• Shopping Cart
    There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

EN ISO 25237:2017

Current

Current

The latest, up-to-date edition.

Health informatics - Pseudonymization (ISO 25237:2017)

Published date

25-01-2017

Sorry this product is not available in your region.

European foreword
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Requirements for privacy protection of identities in
  healthcare
6 Protecting privacy through pseudonymization
7 Re-identification process
Annex A (informative) - Healthcare pseudonymization scenarios
Annex B (informative) - Requirements for privacy risk analysis
Annex C (informative) - Pseudonymization process (methods and
        implementation)
Annex D (informative) - Specification of methods and implementation
Annex E (informative) - Policy framework for operation of
        pseudonymization services (methods and implementation)
Annex F (informative) - Genetic information
Bibliography

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.ISO 25237:2017- defines one basic concept for pseudonymization (see Clause 5),- defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6),- specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7),- gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A),- gives a guide to risk assessment for re-identification (see Annex B),- provides an example of a system that uses de-identification (see Annex C),- provides informative requirements to an interoperability to pseudonymization services (see Annex D), and- specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).

Committee
CEN/TC 251
DocumentType
Standard
PublisherName
Comite Europeen de Normalisation
Status
Current

ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC 8825-1:2015 Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
ANSI X9.52 : 1998 TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION
ISO/IEC 27033-1:2015 Information technology Security techniques Network security Part 1: Overview and concepts
ISO 12052:2017 Health informatics — Digital imaging and communication in medicine (DICOM) including workflow and data management
ISO/TS 22220:2011 Health informatics — Identification of subjects of health care
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
ISO/IEC 2382:2015 Information technology — Vocabulary
ENV 13608-1:2000 Health informatics - Security for healthcare communication - Part 1: Concepts and terminology
ISO/TR 21089:2004 Health informatics Trusted end-to-end information flows
ISO/IEC 18014-1:2008 Information technology Security techniques Time-stamping services Part 1: Framework
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002
ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.