EN ISO 25237:2017
Current
The latest, up-to-date edition.
Health informatics - Pseudonymization (ISO 25237:2017)
01-25-2017
European foreword
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 Requirements for privacy protection of identities in
healthcare
6 Protecting privacy through pseudonymization
7 Re-identification process
Annex A (informative) - Healthcare pseudonymization scenarios
Annex B (informative) - Requirements for privacy risk analysis
Annex C (informative) - Pseudonymization process (methods and
implementation)
Annex D (informative) - Specification of methods and implementation
Annex E (informative) - Policy framework for operation of
pseudonymization services (methods and implementation)
Annex F (informative) - Genetic information
Bibliography
ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.ISO 25237:2017- defines one basic concept for pseudonymization (see Clause 5),- defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6),- specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7),- gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A),- gives a guide to risk assessment for re-identification (see Annex B),- provides an example of a system that uses de-identification (see Annex C),- provides informative requirements to an interoperability to pseudonymization services (see Annex D), and- specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).
Committee |
CEN/TC 251
|
DocumentType |
Standard
|
PublisherName |
Comite Europeen de Normalisation
|
Status |
Current
|
Standards | Relationship |
UNI EN ISO 25237 : 2017 | Identical |
NF EN ISO 25237 : 2017 | Identical |
NS EN ISO 25237 : 2017 | Identical |
BS EN ISO 25237:2017 | Identical |
NEN EN ISO 25237 : 2017 | Identical |
SN EN ISO 25237:2017 | Identical |
PN EN ISO 25237 : 2017 | Identical |
I.S. EN ISO 25237:2017 | Identical |
ISO 25237:2017 | Identical |
DIN EN ISO 25237:2017-05 | Identical |
DIN EN ISO 25237:2015-10 (Draft) | Identical |
UNE-EN ISO 25237:2017 | Identical |
PNE-prEN ISO 25237 | Identical |
ISO/IEC 15408-2:2008 | Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components |
ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
ISO/IEC 27033-1:2015 | Information technology Security techniques Network security Part 1: Overview and concepts |
ISO 12052:2017 | Health informatics — Digital imaging and communication in medicine (DICOM) including workflow and data management |
ISO/TS 22220:2011 | Health informatics — Identification of subjects of health care |
ISO 7498-2:1989 | Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture |
ISO/IEC 2382-8:1998 | Information technology Vocabulary Part 8: Security |
ISO/IEC 2382:2015 | Information technology — Vocabulary |
ENV 13608-1:2000 | Health informatics - Security for healthcare communication - Part 1: Concepts and terminology |
ISO/TR 21089:2004 | Health informatics Trusted end-to-end information flows |
ISO/IEC 18014-1:2008 | Information technology Security techniques Time-stamping services Part 1: Framework |
ISO 27799:2016 | Health informatics Information security management in health using ISO/IEC 27002 |
ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.