Become a Member

Health Information Technology Standards

Privacy and Security Standards

Organizations that Develop Privacy & Security Standards | Tutorials

Privacy and Security Standards are aimed to ensure information security and confidentiality. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. Security refers to physical, technological, or administrative safeguards or tools used to protect identifiable health information from unwarranted access or disclosure. Security is the set of actions an organization takes to protect that information. Confidentiality has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" and is one of the cornerstones of information security. Confidentiality is one of the design goals for many cryptosystems, made possible in practice by the techniques of modern cryptography.

In 1996, the Department of Health and Human Services enacted the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Provisions to reduce the cost and administrative burdens of health care by allowing standardized, electronic transmission of administrative and financial transactions. HIPAA also introduced the first comprehensive federal privacy and security rules and guidelines to support and enable data and transaction standardization and exchange.

Privacy & Security Standards
Examples of Standards Development Organizations Domains
ASTM Security, Confidentiality
HITSP Patient Consent, Anonymization/Pseudonymization
IHE Patient Consent, Anonymization/Pseudonymization
ISO Privileged Access, Pseudonymization, Audit Trail

ASTM Committee E31 American Standards for Testing and Materials Committee E31 on Health Informatics

ASTM International is one of the largest voluntary standards development organizations in the world- for technical standards for materials, products, systems, and services.

ASTM Committee E31 on Healthcare Informatics develops standards related to the architecture, content, storage, security, confidentiality, functionality, and communication of information used within healthcare and healthcare decision making, including patient-specific information and knowledge. The Committee, with a current membership of approximately 300 members, has 3 technical subcommittees that have over 30 approved standards and additional draft standards

ISO - International Organization for Standardization

ISO is a network of national standards institutes from 140 countries working in partnership with international organizations, governments, industry, business, and consumer representatives.

ISO 215 Technical Committee on Health Informatics (ISO/TC 215) works on the standardization of health information and communications technology to allow for compatibility and interoperability between independent systems through the following Working Groups: WG 1: Data Structure, WG 2: Messaging and Communications, WG 3: Health Concept Representation, WG 4: Security, WG 5: Health Cards, WG 6: Pharmacy and Medication, WG 7: Devices, and WG 8: Business Requirements for Electronic Health Records. The ISO/TC 215 developed standards for Privilege management and access control, Pseudonymization and Audit trails for electronic health records.

The ISO/TC 215 developed messaging standards for information exchange between healthcare systems.

ISO/TC 215 Standards List

IHE - Integrating the Healthcare Enterprise

IHE is a multi-year initiative under the leadership of Healthcare Information Management & Systems Society (HIMSS) and the Radiological Society of North America (RSNA). IHE began in November 1998 as a collaborative effort to improve the way computer systems in healthcare share critical information. IHE includes medical and public health experts, administrators, standards organizations, IT professionals, and vendors. IHE Technical Committees develop integration profiles to assure that health information seamlessly is passing from application to application, system to system, and setting to setting across the entire healthcare enterprise. IHE Information Infrastructure Technical Committee develops privacy and security integration profiles, such as Patient electronic consent, Anonymization / Pseudonymization, etc.

PHDSC was invited by IHE to start a Public Health Domain at IHE. PHDSC and IHE are collaborating to enable interoperability across clinical and public health enterprises. This includes the development of interoperability standards for immunization information systems, cancer registries, chronic disease registries (diabetes) and maternal and child health (newborn screening). This also includes work on information infrastructure issues such as service-oriented architecture (SOA) for public health. PHDSC member organizations, American Immunization Registry Association (AIRA), North-American Association of Central Cancer Registries (NAACCR), Software Partners and OZ Systems, have been working on various public health projects at IHE.

HITSP Health Information Technology Standards Panel

HITSP served as a national standards harmonization entity. It was a cooperative partnership between the public and private sectors to harmonize existing standards in order to enable widespread interoperability among healthcare software applications, as they will interact in local and regional health information exchanges and in the Nationwide Health Information Network for the United States.

PHDSC leadership and members participate in the HITSP Security, Privacy &Infrastructure Domain Committee.