DD ISO/TS 25237:2008
Current
The latest, up-to-date edition.
Health informatics. Pseudonymization
Hardcopy , PDF
English
01-31-2009
Important note : All end users must be registered with an Account prior to user licenses being assigned.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols (and abbreviated terms)
5 Requirements for privacy protection of identities in healthcare
5.1 A conceptual model for pseudonymization of personal data
5.2 Categories of data subject
5.3 Classification of data
5.4 Trusted services
5.5 Need for re-identification of pseudonymized data
5.6 Pseudonymization service characteristics
6 Pseudonymization process (methods and implementation)
6.1 Design criteria
6.2 Entities in the model
6.3 Workflow in the model
6.4 Preparation of data
6.5 Processing steps in the workflow
6.6 Protecting privacy protection through pseudonymization
7 Re-identification process (methods and implementation)
8 Specification of interoperability of interfaces (methods and
implementation)
9 Policy framework for operation of pseudonymization services
(methods and implementation)
9.1 General
9.2 Privacy policy
9.3 Trustworthy practices for operations
9.4 Implementation of trustworthy practices for re-identification
Annex A (informative) - Healthcare pseudonymization scenarios
Annex B (informative) - Requirements for privacy risk assessment
design
Bibliography
Provides principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.
| Committee |
IST/35
|
| DocumentType |
Standard
|
| Pages |
68
|
| PublisherName |
British Standards Institution
|
| Status |
Current
|
This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.
This Technical Specification:
-
defines one basic concept for pseudonymization;
-
gives an overview of different use cases for pseudonymization that can be both reversible and irreversible;
-
defines one basic methodology for pseudonymization services including organizational as well as technical aspects;
-
gives a guide to risk assessment for re-identification;
-
specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service;
-
specifies a policy framework and minimal requirements for controlled re-identification;
-
specifies interfaces for the interoperability of services interfaces.
| Standards | Relationship |
| ISO/TS 25237:2008 | Identical |
| BS PAS 277(2015) : 2015 | HEALTH AND WELLNESS APPS - QUALITY CRITERIA ACROSS THE LIFE CYCLE - CODE OF PRACTICE |
| ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
| ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
| ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
| ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
| ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
| ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
| ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.