IT Standards for the Healthcare Industry

version of this report

You must have Adobe Acrobat reader to view, save, or print PDF files.
The reader is available for free

IT Standards
for the Healthcare Industry

by Geoff Keston

Docid: 00011294

Publication Date: 2001

Report Type: STANDARD


After many years of work, the healthcare sector has
established a more orderly and widely recognized set of standards for
exchanging digital information and executing IT-related processes. But
despite progress, there remains work to be done, especially to make
electronic patient records more interoperable across different
providers. Healthcare providers can improve their ability to make good
purchases and define good strategies by staying on top of news and
trends in standards.

Report Contents:

Executive Summary

[return to top of this report]

Today’s healthcare devices make frequent and important use
of IT, such as when hospitals exchange test results over an IP
data network, to cite just one example.

Faulkner Reports
Privacy and Security for Medical Information Systems Implementation
Healthcare Information Management Tutorial
eHealth Exchange Tutorial
Technology Tutorial
FCC Rural Healthcare Program Tutorial
Healthcare IT System Market Leaders
Market Trends

The industry’s shift toward IT occurred at the same time that
major new regulations, such as the Health Information Portability and
Accountability Act (HIPAA), emerged to pressure medical services
providers to meet stringent requirements for handling medical data.

Efforts to make better use of IT and to meet regulations
continue to be made difficult by the need for greater agreement about
standards within the healthcare industry. Such standards are needed to
ensure the effective interoperation of various medical devices and

There are still some areas of healthcare technology for which
there are no defined standards, but the primary obstacle to
implementing a universal set of standards across the entire industry is
not a lack of protocols but a lack of agreement on which of the many
prevailing standards to use for particular applications. Consequently,
many of the current standards projects are focused on selecting from
among the current standards available and promoting their widespread
use. Some of these standards are unique to healthcare, while
others are general purpose protocols that are used in a
variety of industries.

Today, the most significant, well-established IT standards
within healthcare IT include the following:

  • Accredited Standards Committee (ASC) X12
  • ASTM Committee E31
  • IEEE 11073-10404 – Health Informatics
  • HL7 Standards
  • ISO TC 215
  • National Council for Prescription Drug Programs

In cases in which a particular standard is dominant and
well-established – such as DICOM is within
imaging – many healthcare facilities mandate that all
relevant equipment conform to the standard. In cases in which there is
not a single, dominant standard, however, organizations would be wise
to examine their inventories and identify the currently deployed
products with which new devices under consideration will need to be
integrated. Such devices are likely to be able to exchange data with
each other and perform any cooperative functions that will be required,
even if there is not a standard that ensures universal compliance with
the full range of products on the market.

Over the next few years, efforts to further establish electronic medical
records and electronic prescribing will play major
roles in the development of healthcare standards.


[return to top
of this

Historically, IT departments oversaw the computers,
telecommunications systems, and data networks within hospitals, and
clinical engineering departments oversaw the implementation and
maintenance of medical devices. Today, however, these two realms
largely overlap. Many medical devices use technology and protocols that
were originally developed in the computer and data networking
industries. This change has added many helpful features to
medical equipment, but it has also introduced problems such as network
bandwidth bottlenecks and security threats.

The use of IT enables hospitals to perform actions such as transmitting
x-ray images to a picture archiving and communications (PACS) system
the same facility or to an off-site teleradiology service in cases when
radiologist is not available onsite. Such sharing of data requires
data entry policies and terminology – for instance,
one provider
might use numeric codes to enter a patient’s diagnosis into a record
another facility might enter the diagnosis in a text field that allows
form entries. Inconsistencies in how data is entered make searching
difficult and can allow for duplicate data to be misinterpreted as
different, possibly conflicting information.

As the medical industry makes increasing use of computer
technology, the demand to ensure that healthcare information systems
are interoperable, reliable, and secure will continue to grow. To this
end, government agencies, manufacturers, and hospitals are pushing for
the adoption of widespread standards within the industry. Adding
urgency to the push toward standardization are regulatory pressures
from the Health Insurance Portability and Accountability Act (HIPAA),
the Affordable Care Act, the European General Data Protection
Regulation, and other sources. These pressures have forced
healthcare facilities to effectively secure and control the privacy of
data, goals that are more easily achieved when widely accepted
standards are in place.

One of the key drivers of standardization in the US has been the
creation of
a nationwide network for sharing healthcare information. The effort was
spearheaded by the US federal government and was first called the
Health Information Network, but later control of the network was
from the Office of the National Coordinator for Health Information
Technology (which operates under the US Department of Health and Human
Services, or HHS) to a newly formed non-profit, and the network took
name “eHealth Exchange.”

Current View

[return to top
of this

Although some healthcare IT standards have been developed by
organizations focused on the sector, a large number have been created
by cross-sector standards bodies such as the IEEE and ANSI. Below, the
healthcare-related efforts of leading standards bodies are discussed.


Standards from the nonprofit Association for the Advancement
of Medical Instrumentation (AAMI) focus on medical instruments. Most of
these standards do not relate to IT, but some do, including the

  • AAMI TIR45:2012, “Guidance on the use of agile practices in
    the development of medical device software”
  • ANSI/AAMI/IEC 62304:2006, “Medical device software –
    Software life cycle processes”
  • ANSI/AAMI/IEC 80001-1:2010, “Application of risk management
    for IT Networks incorporating medical devices”

AAMI offers classes and hosts conferences, as well as offering the
certifications for individuals:

  • Certified Biomedical Equipment Technician
  • Certified Laboratory Equipment Specialist
  • Certified Radiology Equipment Specialist
  • Certified Healthcare Technology Manager
  • Certified Quality System Manager


The American National Standards Institute (ANSI) is a private
standards organization that is a member and influencer of
the International Organization for Standardization (discussed
below). ANSI supports and accredits a network of standards development
organizations (SDOs) that focus on standards in a particular sector.
The key healthcare-focused SDOs include the following:

  • Health Level Seven (HL7) – HL7
    standards concern the interfaces of medical systems used to store
    healthcare information, describing the physical network features and
    communications protocols to define such communication. Since becoming
    an ANSI standard in 1994, the HL7 messaging standard has become the
    most widely used
    healthcare information exchange standard in the world. Capabilities
    include coverage of additional areas
    such as community medicine, epidemiology, and veterinary medicine; the
    ability to more effectively reuse messages and other elements; support
    for large-scale implementations; and a set of uniform models. It
    comprises a reference information model that provides standard
    definitions of healthcare concepts and a clinical document architecture
    that describes a model for exchanging clinical documents. In 2017, HL7
    released the Health Quality Measures Format, or HQMF, which
    is for “representing a health quality measure as an electronic
    document.”1 In 2019, HL7 introduced the
    fourth version of its IT standards framework FHIR.2
  • Accredited Standards Committee (ASC) X12
    – The ASC X12 is used across several industries for exchanging data.
    The standard is maintained by an ANSI SDO that comprises nine
    industry-focused subcommittees. In respect to healthcare, it is the
    ANSI preferred standard for HIPAA-compliant administrative and
    financial healthcare transactions. Such transactions include monetary
    exchanges and insurance claims submissions.
  • The National Council for Prescription Drug
    Programs (NCPDP)
    – NCPDP develops standards for the
    exchange of data within the pharmacy sector.3 It
    offers standards for a host of areas, including:

    • Telecommunication
    • Production Identification
    • Standard Identifiers
    • Manufacturer and Associated Trading Partner Transaction
    • Government Programs
    • Professional Pharmacy Services
    • ePrescribing & Related Transactions
    • Long Term Post Acute Care
    • Property and Casualty/Workers’ Compensation
    • External Standards Assessment, Harmonization and
      Implementation Guidance
    • Maintenance and Control

ANSI covers America, but there are counterparts in Europe,
including the European Committee for Standardization (CEN), the
European Committee for Electrotechnical Standardization (CENELEC), and
ETSI. The respective roles and policies of
each of these organizations were described in a 2019 document
collectively published by each of the organizations.4

ASTM International

ASTM International is a major producer of voluntary standards
in an assortment of technical industries. The ASTM Committee E31 on
Healthcare Informatics focuses on developing standards in a variety of
areas within the medical field, including patient-specific data.
Specifically, it targets the following technology areas:

  • Controlled Health Vocabularies for Healthcare Informatics
  • Electronic Health Record Content and Structure
  • Security and Privacy
  • Health Information Transcription and Documentation
  • Modeling for Health Informatics
  • Electronic Health Records

Of particular interest is the Specification for Continuity of
Care Record (CCR), which was created by the E31.28 committee. CCR is
similar to the HL7 standard, and HL7 has worked to make the
specifications compatible.

Digital Imaging and Communications in Medicine (DICOM)

The DICOM standard enables medical imaging systems such as
x-ray devices and PACSs to exchange information. Almost all medical
imaging systems now conform to DICOM. The standard is maintained by the
Diagnostic Imaging and Therapy Systems Division of the National
Electrical Manufacturers Association.


IEEE promotes standards and education, particularly in the
field of electrical engineering. In addition to standards for
healthcare IT, it offers them for industries such as aerospace,
consumer electronics, nuclear power, and wireless
communications. Its healthcare standards are included in the
11073-10404 group
for health informatics and medical devices.

Recent IEEE work has included research and development on standards for
the following in healthcare:

  • The safety and interoperability of “smart materials”5
  • The use of wearables6
  • The use of autonomous and intelligent systems7
  • The application of blockchain in healthcare.8
  • The impact of the Internet of Things on medical technology.9

International Organization for Standardization

The International Organization for Standardization
(abbreviated “ISO” after its French name) establishes collaborative
efforts among public and private sector organizations in the form
of technical committees, each of which is numbered. The Health
Informatics Technical Committee, numbered TC215, is dedicated to
standards for data exchange among disparate healthcare systems
and addresses issues such as the interoperability of
telehealth systems, the use of public key infrastructure in healthcare,
and the use of directory services. The number of TC215
standards continues to grow. There were 195 standards as of 2019, up
from 168 in 2017, 136 in 2015, and 113 in 2013.10

The ISO also maintains ISO/TS 25237:2008, Health informatics –
Pseudonymization, a standard that defines how to make pseudonyms for
patients in order to protect their privacy as their healthcare records
are distributed, and ISO 13485, which defines the framework for a
quality management system to be used for managing medical devices.

SNOMED International

The not-for-profit SNOMED International (formerly the
International Health Terminology Standards Development Organisation, or
IHTSDO) maintains the Systematized Nomenclature of Medicine – Clinical
Terms (SNOMED CT), which was first developed by the College of American
Pathologists. The SNOMED CT terminology can be used by electronic
health records to exchange information in a standard
way. SNOMED CT is sometimes used in conjunction with a
terminology system known as Logical Observation Identifiers Names and
Codes, which is maintained by the Regenstrief Institute.

SNOMED International and HL7 maintain an agreement
to further their joint efforts to advance the use of SNOMED CT in
devices that are HL7 compliant.11


[return to top of this report]

In the coming years, efforts to improve the effectiveness of electronic
medical records and electronic prescribing and to increase their use
strongly influence the development and adoption of healthcare
standards. A
significant effort in this regard is the Argonaut Project, a
collaboration between HL7 and several vendors of electronic health
products to encourage the creation and use of HL7 standards.12
(Vendors for the project include broadly focused companies like
Accenture and Apple as well as healthcare software specialists such as
Cerner and Epic.13)

for the foreseeable future, even with efforts such as the Argonaut
the industry’s push for standards to make EHR products more
will still be incomplete and imperfect. As a result, the market for
and services that help to integrate disparate medical systems is
expected to
grow. A 2018 study forecasted that this market would
grow at
a compound rate of 10.2-percent until 2022, when it would reach $3.5

market for wearable medical devices is also a key growth segment. It is diverse, including everything
from familiar fitness trackers to systems in which a live human agent
remotely helps a blind person navigate an environment.15
Standards for wearables are sometimes uncertain because certain devices
fall into a gray area of whether they are truly medical products,
thus putting them under FDA oversight, or simply personal gadgets that
don’t need to be regulated.16 Over time, this
uncertainty may
be resolved, or alternatively, a lack of clarity may stifle the
development and acceptance of standards.

According to the US Office of the National Coordinator for Health
Information Technology, some of the most notable “standards to watch”
include the following:17

  • Direct, which pertains to the security of medical data sent across the Internet,
  • Fast Healthcare Interoperability Resource, for data transmissions,
  • HEART, which gives patients control over policies for the sharing of their medical data.


[return to top
of this

Many of the standards used by medical devices are for common,
ordinary IT technologies. For instance, medical devices that are
designed to exchange data across a network will almost always use IP as
their communications protocol. Consequently, a hospital’s clinical
engineering and IT staffs will need to work together on many projects,
which will require adjustments to workplace culture.

When evaluating new products for purchase, healthcare
facilities should consider standards compliance. In doing so, it is
important to bear in mind that some standards, such as DICOM, are
practically compulsory because manufacturers would not be able to sell
products that did not comply. A large number of standards are
voluntary, however, and are not used widely enough to be de facto
requirements. Therefore, determining which standards are in wide use
(and which are not) and determining how the standards landscape will
change in the coming years are important considerations.

For guidance on which standards are well-recognized,
organizations can refer to two authoritative sources: the Office of the
National Coordinator for Health Information Technology’s annual
publication “Interoperability Standards Advisory”18
and the European Union’s “Official Journal of the European Union.”19
Both publications identify standards that
are widely recognized and commonly used. Also, it is important to
understand that although two products from different manufacturers
might each conform to a similar standard, that does not necessarily
mean they will communicate automatically, or even at all. For instance,
DICOM includes many service classes, each of which specifies a certain
type of data exchange, such as a printing request or the confirmation
of an exam status. A product that supports DICOM does not necessarily
support all these service classes – at least not without the purchase
of additional options – so it is important to ensure that all products
to be used for exchanging imaging information support the service
classes that a particular facility will use.

Many software-based products add standards
compliance via software upgrades. Hospitals should ensure that
they receive these updates by regularly installing the newest available
versions of their medical devices’ software. In particular, before
considering the purchase of new equipment based on compliance needs,
facilities should investigate whether their current devices can be
easily and cost-effectively upgraded to interoperate with other
products and conform to relevant standards.


“HL7 Is Pleased to Announce
the Following New ANSI Approved and Re-affirmed Standards.” HL7.
15, 2017.

“HL7 Publishes FHIR Release
4.” HL7.
January 2, 2019.

Listing." National Council for Prescription Drug Programs.

4 “ANSI, in Partnership with European
Standardization Organizations, Releases Guidance Documents to Clarify
the U.S. and European Standardization Systems.” ANSI.
October 25, 2019.

5 Kathy Pretz. “IEEE Standards and Projects That Ensure Smart
Materials Are Safe and Interoperable.” The Institute.
IEEE Standards Association. May 23, 2018.

6 Kathy Pretz. “Before Wearables Can Be
Used for Health Care Monitoring,
These Issues Must Be Addressed.” The Institute. IEEE Standards Association. May 24, 2018.

Lisa Morgan. “A/IS in
Healthcare: Who Benefits?” Beyond Standards.
IEEE Standards Association. October 26, 2018.

8 “IEEE Industry Standards and Technology Organization Announces Formation of Blockchain in Healthcare Global.” IEEE ITSO.
January 31, 2019.

9 "IoT Enabling Technologies in Healthcare: IoT-Health." IEEE.

10 “Technical Committee: ISO/TC 215
Health informatics.” International Organization for Standardization. Cited December 30, 2019.

11 For information about recent Argonaut
Project work, see:

“HL7 Argonaut Project Takes
Major Step Forward for FHIR.” Argonaut Project and HL7.
February 27,

12 Joseph Conn. “EHR Vendors,
Tech-Savvy Providers Unite Around Internet-Like Interoperability.” Modern
. December 4, 2014.

13 “The Argonaut Project: Accelerating FHI.” HL7.
February 2019.

14 “Healthcare IT Integration Market Is
Determined to Cross US$ 3.50 Billion By 2022.” Market Research Engine. May 17, 2018.

15 "Seven Wearables That Go Beyond Fitness Trackers
and Smart Watches." End Points. Elysium Health. March 31, 2018.

16 Leonard Eisner. “Wearables for
Medical and Wellness Uses: Standards and FDA Guidance Documents.”

May 31,

17 “Health IT Standards to Watch.”

US Office of the National Coordinator for Health Information Technology.
June 4, 2019.

18 Diana Manos. “ONC Releases
Interoperability Standards Advisory Reference 2019.”
Healthcare IT News
January 15, 2019.

19 “Official Journal of
the European Union” (English edition). Publications Office of the European
August 2018.

[return to top
of this

About the Author

[return to top of this report]

Geoff Keston is the author of
more than 250 articles that help organizations find opportunities in
business trends and technology. He also works directly with clients to
develop communications strategies that improve processes and customer
relationships. Mr. Keston has worked as a project manager for a major
technology consulting and services company and is a Microsoft Certified
Systems Engineer and a Certified Novell Administrator.

[return to top of this report]