Skip to content
Please enter a keyword to search

  • DD ISO/TS 25237:2008

    Current The latest, up-to-date edition.

    Health informatics. Pseudonymization

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  31-01-2009

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Symbols (and abbreviated terms)
    5 Requirements for privacy protection of identities in healthcare
      5.1 A conceptual model for pseudonymization of personal data
      5.2 Categories of data subject
      5.3 Classification of data
      5.4 Trusted services
      5.5 Need for re-identification of pseudonymized data
      5.6 Pseudonymization service characteristics
    6 Pseudonymization process (methods and implementation)
      6.1 Design criteria
      6.2 Entities in the model
      6.3 Workflow in the model
      6.4 Preparation of data
      6.5 Processing steps in the workflow
      6.6 Protecting privacy protection through pseudonymization
    7 Re-identification process (methods and implementation)
    8 Specification of interoperability of interfaces (methods and
      implementation)
    9 Policy framework for operation of pseudonymization services
      (methods and implementation)
      9.1 General
      9.2 Privacy policy
      9.3 Trustworthy practices for operations
      9.4 Implementation of trustworthy practices for re-identification
    Annex A (informative) - Healthcare pseudonymization scenarios
    Annex B (informative) - Requirements for privacy risk assessment
            design
    Bibliography

    Abstract - (Show below) - (Hide below)

    Provides principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.

    Scope - (Show below) - (Hide below)

    This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.

    This Technical Specification:

    • defines one basic concept for pseudonymization;

    • gives an overview of different use cases for pseudonymization that can be both reversible and irreversible;

    • defines one basic methodology for pseudonymization services including organizational as well as technical aspects;

    • gives a guide to risk assessment for re-identification;

    • specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service;

    • specifies a policy framework and minimal requirements for controlled re-identification;

    • specifies interfaces for the interoperability of services interfaces.

    General Product Information - (Show below) - (Hide below)

    Committee IST/35
    Document Type Standard
    Publisher British Standards Institution
    Status Current

    Standards Referenced By This Book - (Show below) - (Hide below)

    BS PAS 277(2015) : 2015 HEALTH AND WELLNESS APPS - QUALITY CRITERIA ACROSS THE LIFE CYCLE - CODE OF PRACTICE

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 15408-2:2008 Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional components
    ISO/IEC 8825-1:2015 Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1:
    ANSI X9.52 : 1998 TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION
    ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
    ISO/IEC 2382-8:1998 Information technology Vocabulary Part 8: Security
    ENV 13608-1:2000 HEALTH INFORMATICS - SECURITY FOR HEALTHCARE COMMUNICATION - PART 1: CONCEPTS AND TERMINOLOGY
    ISO 27799:2016 Health informatics Information security management in health using ISO/IEC 27002
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective