The security of electronic health records will be enhanced by the publication of two ISO documents providing internationally harmonized guidelines for archiving patient information: a technical specification outlining basic principles, and a complementary report.
The documents take into account the unique needs of the healthcare industry, where data privacy and integrity have always been a sensitive issue.
“The growing use of information technology in healthcare delivery is improving the quality of the services,” says Pekka Ruotsalainen, Project Leader for both documents, “but it’s also exacerbating issues such as confidentiality, integrity, availability and accountability.”
Like its paper counterpart, electronic data can be lost (media such as CDs break or are misplaced, or files are accidentally deleted). And as technology advances, it may not be possible to read and understand information stored in old formats and media (such as diskettes). Concerns regarding patient’s records also include the possibility of unlawful usurping or copying of data.
“Most countries now rely on electronic patient information. ISO standards offer solutions to help ensure the privacy and longevity of this data independent of technology. As globalization progresses, patient information is increasingly being transferred across national borders, further highlighting the need for global specifications to address these issues,” explains Ms. Ruotsalainen.
The basic principles needed to securely preserve health records in any format for the long-term are included in technical specification ISO/TS 21547:2010, Health informatics – Security requirements for archiving of electronic health records – Principles. In the document, archiving is addressed as a holistic process covering records maintenance, retention, disclosure and eventual destruction.
Additional guidance for implementing ISO/TS 21547 is included in technical report ISO/TR 21548:2010, Health informatics – Security requirements for archiving of electronic health records – Guidelines. The informative report provides complementary guidelines to ISO/TS 21547, as well as a practical method and tools for the development and management of eArchives.
Together, the two documents provide a powerful comprehensive solution to address e-health data integrity, including ethical and legal concerns, privacy protection, regulations concerning access and disclosing of records among other needs specific to the industry.
For instance, unlike other electronic documents, patient records must be available throughout their entire lifecycle (potentially reaching 100+ years), regardless of time and place. The ISO documents take into account the dynamic nature of health data, which may be modified through time, its sensitivity and high security requirements, particularly as transferred between services organizations and healthcare providers, and more.
The ISO documents also take into consideration new initiatives in the field, such as the growing trend to reinforce patients’ self determination and participation in their own healthcare, and the data that must be available to them.
The two documents were developed by ISO technical committee ISO/TC 215, Health informatics.
ISO/TS 21547:2010, Health informatics – Security requirements for archiving of electronic health records – Principles, and ISO/TR 21548:2010, Health informatics – Security requirements for archiving of electronic health records – Guidelines, are available from ISO national member institutes (see the complete list with contact details). They may also be obtained directly from the ISO Central Secretariat, price 180 and 124 Swiss francs respectively, through the ISO Store or by contacting the Marketing, Communication and Information department (see right-hand column).