NA 176

DIN Standards Committee Health Technologies

Project

Health informatics - Pseudonymization

Abstract

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. ISO 25237:2017 - defines one basic concept for pseudonymization (see Clause 5), - defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6), - specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7), - gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A), - gives a guide to risk assessment for re-identification (see Annex B), - provides an example of a system that uses de-identification (see Annex C), - provides informative requirements to an interoperability to pseudonymization services (see Annex D), and - specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).

Begin

2023-08-23

WI

00251399

Planned document number

DIN EN ISO 25237 rev

Project number

17600033

Responsible national committee

NA 176-02-04 AA - Security  

Responsible european committee

CEN/TC 251 - Health informatics  

Responsible international committee

ISO/TC 215/WG 4 - Security, Safety and Privacy  

previous edition(s)

Health informatics - Pseudonymization (ISO 25237:2017); German version EN ISO 25237:2017
2017-05

Order from DIN Media

Contact

M. Sc.

Ulrike Schröder

Am DIN-Platz, Burggrafenstr. 6
10787 Berlin

Tel.: +49 30 2601-2919
Fax: +49 30 2601-42919

Send message to contact