ImageVerifierCode 换一换
格式:PDF , 页数:9 ,大小:96.41KB ,
资源ID:529685      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-529685.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ASTM E1869-2004 Standard Guide for Confidentiality Privacy Access and Data Security Principles for Health Information Including Electronic Health Records《包括电子健康记录的健康信息的机密性、隐私性、存取和数.pdf)为本站会员(wealthynice100)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ASTM E1869-2004 Standard Guide for Confidentiality Privacy Access and Data Security Principles for Health Information Including Electronic Health Records《包括电子健康记录的健康信息的机密性、隐私性、存取和数.pdf

1、Designation: E 1869 04An American National StandardStandard Guide forConfidentiality, Privacy, Access, and Data SecurityPrinciples for Health Information Including Electronic HealthRecords1This standard is issued under the fixed designation E 1869; the number immediately following the designation in

2、dicates the year oforiginal adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the principles for co

3、nfidentiality,privacy, access, and security of person identifiable healthinformation. The focus of this standard is computer-basedsystems; however, many of the principles outlined in this guidealso apply to health information and patient records that are notin an electronic format. Basic principles

4、and ethical practicesfor handling confidentiality, access, and security of healthinformation are contained in a myriad of federal and state laws,rules and regulations, and in ethical statements of professionalconduct. The purpose of this guide is to synthesize andaggregate into a cohesive guide the

5、principles that underpin thedevelopment of more specific standards for health informationand to support the development of policies and procedures forelectronic health record systems and health information sys-tems.1.2 This guide includes principles related to:SectionPrivacy 7Confidentiality 8Collec

6、tion, Use, and Maintenance 9Ownership 10Access 11Disclosure/Transfer of Data 12Data Security 13Penalties/Sanctions 14Education 151.3 This guide does not address specific technical require-ments. It is intended as a base for development of more specificstandards.2. Referenced Documents2.1 ASTM Standa

7、rds:2E 1384 Guide for the Content and Structure of theComputer-Based Patient RecordE 1714 Guide for the Properties of a Universal HealthcareIdentifierE 1762 Guide for Electronic Authentication of Health In-formationE 1769 Guide for the Properties of Electronic HealthRecords and Record SystemsE 1986

8、Guide for Information Access Privileges to HealthInformationE 1987 Guide for the Individual Rights Regarding HealthInformationE 1988 Guide for Training of Persons who have Access toHealth InformationE 2017 Guide for Amendments to Health InformationE 2147 Specification for Audit and Disclosure Logs f

9、or Usein Health Information Systems3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software, systems or structure) or patient identifiabl

10、e data andinformation, or both.3.1.2 authentication:3.1.2.1 authentication (data entry)to authorize or validatean entry in a record by a signature including first initial, lastname, and discipline or a unique identifier allowing identifica-tion of the responsible individual.3.1.2.2 authentication (d

11、ata origin/sender)corroborationthat the source/sender of data received is as claimed.3.1.2.3 authentication (user/receiver)the provision of as-surance of the claimed identity of an entity/receiver.3.1.3 authorizethe granting to a user the right of access tospecified data and information, a program,

12、a terminal, or aprocess.3.1.4 clinical data centersall computer-based (andmanual) systems which handle and store patient records andhealth information, for example, solo practitioners, clinics,1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and are the direct res

13、ponsibility of Subcommittee E31.25 on HealthcareManagement, Security, Confidentiality, and Privacy.Current edition approved Nov. 1, 2004. Published December 2004. Originallyapproved in 1997. Last previous edition approved in 1997 as E 1869 97.2For referenced ASTM standards, visit the ASTM website, w

14、ww.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.hos

15、pitals, state departments of health, data centers, and healthmaintenance organizations.3.1.5 clinical informationdata and information collectedfrom the patient or patients family by a healthcare practitioneror healthcare organization. A healthcare practitioners objec-tive measurement or subjective e

16、valuation of a patientsphysical or mental state of health, descriptions of an individu-als health history and family health history, diagnostic studies,decision rationale, descriptions of procedures performed, find-ings, therapeutic interventions, medications prescribed, de-scription of responses to

17、 treatment, prognostic statements anddescriptions of socioeconomic factors, and environmental fac-tors related to the patients health.3.1.6 computer-based patient recordsee patient record.3.1.7 confidentialstatus accorded to data or informationindicating that it is sensitive for some reason, and the

18、refore itneeds to be protected against theft, disclosure, or improper use,or both, and must be disseminated only to authorized individu-als or organizations with a need to know.3.1.8 datacollection of elements on a given subject;things known, given, or assumed, as the basis for decisionmaking; the r

19、aw material of information systems expressed intext, numbers, symbols and images; facts.3.1.9 data protection measurea planned operation, forexample, procedure, policy, program, or technology, employedin the privacy system to prevent, detect, or sanction breaches ofsecurity.3.1.10 disclosureto relea

20、se, transfer, or otherwise divulgeconfidential health information to any entity other than theindividual who is the subject of such information.3.1.11 health care(1) preventive, diagnostic, therapeutic,rehabilitative, maintenance, or palliative care, public health,counseling, service, or procedure w

21、ith respect to the physicalor mental condition of an individual; or affecting the structureor function of the human body; or (2) any sale or dispensing ofa drug, device, equipment, or other item to an individual, or forthe use of an individual, pursuant to a prescription.3.1.12 health informationany

22、 information, whether oralor recorded in any form or medium (1) that is created orreceived by a health care provider; a health plan; healthresearcher, public health authority, instructor, employer, lifeinsurer, school or university; health care clearinghouse, healthinformation service or other entit

23、y that creates, receives,obtains, maintains, uses, or transmits health information; ahealth oversight agency, a health information service organi-zation, or (2) that relates to the past, present, or future physicalor mental health or condition of an individual, the provision ofhealth care to an indi

24、vidual, or the past, present, or futurepayment for the provision of health care to an individual; and(3) that identifies the individual, with respect to which there isa reasonable basis to believe that the information can be usedto identify the individual.3.1.13 inferencerefers to the ability to ded

25、uce the identityof a person associated with a set of data through “clues9contained in that information. This analysis permits determi-nation of the individuals identity based on a combination offacts associated with that person even though specific identi-fiers have been removed, like name and socia

26、l security number.3.1.14 informationdata that have been processed for use;human interpretation of data; data that have been processedinto a meaningful form.3.1.15 informed consentinformed consent requires thatindividuals be informed, in advance, of the information beingcollected from them, or genera

27、ted, and the purposes for whichit will be used; and be given an opportunity to accept, reject, ormodify the terms presented. Central to the principle of in-formed consent is providing individuals with the ability tocontrol the use of information once collected. The general ruleis that information co

28、llected for one purpose must not be usedfor another purpose without the individuals consent. In prac-tice, this requires that no use or disclosure occur, except to adocumented request by, or with the prior consent of, theindividual to whom the record pertains unless the disclosure ispermitted by law

29、. Under some circumstances a guardian ordesignee may consent on behalf of the individual.3.1.16 informational privacy(1) a state or condition ofcontrolled access to personal information. (2) The ability of anindividual to control the use and dissemination of informationthat relates to himself or her

30、self. (3) The individuals ability tocontrol what information is available to various users and tolimit redisclosures of information.3.1.17 patient record:3.1.17.1 longitudinal patient recorda permanent, coordi-nated patient record of significant information, in chronologi-cal sequence. It may includ

31、e all historical data collected or beretrieved as a user designated synopsis of significant demo-graphic, genetic, clinical and environmental facts and eventsmaintained within an automated system.3.1.17.2 patient health recordthe primary legal recorddocumenting the healthcare services provided to a

32、person, inany aspect of healthcare delivery.DiscussionThe term patient health record is synonymouswith: medical record, patient care record, hospital record,clinical record, client record, resident record, electronic medi-cal record, and computer-based patient record. The termincludes routine clinic

33、al or office records, hospital records,records of care in any health-related setting, research protocols,preventive care, life style evaluation, special study records, andvarious clinical databases.3.1.17.3 patient record systemthe set of components thatform the mechanism by which patient records ar

34、e created,used, stored, and retrieved. A patient record system is usuallylocated within a healthcare provider/practitioner setting. Itincludes people, data, rules and procedures, processing andstorage devices (for example, paper and pen, hardware andsoftware), and communications and support function

35、.3.1.17.4 secondary patient recorda record that is derivedfrom the primary health record and contains selected dataelements to aid nonclinical persons (that is, persons notinvolved in direct patient care) in supporting, evaluating, oradvancing patient care. Patient care support refers to adminis-tra

36、tion, regulation, and payment functions. Patient care evalu-ation refers to quality assurance, utilization management, andmedical or legal audits. Patient care advancement refers toresearch. These records are often combined to form a second-ary database, for example, an insurance claims database.E18

37、690423.1.18 personally identifiable health informationhealthinformation which contains an individuals identifiers (name,social security number) or contains a sufficient number ofvariables to allow identification of an individual.3.1.19 practitioner (licensed/certified)an individual atany level of pr

38、ofessional specialization who requires a publiclicense to deliver health care to individuals. An individual atany level of professional specialization who is certified by apublic agency or professional organization to provide healthservices to individuals. A practitioner may also be a provider.3.1.2

39、0 privacythe right of individuals to be left alone andto be protected against physical or psychological invasion orthe misuse of their property. It includes freedom from intrusionor observation into ones private affairs, the right to maintaincontrol over certain personal information, and the freedom

40、 toact without outside interference. See also informational pri-vacy.3.1.21 privilegethe individuals right to hold private andconfidential the information given to a healthcare provider inthe context of a professional relationship. The individual may,by overt act of consent or by other means, waive

41、the right toprivilege. For example, if a patient brings a lawsuit against afacility and the records are needed to present the facilitys case,the privilege is waived.3.1.22 providera business entity which furnishes healthcare to a consumer; it includes a professionally licensedpractitioner who is aut

42、horized to operate a healthcare deliveryfacility.3.1.23 security:3.1.23.1 data securitythe result of effective data protec-tion measures; the sum of measures that safeguard data andcomputer programs from undesired occurrences and exposureto: (1) accidental or intentional access or disclosure to unau

43、-thorized persons, or a combination thereof, (2) accidental ormalicious alteration, (3) unauthorized copying, (4) loss by theftor destruction by hardware failures, software deficiencies,operating mistakes; physical damage by fire, water, smoke,excessive temperature, electrical failure or sabotage; o

44、r acombination thereof. Data security exists when data are pro-tected from accidental or intentional disclosure to unauthorizedpersons and from unauthorized or accidental alteration.3.1.23.2 system securitysecurity is the totality of safe-guards including hardware, software, personnel policies, info

45、r-mation practice policies, disaster preparedness, and oversightof these components. Security protects both the system and theinformation contained within from unauthorized access fromwithout and from misuse from within. Security enables theentity or system to protect the confidential information it

46、 storesfrom unauthorized access, disclosure, or misuse; thereby pro-tecting the privacy of the individuals who are the subjects ofthe stored information.4. Significance and Use4.1 Many U.S. healthcare and health information systemsleaders believe that electronic health information systems thatinclud

47、e computer-based patient records will improve healthcare. To achieve this goal these systems will need to protectindividual privacy of patient data, provide appropriate access,and use adequate data security measures. Sound informationpolicies and practices must be in place prior to the wide-scaledep

48、loyment of health information systems. Strong enforceableprivacy policies must shape the development and implementa-tion of these systems.4.2 The purposes of patient records are to document thecourse of the patients illness or health status during eachencounter and episode of care; to furnish docume

49、ntary evi-dence of the course of the patients health evaluation, treatmentand change in condition; to document an individuals healthstatus; to provide data for preventive care; to documentcommunication between the practitioner responsible for thepatients care and any other healthcare practitioner who con-tributes to the patients care; to assist in protecting the legalinterest of the patient, the health care facility and the respon-sible practitioner; to provide continuity of care; to provide datato substantiate insurance claims; to provid

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1