New ISO spec supports privacy protection in health informatics
A new ISO technical specification will help to reconcile the increasing use in healthcare of electronic processing of patient data with increasing patient expectations for privacy protection.
ISO/TS 25237:2008, Health informatics – Pseudonymisation, contains principles and requirements for privacy protection using pseudonymisation services for the protection of personal health information in databases.
Pseudonymisation (from pseudonym) allows for the removal of an association with a data subject. It differs from anonymisation (anonymous) in that it allows for data to be linked to the same person across multiple data records or information systems without revealing the identity of the person.
The technique is recognised as an important method for privacy protection of personal health information. It can be performed with or without the possibility of re-identifying the subject of the data (reversible or irreversible pseudonymisation).
ISO/TS 25237:2008 is applicable to organisations that make a claim of trustworthiness for operations engaged in pseudonymisation services, which may be national or trans-border.
It will serve as a general guide for implementers, as well as for quality assurance purposes, assisting users to determine their trust in the services provided. Application areas include, but are not limited to:
- Research, or other secondary use of clinical data
- Clinical trials and post-marketing surveillance
- Public health monitoring and assessment
- Confidential patient-safety reporting (e.g. adverse drug effects)
- Comparative quality indicator reporting
- Peer review
- Consumer groups.
ISO/TS 25237:2008 was developed by ISO technical committee ISO/TC 215, Health informatics. It provides a conceptual model of the problem areas, requirements for trustworthy practices, and specifications to support the planning and implementation of pseudonymisation services. More precisely, it:
- Defines a basic concept for pseudonymisation
- Gives an overview of different use cases for pseudonymisation that can be both reversible and irreversible
- Defines a basic methodology for pseudonymisation services including organisational as well as technical aspects
- Gives a guide to risk assessment for re-identification
- Specifies a policy framework and minimal requirements for trustworthy practice for the operations of a pseudonymisation service
- Specifies a policy framework and minimal requirements for controlled re-identification
- Specifies interfaces for the interoperability of services interfaces.
ISO/TC 25237:2008, Health informatics – Pseudonymisation, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, price 158 Swiss francs, through the ISO store, or by contacting the Marketing & Communication department.