Technical Specification

Track updates

ATS ISO 25237-2011

[Current]

Pseudonymization

Adopts ISO TS 25237:2008 to provide principles and requirements for privacy protection using pseudonymization services for the protection of personal health information.

Published: 25/05/2011

Pages: 58

Table of contents

Cited references

Content history

Table of contents

Header

About this publication

Preface

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Symbols (and abbreviated terms)

5 Requirements for privacy protection of identities in healthcare

5.1 A conceptual model for pseudonymization of personal data

5.1.1 General

5.1.2 Objectives of privacy protection

5.1.3 Privacy protection of entities

5.1.4 Personal data versus de-identified data

5.1.4.1 Definition of personal data

5.1.4.2 The idealized concept of identification and de-identification

5.1.4.3 The concept of pseudonymization

5.1.5 Real world pseudonymization

5.1.5.1 Rationale

5.1.5.2 Levels of assurance of privacy protection

5.2 Categories of data subject

5.2.1 General

5.2.2 Patient/healthcare consumer

5.2.3 Health professionals and organizations

5.2.4 Device data

5.3 Classification of data

5.3.1 Payload data

5.3.2 Observational data

5.3.3 Pseudonymized data

5.3.4 Anonymized data

5.3.5 Research data

5.3.5.1 General

5.3.5.2 Generation of research data

5.3.5.3 Secondary use of personal health information

5.3.6 Healthcare identifiers

5.3.7 Data of VoV and publicly known persons

5.3.8 Genetic information

5.4 Trusted services

5.5 Need for re-identification of pseudonymized data

5.6 Pseudonymization service characteristics

6 Pseudonymization process (methods and implementation)

6.1 Design criteria

6.2 Entities in the model

6.3 Workflow in the model

6.4 Preparation of data

6.5 Processing steps in the workflow

6.6 Protecting privacy protection through pseudonymization

6.6.1 Conceptual model of the problem areas

6.6.2 Direct and indirect identifiability of personal information

6.6.2.1 General

6.6.2.2 Person identifying variables

6.6.2.3 Aggregation variables

6.6.2.4 Outlier variables

6.6.2.5 Structured data variables

6.6.2.6 Non-structured data variables

6.6.2.7 Inference risk assessment

6.6.2.8 Privacy and security

7 Re-identification process (methods and implementation)

8 Specification of interoperability of interfaces (methods and implementation)

9 Policy framework for operation of pseudonymization services (methods and implementation)

9.1 General

9.2 Privacy policy

9.3 Trustworthy practices for operations

9.4 Implementation of trustworthy practices for re-identification

Annex A

A.1 Introduction

A.2 Scenario explanation

A.3 Healthcare scenarios

A.3.1 Clinical pathology order (pseudonymous care)

A.3.2 Clinical trial

A.3.2.1 General

A.3.2.2 Where pseudonymization is used

A.3.2.3 Pseudonymization requirements

A.3.3 Clinical research

A.3.4 Public health monitoring

A.3.5 Patient safety reporting (adverse drug event)

A.3.6 Non-healthcare research using personal medical data

A.3.7 Market research

A.3.8 Classroom teaching files

A.3.8.1 General

A.3.8.2 Where pseudonymization is used

A.3.8.3 Pseudonymization requirements

A.3.9 Field service

Annex B

B.1 Introduction

B.2 Threat model, goals and means of the attacker

B.3 Re-identification, full or partial?

B.4 Re-identification example

B.5 Obtaining new information

B.6 Database membership

Bibliography

Appendix ZA

Cited references in this standard

Content history

ISO/TS 25237:2008

[Superseded]

One-time Purchase

Access via web browser on any device

One-time purchase

Single publication

Offline access via PDF^

$230.65 AUD

Inclusive of GST

Format *

Web Reader

Licenses *

1 user

Total$230.65 AUD

Add to Cart

IMPORTANT