Friday, February 24, 2012
Health data protection standards developed by ISO
Hospital IT Europe featured an article on a new standard developed by ISO which focuses on health data protection.
The International Organisation for Standardisation (ISO) has published a new technical specification which will increase protection of personal health information processed, stored and transferred by computer systems for subsequent use by clinicians and others in healthcare organisations.
ISO/TS 14265:2011, Health informatics - Classification of purposes for processing personal health information defines a set of high-level categories of purposes for which such personal health information can be processed.
The abstract from the ISO website describes the standard as:
ISO/TS 14265:2011 defines a set of high-level categories of purposes for which personal health information can be processed. This is in order to provide a framework for classifying the various specific purposes that can be defined and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdictions, countries) as an aid to the consistent management of information in the delivery of health care services and for the communication of electronic health records across organizational and jurisdictional boundaries.
The scope of application of ISO/TS 14265:2011 is limited to Personal Health Information as defined in ISO 27799, information about an identifiable person that relates to the physical or mental health of the individual, or to provision of health services to the individual.