A new ISO technical specification will help to reconcile the increasing use in healthcare of electronic processing of patient data with increasing patient expectations for privacy protection.

In the healthcare sector, concerns about protecting private data are an overriding consideration and such concerns are intensifying with the continuing progress in the use of information and communication technology (ICT) tools and solutions to improve health services.

Pseudonymization (from pseudonym) allows for the removal of an association with a data subject. It differs from anonymization (anonymous) in that it allows for data to be linked to the same person across multiple data records or information systems without revealing the identity of the person. The technique is recognized as an important method for privacy protection of personal health information. It can be performed with or without the possibility of re-identifying the subject of the data (reversible or irreversible pseudonymization).

ISO/TS 25237:2008 is applicable to organizations that make a claim of trustworthiness for operations engaged in pseudonymization services, which may be national or trans-border. It will serve as a general guide for implementers, as well as for quality assurance purposes, assisting users to determine their trust in the services provided. Application areas include, but are not limited to:

  • Research, or other secondary use of clinical data
  • Clinical trials and post-marketing surveillance
  • Public health monitoring and assessment
  • Confidential patient-safety reporting (e.g. adverse drug effects)
  • Comparative quality indicator reporting
  • Peer review
  • Consumer groups.

ISO/TS 25237:2008 was developed by ISO technical committee ISO/TC 215, Health informatics. It provides a conceptual model of the problem areas, requirements for trustworthy practices, and specifications to support the planning and implementation of pseudonymization services. More precisely, it:

  • Defines a basic concept for pseudonymization
  • Gives an overview of different use cases for pseudonymization that can be both reversible and irreversible
  • Defines a basic methodology for pseudonymization services including organizational as well as technical aspects
  • Gives a guide to risk assessment for re-identification
  • Specifies a policy framework and minimal requirements for trustworthy practice for the operations of a pseudonymization service
  • Specifies a policy framework and minimal requirements for controlled re-identification
  • Specifies interfaces for the interoperability of services interfaces.

ISO/TC 25237:2008, Health informatics – Pseudonymization, is available from ISO national member institutes (see the complete list with contact details). It may also be obtained directly from the ISO Central Secretariat, price 158 Swiss francs, through the ISO Store or by contacting the Marketing & Communication department (see right-hand column).