Health informatics. Pseudonymization

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-31-2009

Publisher

British Standards Institution

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols (and abbreviated terms)
5 Requirements for privacy protection of identities in healthcare
  5.1 A conceptual model for pseudonymization of personal data
  5.2 Categories of data subject
  5.3 Classification of data
  5.4 Trusted services
  5.5 Need for re-identification of pseudonymized data
  5.6 Pseudonymization service characteristics
6 Pseudonymization process (methods and implementation)
  6.1 Design criteria
  6.2 Entities in the model
  6.3 Workflow in the model
  6.4 Preparation of data
  6.5 Processing steps in the workflow
  6.6 Protecting privacy protection through pseudonymization
7 Re-identification process (methods and implementation)
8 Specification of interoperability of interfaces (methods and
  implementation)
9 Policy framework for operation of pseudonymization services
  (methods and implementation)
  9.1 General
  9.2 Privacy policy
  9.3 Trustworthy practices for operations
  9.4 Implementation of trustworthy practices for re-identification
Annex A (informative) - Healthcare pseudonymization scenarios
Annex B (informative) - Requirements for privacy risk assessment
        design
Bibliography

Provides principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.

This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.

This Technical Specification:

defines one basic concept for pseudonymization;
gives an overview of different use cases for pseudonymization that can be both reversible and irreversible;
defines one basic methodology for pseudonymization services including organizational as well as technical aspects;
gives a guide to risk assessment for re-identification;
specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service;
specifies a policy framework and minimal requirements for controlled re-identification;
specifies interfaces for the interoperability of services interfaces.

Committee	IST/35
DocumentType	Standard
Pages	68
PublisherName	British Standards Institution
Status	Current

Standards	Relationship
ISO/TS 25237:2008	Identical

BS PAS 277(2015) : 2015

HEALTH AND WELLNESS APPS - QUALITY CRITERIA ACROSS THE LIFE CYCLE - CODE OF PRACTICE

ISO/IEC 15408-2:2008	Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC 8825-1:2015	Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
ANSI X9.52 : 1998	TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION
ISO 7498-2:1989	Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 2382-8:1998	Information technology Vocabulary Part 8: Security
ENV 13608-1:2000	HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
ISO 27799:2016	Health informatics Information security management in health using ISO/IEC 27002

View more information

US$330.61

Excluding Tax where applicable

Product format

I agree to the DRM document license rules apply against the PDF selection made.

Please confirm that you agree to the document license rules for this document.

I agree to the document license rules .

Please confirm that you agree to the document license rules for this document.

Access your standards online with a subscription

Features

Simple online access to standards, technical information and regulations.
Critical updates of standards and customisable alerts and notifications.
Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

Get in touch with us

DD ISO/TS 25237:2008

Health informatics. Pseudonymization

Table of Contents

Abstract

Scope

General Product Information

International Equivalents

Standards Referenced By This Book

Standards Referencing This Book

Category

Subcategory