title.jpg

10Mar09
Home
Our Services
ISO 50001
OHSAS 18001
ISO 9001
ISO 14001
Contact Us
ISO Related News

pr_1209_x180.jpg

"Pseudonymization" – new ISO specification supports privacy protection in health informatics

 new ISO technical specification will help to reconcile the increasing use in healthcare of electronic processing of patient data with increasing patient expectations for privacy protection.

In the healthcare sector, concerns about protecting private data are an overriding consideration and such concerns are intensifying with the continuing progress in the use of information and communication technology (ICT) tools and solutions to improve health services.

ISO/TS 25237:2008, Health informatics – Pseudonymization, contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information in databases.

Pseudonymization (from pseudonym) allows for the removal of an association with a data subject. It differs from anonymization (anonymous) in that it allows for data to be linked to the same person across multiple data records or information systems without revealing the identity of the person. The technique is recognized as an important method for privacy protection of personal health information. It can be performed with or without the possibility of re-identifying the subject of the data (reversible or irreversible pseudonymization).

ISO/TS 25237:2008 is applicable to organizations that make a claim of trustworthiness for operations engaged in pseudonymization services, which may be national or trans-border. It will serve as a general guide for implementers, as well as for quality assurance purposes, assisting users to determine their trust in the services provided. Application areas include, but are not limited to:

  • Research, or other secondary use of clinical data
  • Clinical trials and post-marketing surveillance
  • Public health monitoring and assessment
  • Confidential patient-safety reporting (e.g. adverse drug effects)
  • Comparative quality indicator reporting
  • Peer review
  • Consumer groups.

ISO/TS 25237:2008 was developed by ISO technical committee ISO/TC 215, Health informatics. It provides a conceptual model of the problem areas, requirements for trustworthy practices, and specifications to support the planning and implementation of pseudonymization services. More precisely, it:

  • Defines a basic concept for pseudonymization
  • Gives an overview of different use cases for pseudonymization that can be both reversible and irreversible
  • Defines a basic methodology for pseudonymization services including organizational as well as technical aspects
  • Gives a guide to risk assessment for re-identification
  • Specifies a policy framework and minimal requirements for trustworthy practice for the operations of a pseudonymization service
  • Specifies a policy framework and minimal requirements for controlled re-identification
  • Specifies interfaces for the interoperability of services interfaces.

                   Martech ISO Consultancy 
                        (Subsidiary of Martech Trading & Services)
                        190 Middle Road #19-05 Fortune Centre 
                      Singapore 188979