People whose personal health information is transferred across national borders can now be assured of it remaining confidential when a new International Standard is implemented.

Personal health information on patients needs to be collected, stored, processed, and published for many purposes, including clinical research and health statistics - that may cut across national borders. The means and extent of the protection afforded to personal health data varies from country to country. In some countries, for example, there is nation-wide privacy legislation, while in others, laws or regulations may be at a state level or none may exist except through various codes of practice.

A common and internationally accepted ISO International Standard will provide a uniform set of guidelines acceptable to all health-related organizations in countries worldwide, whether transmitting to, or receiving personal health data from, other countries.

Its use will serve to facilitate the transfer of personal health data across national borders and reassure patients that health data relating to them will be adequately protected when sent to, and processed in, another country.

"Any organization involved in the transfer of person-identifiable health data between countries should be aware of ISO 22857," says Ray Rogers, a member of the working group that developed the new standard. "It details the rights which citizens will expect to have in terms of informed consent, access to their data and any contractual arrangements, investigation of complaints and redress."

The new standard will be used by hospitals, pharmaceutical companies, contractors remotely maintaining health care systems in other countries, organizations holding educational data bases or banks of medical records for patients from different countries as well as organizations involved in international health-related e-commerce such as e-pharmacy.

ISO 22857:2004 costs 110 Swiss francs and is available from ISO national member institutes and from ISO Central Secretariat (see below). The new document is the work of ISO technical committee ISO 215, Health informatics, working group WG 4, Security.