Personal health data better protected by ISO standard

by Sandrine Tranchard on
ISO News feeds (RSS)
Health informatics

ISO has published a new technical specification which will increase protection of personal health information processed, stored and transferred by computer systems for subsequent use by clinicians and others in healthcare organizations. ISO/TS 14265:2011, Health informatics – Classification of purposes for processing personal health information, defines a set of high-level categories of purposes for which such personal health information can be processed .

Electronic health records (EHRs) are used more and more. They involve the systematic electronic collection of health information about individual patients or populations, such as information about the physical or and mental health of an individual or provision of health services.

Health information is usually documented by healthcare professionals as part of the process of delivering care, and subsequently used to support the continuing care of each patient. However, EHR information might also be needed and used to enable the healthcare organization (such as a hospital) to manage its services better and more safely, and for a wider range of purposes such as public health, education and research.

Information may at times need to be shared with other organizations (e.g. between a hospital and a general practitioner). For ethical and legal reasons, information should only be used for the purposes for which it was collected or created. Up to now there has been no standard listing of the possible kinds of purpose of use of personal health information.

ISO/TS 14265:2011, provides a framework for classifying the various specific purposes that can be defined and used by individual policy domains (e.g. healthcare organizations, regional health authorities, jurisdiction countries) as an aid to the consistent management of information in the delivery of healthcare services and for the communication of electronic health records across organizational and jurisdictional boundaries.

Elaine Sawatsky and Dipak Kalra, Project leaders of the committee that developed the standard comment: “This important piece of work is now available to help organizations understand how to manage the personal health information that they hold, and how to ensure that the information is used appropriately and consistently.”

ISO/TS 14265:2011, Health informatics – Classification of purposes for processing personal health information, was developed by ISO/TC 215, health informatics. It is available from ISO national member institutes (see the complete list with contact details). It may also be obtained directly from the ISO Central Secretariat, price 80 Swiss francs respectively through the ISO Store or by contacting the Marketing, Communication & Information department (see right-hand column).