Technical Specification
Track updates
iconCreated with Sketch.

ATS ISO 25237-2011

[Current]

Pseudonymization

Adopts ISO TS 25237:2008 to provide principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.
Published: 25/05/2011
Pages: 58
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols (and abbreviated terms)
5 Requirements for privacy protection of identities in healthcare
5.1 A conceptual model for pseudonymization of personal data
5.1.1 General
5.1.2 Objectives of privacy protection
5.1.3 Privacy protection of entities
5.1.4 Personal data versus de-identified data
5.1.4.1 Definition of personal data
5.1.4.2 The idealized concept of identification and de-identification
5.1.4.3 The concept of pseudonymization
5.1.5 Real world pseudonymization
5.1.5.1 Rationale
5.1.5.2 Levels of assurance of privacy protection
5.2 Categories of data subject
5.2.1 General
5.2.2 Patient/healthcare consumer
5.2.3 Health professionals and organizations
5.2.4 Device data
5.3 Classification of data
5.3.1 Payload data
5.3.2 Observational data
5.3.3 Pseudonymized data
5.3.4 Anonymized data
5.3.5 Research data
5.3.5.1 General
5.3.5.2 Generation of research data
5.3.5.3 Secondary use of personal health information
5.3.6 Healthcare identifiers
5.3.7 Data of VoV and publicly known persons
5.3.8 Genetic information
5.4 Trusted services
5.5 Need for re-identification of pseudonymized data
5.6 Pseudonymization service characteristics
6 Pseudonymization process (methods and implementation)
6.1 Design criteria
6.2 Entities in the model
6.3 Workflow in the model
6.4 Preparation of data
6.5 Processing steps in the workflow
6.6 Protecting privacy protection through pseudonymization
6.6.1 Conceptual model of the problem areas
6.6.2 Direct and indirect identifiability of personal information
6.6.2.1 General
6.6.2.2 Person identifying variables
6.6.2.3 Aggregation variables
6.6.2.4 Outlier variables
6.6.2.5 Structured data variables
6.6.2.6 Non-structured data variables
6.6.2.7 Inference risk assessment
6.6.2.8 Privacy and security
7 Re-identification process (methods and implementation)
8 Specification of interoperability of interfaces (methods and implementation)
9 Policy framework for operation of pseudonymization services (methods and implementation)
9.1 General
9.2 Privacy policy
9.3 Trustworthy practices for operations
9.4 Implementation of trustworthy practices for re-identification
Annex A
A.1 Introduction
A.2 Scenario explanation
A.3 Healthcare scenarios
A.3.1 Clinical pathology order (pseudonymous care)
A.3.2 Clinical trial
A.3.2.1 General
A.3.2.2 Where pseudonymization is used
A.3.2.3 Pseudonymization requirements
A.3.3 Clinical research
A.3.4 Public health monitoring
A.3.5 Patient safety reporting (adverse drug event)
A.3.6 Non-healthcare research using personal medical data
A.3.7 Market research
A.3.8 Classroom teaching files
A.3.8.1 General
A.3.8.2 Where pseudonymization is used
A.3.8.3 Pseudonymization requirements
A.3.9 Field service
Annex B
B.1 Introduction
B.2 Threat model, goals and means of the attacker
B.3 Re-identification, full or partial?
B.4 Re-identification example
B.5 Obtaining new information
B.6 Database membership
Bibliography
Appendix ZA
Cited references in this standard
Content history
[Superseded]

One-time Purchase

Access via web browser on any device
One-time purchase
Single publication
Offline access via PDF^

$230.65 AUD

Inclusive of GST
Format *
iconCreated with Sketch.
Web Reader
Licenses *
iconCreated with Sketch.
1 user
Total$230.65 AUD
Add to Cart
IMPORTANT