ImageVerifierCode 换一换
格式:PDF , 页数:11 ,大小:105.40KB ,
资源ID:529982      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-529982.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ASTM E1986-1998(2005) Standard Guide for Information Access Privileges to Health Information《健康信息的信息访问特权的标准指南》.pdf)为本站会员(李朗)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ASTM E1986-1998(2005) Standard Guide for Information Access Privileges to Health Information《健康信息的信息访问特权的标准指南》.pdf

1、Designation: E 1986 98 (Reapproved 2005)An American National StandardStandard Guide forInformation Access Privileges to Health Information1This standard is issued under the fixed designation E 1986; the number immediately following the designation indicates the year oforiginal adoption or, in the ca

2、se of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the process of granting and maintain-ing access privileges to health in

3、formation. It directly ad-dresses the maintenance of confidentiality of personal, pro-vider, and organizational data in the healthcare domain. Itaddresses a wide range of data and data elements not alltraditionally defined as healthcare data, but all elemental in theprovision of data management, dat

4、a services, and administra-tive and clinical healthcare services. In addition, this guideaddresses specific requirements for granting access privilegesto patient-specific health information during health emergen-cies.1.2 This guide is based on long-term existing and estab-lished professional practic

5、es in the management of healthcareadministrative and clinical data. Healthcare data, and specifi-cally healthcare records (also referred to as medical records orpatient records), are generally managed under similar profes-sional practices throughout the United States, essentially re-gardless of spec

6、ific variations in local, regional, state, andfederal laws regarding rules and requirements for data andrecord management.1.3 This guide applies to all individuals, groups, organiza-tions, data-users, data-managers, and public and private firms,companies, agencies, departments, bureaus, service-prov

7、iders,and similar entities that collect individual, group, and organi-zational data related to health care.1.4 This guide applies to all collection, use, management,maintenance, disclosure, and access of all individual, group,and organizational data related to health care.1.5 This guide does not att

8、empt to address specific legisla-tive and regulatory issues regarding individual, group, andorganizational rights to protection of privacy.1.6 This guide covers all methods of collection and use ofdata whether paper-based, written, printed, typed, dictated,transcribed, forms-based, photocopied, scan

9、ned, facsimile,telefax, magnetic media, image, video, motion picture, stillpicture, film, microfilm, animation, 3D, audio, digital media,optical media, synthetic media, or computer-based.1.7 This guide does not directly define explicit disease-specific and evaluation/treatment-specific data control

10、or ac-cess, or both. As defined under this guide, the confidentialprotection of elemental data elements in relation to which dataelements fall into restrictive or specifically controlled catego-ries, or both, is set by policies, professional practice, and laws,legislation and regulations.2. Referenc

11、ed Documents2.1 ASTM Standards:2E 1869 Guide for Confidentiality, Privacy,Access, and DataSecurity Principles for Health Information Including Elec-tronic Health Records3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate

12、 with, or make useof health information system resources (for example, hardware,software, systems, or structure) or patient identifiable data andinformation, or both. (E 1869)3.1.2 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunaut

13、horized manner.3.1.2.1 DiscussionAccess control counters the threat ofunauthorized access to, disclosure of, or modification of data.(ISO 7498-2)3.1.3 accountabilitythe property that ensures that theactions of an entity can be traced. (ISO 7498-2)3.1.4 audit traildata collected and potentially used

14、tofacilitate a security audit. (ISO 7498-2)3.1.5 authenticationthe corroboration that an entity is theone claimed. (ISO 7498-2)3.1.6 authorizethe granting to a user the right of access tospecified data and information, a program, a terminal, or aprocess. (E 1869)3.1.7 authorization(1) The granting o

15、f rights, which in-cludes the granting of access based on access rights. (2) Themechanism for obtaining consent for the use and disclosure of1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.25 on HealthcareData

16、Management, Security, Confidentiality, and Privacy.Current edition approved July 17, 2006. Published January 2006. Originallyapproved in 1998. Last previous edition approved in 1998 as E 1986 98.2For referenced ASTM standards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at

17、serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.health information. (ISO 7498-2, CPRI, AHIMA)3.1.8

18、confidentialstatus accorded to data or informationindicating that it is sensitive for some reason and needs to beprotected against theft, disclosure, or improper use, or both,and must be disseminated only to authorized individuals ororganizations with an approved need to know. Private infor-mation w

19、hich is entrusted to another with the confidence thatunauthorized disclosure that will be prejudicial to the indi-vidual will not occur. (E 1869)3.1.9 confidentialitythe property that information is notmade available or disclosed to unauthorized individuals, enti-ties, or processes. (ISO 7498-2)3.1.

20、10 databasea collection of data organized for rapidsearch and retrieval. (Websters, 1993)3.1.11 data elementthe combination of one or more dataentities that forms a unit or piece of information, such as thesocial security number, a diagnosis, an address, or a medica-tion.3.1.12 data entitya discrete

21、 form of data such as a numberor word.3.1.13 disclosure (health care)the release of informationto third parties within or outside the healthcare providerorganization from an individuals record with or without theconsent of the individual to whom the record pertains.3.1.13.1 DiscussionUnder this guid

22、e the definition isslightly modified to read: the release of information to anindividual, group or organization from an individuals healthinformation with or without the authorization of the individualto whom the health information pertains. (CPRI)3.1.14 emergencya sudden demand for action. Conditio

23、nthat poses an immediate threat to the health of the patient.3.1.15 healthcare datadata which are input, stored, pro-cessed or output by the automated information system whichsupport the business functions of the healthcare establishment.These data may relate to person identifiable records or may be

24、part of an administrative system where persons are not identi-fied. (CEN)3.1.16 health informationany information, whether oralor recorded in any form or medium (1) that is created orreceived by a healthcare provider; a health plan; healthresearcher, public health authority, instructor, employer, sc

25、hoolor university, health information service or other entity thatcreates, receives, obtains, maintains, uses, or transmits healthinformation; a health oversight agency, a health informationservice organization, or (2) that relates to the past, present, orfuture physical or mental health or conditio

26、n of an individual,the provision of health care to an individual, or the past,present, or future payments for the provision of health care toa protected individual; and (3) that identifies the individual;with respect to which there is a reasonable basis to believe thatthe information can be used to

27、identify the individual.(HIPAA, E 1869)3.1.17 informationdata to which meaning is assigned,according to context and assumed conventions.(National Security Council, 1991, E 1869)3.2 Definitions of Terms Specific to This Standard:3.2.1 disclosureto release, transfer, or otherwise divulgeprotected heal

28、th information to any entity other than theindividual who is the subject of such information.3.2.1.1 external disclosuredisclosure outside an organiza-tion.3.2.1.2 internal disclosuredisclosure within an organiza-tion.4. Significance and Use4.1 The maintenance of confidentiality in paper-based, elec

29、-tronic, or computer-based health information requires thatpolicies and procedures be in place to protect confidentiality.Confidentiality of information depends on structural and ex-plicit mechanisms to allow persons or systems to define whohas access to what, and in what situation that access is gr

30、anted.4.2 Confidential protection of data elements is a specificrequirement. The classification of data elements into restrictiveand specifically controlled categories is set by policies, profes-sional practice, and laws, legislation, and regulations.4.3 There are three explicit concepts upon which

31、the use ofand access to health information confidentiality are defined.Each of these concepts is an explicit and unique characteristicrelevant to confidentiality, but only through the combination(convergence) of all three concepts can appropriate access toan explicit data element at a specific point

32、 in time be provided,and unauthorized access denied. The three concepts are:4.3.1 The categorization and breakdown of data into logicaland reasonable elements or entities.4.3.2 The identification of individual roles or job functions.4.3.3 The establishment of context and conditions of datause at a s

33、pecific point in time, and within a specific setting.4.4 The overriding principle in preserving the confidential-ity of information is to provide access to that information onlyunder circumstances and to individuals when there is anabsolute, established, and recognized need to access that data,and t

34、he information accessed should itself be constrained onlyto that information essential to accomplish a defined andrecognized task or process. Information nonessential to thattask or process should ideally not be accessible, even though anindividual accessing that information may have some generalrig

35、ht of access to that information.5. Principles5.1 The following principles are based upon U.S. state andfederal laws, current European Economic Community initia-tives and laws and regulations resulting from those initiatives,and professional practice within the U.S. and European health-care domains.

36、5.2 Individuals, groups, and organizations retain rights overthe specific, intermediate, and ultimate use of any data col-lected from them and about whom the data is retained andmanaged.5.3 No individual, group, or organizational data shall becollected, used, maintained, released, or disclosed witho

37、ut thespecific explicit informed consent of the individual, group, ororganization, unless specifically required for the protection ofpublic health, and mandated by local, state, regional, or federallaw.E 1986 98 (2005)25.4 Individual, group, or organizational data may only beused for the purpose for

38、 which it was collected. Explicitinformed consent of the individual, group, or organization fromwhich the data was collected is required if the data is to be usedfor any additional purpose. Organizational policies shall statethe purposes for which data will be collected, maintained, andused.5.5 All

39、individuals, groups, organizations, data-users, data-managers, and public and private firms, companies, agencies,departments, bureaus, service-providers, and similar entitiesthat collect individual, group and healthcare related data, arerequired to collect, manage, maintain, disclose, provide access

40、to, or release that data only in strict compliance with the dataaccess rules defined in this guide. If they are unable to adhereto this guide they will not retain data beyond its initialcollection and use, or will securely and confidentially entrustthat data to an authorized organization that can ab

41、ide by therules under this guide.5.6 Data and data elements under this guide are defined at adiscrete level. This is necessary in order to define data accessand use rights down to discrete elemental data. This guide isestablished under the assumption that there is no such thing as“dis-identified dat

42、a” in that as long as data exist as discreteelemental data they are ultimately identifiable with an indi-vidual. For example a diagnosis or a patient weight is notdis-identified within a population just because it does not havea name or other outward identifying information attached orlinked to it.

43、The average weight within a population or theincidence of a given disease, both calculated or derived from apopulation aggregate, may be dis-identified from an individualwithin a population, but might still predispose the population toidentification or prejudice. For example an “abnormal” averagewei

44、ght might increase the health risk to a population, thereforeproviding valuable preventative and epidemiological data, butif that data is assumed to be dis-identified and generallyavailable for review, then it might allow population-basedprejudicial pricing for healthcare services or insurance. Dise

45、aseincidence can also be used to target populations at health risk,but if considered dis-identified and generally available forreview, disease incidence can also be used to identify popula-tions as to race, religion, ethnicity, genetics, sexual prefer-ences, and other prejudicial indicators. The pro

46、tection ofindividual, group, and organizational data confidentiality underthis guide is, therefore, absolute and is always based upon theconnection of that data to the individual, group, or organizationfrom which the data was collected and for or about whom thedata is retained and managed. No data i

47、s releasable as discretedata or discrete data-types under any assumption that sinceanother related data element (for example, name, age, sex,address, etc.) was not released, that the data is no longerindividual, group, or organizational data, or can no longer beidentified or connected to any individ

48、ual, group, or organiza-tion.5.7 All access shall be explicitly authorized. Unauthorizedaccess is explicitly forbidden.6. Data Elements6.1 Data elements under this guide represent fragmentation(separation) of data into discrete entities. These entities (dataelements) represent discrete elemental dat

49、a types that can bereconstructed into complete data sets according to varyingneeds and requirements of access and use, by appropriatedata-users, under appropriately defined and authorized roles.Data elements exist as discrete data in their own right or can beaggregated as data sets that represent data about a specificindividual, provider, group, or organization, or they can beaggregated across individuals, providers, groups, or organiza-tions.6.2 Data elements and data entities under this guide areexplicitly delineated and apply to healthcare related data ina

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1