EN ISO 25237:2017
(Main)Health informatics - Pseudonymization (ISO 25237:2017)
Health informatics - Pseudonymization (ISO 25237:2017)
ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.
ISO 25237:2017
- defines one basic concept for pseudonymization (see Clause 5),
- defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6),
- specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7),
- gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A),
- gives a guide to risk assessment for re-identification (see Annex B),
- provides an example of a system that uses de-identification (see Annex C),
- provides informative requirements to an interoperability to pseudonymization services (see Annex D), and
- specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).
Medizinische Informatik - Pseudonymisierung (ISO 25237:2017)
Informatique de santé - Pseudonymisation (ISO 25237:2017)
ISO 25237:2017 établit un certain nombre de principes et d'exigences visant à garantir la protection de la vie privée, grâce à des services de pseudonymisation ayant pour objet de protéger les informations de santé à caractère personnel. Le présent document est applicable aux organismes qui souhaitent s'engager dans des processus de pseudonymisation pour eux-mêmes et aux organismes qui se déclarent dignes de confiance pour engager des opérations dans des services de pseudonymisation.
ISO 25237:2017:
- définit un concept de base pour la pseudonymisation (voir Article 5);
- définit une méthodologie de base pour les services de pseudonymisation, y compris au niveau des aspects organisationnels et techniques (voir Article 6);
- spécifie un cadre politique et des exigences minimales pour la ré-identification contrôlée (voir Article 7);
- donne une vue d'ensemble des différents cas d'utilisation où l'opération de pseudonymisation peut être réversible ou irréversible (voir Annexe A);
- fournit un guide pour l'évaluation des risques en cas de ré-identification (voir Annexe B);
- donne un exemple de système qui utilise la désidentification (voir Annexe C);
- fournit des exigences informatives pour l'interopérabilité des services de pseudonymisation (voir Annexe D); et
- spécifie un cadre politique et des exigences minimales favorisant des pratiques fiables pour un service de pseudonymisation (voir Annexe E).
Zdravstvena informatika - Psevdonimizacija (ISO 25237:2017)
Ta tehnična specifikacija vsebuje načela in zahteve za varstvo zasebnosti na podlagi storitev psevdonimizacije za varstvo osebnih zdravstvenih podatkov. Ta tehnična specifikacija se uporablja za organizacije, ki zagotavljajo zaupljivost pri postopkih v okviru storitev psevdonimizacije.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-maj-2017
Zdravstvena informatika - Psevdonimizacija (ISO 25237:2017)
Health informatics - Pseudonymisation (ISO 25237:2017)
Medizinische Informatik - Pseudonymisierung (ISO 25237:2017)
Informatique de santé - Pseudonymization (ISO 25237:2017)
Ta slovenski standard je istoveten z: EN ISO 25237:2017
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN ISO 25237
NORME EUROPÉENNE
EUROPÄISCHE NORM
January 2017
ICS 35.240.80
English Version
Health informatics - Pseudonymization (ISO 25237:2017)
Informatique de santé - Pseudonymisation (ISO Medizinische Informatik - Pseudonymisierung (ISO
25237:2017) 25237:2017)
This European Standard was approved by CEN on 14 December 2016.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 25237:2017 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
European foreword
This document (EN ISO 25237:2017) has been prepared by Technical Committee ISO/TC 215 “Health
informatics” in collaboration with Technical Committee CEN/TC 251 “Health informatics” the
secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by July 2017, and conflicting national standards shall be
withdrawn at the latest by July 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO 25237:2017 has been approved by CEN as EN ISO 25237:2017 without any modification.
Type de document : Norme européenne
Sous-type de document :
Stade du document : Publication / Adoption
Langue du document : E
Y:\STD_MGT\STDDEL\PRODUCTION\Standards\00251\316\64_e_stf.doc STD Version 2.5a
INTERNATIONAL ISO
STANDARD 25237
First edition
2017-01
Health informatics —
Pseudonymization
Informatique de santé — Pseudonymisation
Reference number
ISO 25237:2017(E)
©
ISO 2017
ISO 25237:2017(E)
© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO 2017 – All rights reserved
ISO 25237:2017(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Abbreviated terms . 6
5 Requirements for privacy protection of identities in healthcare . 7
5.1 Objectives of privacy protection . 7
5.2 General . 7
5.3 De-identification as a process to reduce risk . 8
5.3.1 General. 8
5.3.2 Pseudonymization . 8
5.3.3 Anonymization . 9
5.3.4 Direct and indirect identifiers . 9
5.4 Privacy protection of entities . 9
5.4.1 Personal data versus de-identified data . 9
5.4.2 Concept of pseudonymization .11
5.5 Real world pseudonymization .13
5.5.1 Rationale .13
5.5.2 Levels of assurance of privacy protection .14
5.6 Categories of data subject .16
5.6.1 General.16
5.6.2 Subject of care .16
5.6.3 Health professionals and organizations .16
5.6.4 Device data .16
5.7 Classification data .17
5.7.1 Payload data .17
5.7.2 Observational data .17
5.7.3 Pseudonymized data .17
5.7.4 Anonymized data .17
5.8 Research data .17
5.8.1 General.17
5.8.2 Generation of research data .18
5.8.3 Secondary use of personal health information .18
5.9 Identifying data .18
5.9.1 General.18
5.9.2 Healthcare identifiers .18
5.10 Data of victims of violence and publicly known persons .19
5.10.1 General.19
5.10.2 Genetic information .19
5.10.3 Trusted service .19
5.10.4 Need for re-identification of pseudonymized data .19
5.10.5 Pseudonymization service characteristics .20
6 Protecting privacy through pseudonymization .20
6.1 Conceptual model of the problem areas .20
6.2 Direct and indirect identifiability of personal information .21
6.2.1 General.21
6.2.2 Person identifying variables .21
6.2.3 Aggregation variables .21
6.2.4 Outlier variables .22
6.2.5 Structured data variables .22
6.2.6 Non-struc
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.