• There are no items in your cart

DD ISO/TS 25237:2008

Current

Current

The latest, up-to-date edition.

Health informatics. Pseudonymization

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

31-01-2009

€322.53
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols (and abbreviated terms)
5 Requirements for privacy protection of identities in healthcare
  5.1 A conceptual model for pseudonymization of personal data
  5.2 Categories of data subject
  5.3 Classification of data
  5.4 Trusted services
  5.5 Need for re-identification of pseudonymized data
  5.6 Pseudonymization service characteristics
6 Pseudonymization process (methods and implementation)
  6.1 Design criteria
  6.2 Entities in the model
  6.3 Workflow in the model
  6.4 Preparation of data
  6.5 Processing steps in the workflow
  6.6 Protecting privacy protection through pseudonymization
7 Re-identification process (methods and implementation)
8 Specification of interoperability of interfaces (methods and
  implementation)
9 Policy framework for operation of pseudonymization services
  (methods and implementation)
  9.1 General
  9.2 Privacy policy
  9.3 Trustworthy practices for operations
  9.4 Implementation of trustworthy practices for re-identification
Annex A (informative) - Healthcare pseudonymization scenarios
Annex B (informative) - Requirements for privacy risk assessment
        design
Bibliography

Provides principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.

Committee
IST/35
DocumentType
Standard
Pages
68
PublisherName
British Standards Institution
Status
Current

This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.

This Technical Specification:

  • defines one basic concept for pseudonymization;

  • gives an overview of different use cases for pseudonymization that can be both reversible and irreversible;

  • defines one basic methodology for pseudonymization services including organizational as well as technical aspects;

  • gives a guide to risk assessment for re-identification;

  • specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service;

  • specifies a policy framework and minimal requirements for controlled re-identification;

  • specifies interfaces for the interoperability of services interfaces.

Standards Relationship
ISO/TS 25237:2008 Identical

BS PAS 277(2015) : 2015 HEALTH AND WELLNESS APPS - QUALITY CRITERIA ACROSS THE LIFE CYCLE - CODE OF PRACTICE

ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
ISO/IEC 8825-1:2015 Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
ANSI X9.52 : 1998 TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
ENV 13608-1:2000 Health informatics - Security for healthcare communication - Part 1: Concepts and terminology
ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.