there may be default settings
Authorized information index XXSY Optional Index information needed to query information, such as personal information subject information and information identifier, among which the personal information subject may be the authorization subject by default
Authorized operation authority CZQX Optional Operation that may be performed on the information obtained, such as read-only, retaining query voucher, downloading and dumping, which is read-only by default
For the PHI-code used for traffic, the information authorized to access (its data format shall conform to GB/T 38962-2020) and the authorized object (not specified explicitly, but generally the inspector of each traffic control checkpoint) are clear, so it is only necessary to record the summary information of the authorization subject. The plaintext of authorization status is composed of the name, ID number, ID type, etc. of the personal health information subject, which are spliced in the form of "B1|B2|B3|B4^B5":
a) B1 is the name of the personal health information subject;
b) B2 is the ID number of the personal health information subject;
c) B3 is the ID type code of the personal health information subject, of which the value is shown in Annex A;
d) B4 is the country or region code of the personal health information subject, which shall adopt the "three-letter code" specified in GB/T 2659;
e) B5 is the authorization time of the personal health information subject, which shall be in the format of YYYYMMDDHHMMSS.
4.3 Coding and subsequent processing
After the PHI-code is generated, it may be coded into a two-dimensional barcode image according to the corresponding code system in the PHI-code service or PHI-code application. Digital watermarks may be embedded or traceability identifiers may be added in two-dimensional barcode images to enhance the use safety of two-dimensional barcodes.
Foreword II Introduction III 1 Scope 2 Normative references 3 Terms and definitions 4 Composition of PHI-code 4.1 Structure of PHI-code 4.2 Authorization record 4.3 Coding and subsequent processing 5 Code system and presentation form 5.1 PHI-code terminal application 5.2 PHI-code emergency management 6 PHI-code application system reference model 6.1 System composition 6.2 PHI-code use process 6.3 Mutual recognition of PHI-codes 7 PHI-code application requirements 7.1 General 7.2 Identity authentication requirements 7.3 Application interfacing requirements 7.4 Information protection requirements 7.5 Safety requirements Annex A (Normative) Code sets Annex B (Informative) Pandemic prevention health information service system scheme for national integrated online government service platform Annex C (Informative) PHI-code application scenarios Bibliography
个人健康信息码 参考模型 1 范围 本标准规定了个人健康信息码的组成结构、码制和展现形式、应用系统参考模型和应用要求。 本标准适用于个人健康信息码相关应用系统的设计、开发和系统集成。其他有关个人健康信息授权发布、查询利用的应用系统可参照执行。 2 规范性引用文件 下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。 GB/T 2260 中华人民共和国行政区划代码 GB/T 2659 世界各国和地区名称代码 GB/T 22239—2019 信息安全技术 网络安全等级保护基本要求 GB/T 27766—2011 二维条码 网格矩阵码 GB/T 33560—2017 信息安全技术 密码应用标识规范 GB/T 35273—2020 信息安全技术 个人信息安全规范 GB/T 35274—2017 信息安全技术 大数据服务安全能力要求 GB/T 38962—2020 个人健康信息码 数据格式 3 术语和定义 下列术语和定义适用于本文件。 3.1 个人信息 personal information 以电子或者其他方式记录的能够单独或者与其他信息结合识别特定自然人身份或者反映特定自然人活动情况的各种信息。 注1:个人信息包括姓名、出生日期、身份证件号码、个人生物识别信息、住址、通信通讯联系方式、通信记录和内容、账号密码、财产信息、征信信息、行踪轨迹、住宿信息、健康生理信息、交易信息等。 注2:个人信息控制者通过个人信息或其他信息加工处理后形成的信息,例如,用户画像或特征标签,能够单独或者与其他信息结合识别特定自然人身份或者反映特定自然人活动情况的,属于个人信息。 [GB/T 35273—2020,定义3.1] 3.2 个人健康信息 personal health information 涉及已标识或可标识自然人健康情况的个人信息。 3.3 个人信息主体 personal information subject 个人信息所标识或者关联的自然人,即个人数据的主体。 注:改写GB/T 35273—2020,定义3.3。 3.4 个人信息控制者 personal information controller 有能力决定个人信息处理目的、方式等的组织或个人。 [GB/T 35273—2020,定义3.4] 3.5 明示同意 explicit consent 个人信息主体通过书面、口头等方式主动作出纸质或电子形式的声明,或者自主作出肯定性动作,对其个人信息进行特定处理作出明确授权的行为。 [GB/T 35273—2020,定义3.6] 3.6 授权同意 consent 个人信息主体对其个人信息进行特定处理作出明确授权的行为。 [GB/T 35273—2020,定义3.7] 3.7 居民身份网络可信凭证 cyber trusted identity;CTID 网证 用于在网络空间中证明居民个人身份的电子文件,与居民身份证件具有一一对应关系。 3.8 居民身份网络标识 cyber identifier 由居民身份网络认证服务系统派发给网证应用系统,用于标识居民个人身份的代码。 注1:同一网证应用系统中,居民身份网络标识与居民真实身份一一对应。 注2:同一居民在不同网证应用系统的居民身份网络标识不同。 3.9 个人健康信息码 personal health information code;PHI-code 健康码 与居民身份网络可信凭证绑定,表达用户授权他人或组织临时访问特定个人健康信息的一串数字或字母的序列。通常使用二维条码作为其存贮媒体。 3.10 健康码服务 PHI-code service 对通过身份验证的用户提供生产、分发和验证包含特定应用授权信息的健康码或其对应的二维条码的服务。 3.11 健康码应用 PHI-code application 提供或识别使用健康码的应用软件。 示例:“××省健康码”“××市健康码”。 3.12 个人健康信息服务 personal health information service 在用户授权的前提下,提供个人自愿申报或相关组织合法拥有的个人健康信息的服务。 3.13 健康码应用系统 PHI-code-application system 支持个人健康信息的采集、查询和使用的软硬件系统的统称,一般由健康码服务、健康码应用和个人健康信息服务组成。 3.14 个人健康信息目录 personal health information list 经过清洗、加工后形成的综合反映个人健康状态的概要结果,一般提供给上级部门汇集和使用。 4 健康码的组成 4.1 健康码的结构 健康码由数字和/或字母组成,其结构见图1。