标准摘要
[中文适用范围]: 本文档包含使用假名化服务保护个人健康信息时的数据保护原则和要求。本文档适用于希望出于自身目的执行假名化流程的组织,或需要假名化服务所涉及流程可信度的组织。本文件 - 阐述了假名化的基本概念(参见第 5 节); - 建立假名化服务的基本方法,包括组织和技术方面(见第 6 节); - 制定适用政策框架和受监管认可的最低要求(见第 7 节); - 概述假名化的不同用例,假名化可以是可逆的,也可以是不可逆的(见附件 A); - 提供认可风险评估指南(见附件B); - 提供了一个使用去个性化的系统的例子(见附录C); - 为假名服务提供信息互操作性要求(见附件 D);和; - 为假名化服务活动的可信赖实践建立适用政策和最低要求框架(见附件 E)。 [外文原描述]: ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. ISO 25237:2017 - defines one basic concept for pseudonymization (see Clause 5), - defines one basic methodology for pseudonymization services including organizational, as well as technical aspects (see Clause 6), - specifies a policy framework and minimal requirements for controlled re-identification (see Clause 7), - gives an overview of different use cases for pseudonymization that can be both reversible and irreversible (see Annex A), - gives a guide to risk assessment for re-identification (see Annex B), - provides an example of a system that uses de-identification (see Annex C), - provides informative requirements to an interoperability to pseudonymization services (see Annex D), and - specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service (see Annex E).
英文名称Health informatics — Pseudonymization