1、Designation: E1869 04 (Reapproved 2014) An American National StandardStandard Guide forConfidentiality, Privacy, Access, and Data SecurityPrinciples for Health Information Including Electronic HealthRecords1This standard is issued under the fixed designation E1869; the number immediately following t
2、he designation indicates the year oforiginal adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the p
3、rinciples for confidentiality,privacy, access, and security of person identifiable healthinformation. The focus of this standard is computer-basedsystems; however, many of the principles outlined in this guidealso apply to health information and patient records that are notin an electronic format. B
4、asic principles and ethical practicesfor handling confidentiality, access, and security of healthinformation are contained in a myriad of federal and state laws,rules and regulations, and in ethical statements of professionalconduct. The purpose of this guide is to synthesize andaggregate into a coh
5、esive guide the principles that underpin thedevelopment of more specific standards for health informationand to support the development of policies and procedures forelectronic health record systems and health information sys-tems.1.2 This guide includes principles related to:SectionPrivacy 7Confide
6、ntiality 8Collection, Use, and Maintenance 9Ownership 10Access 11Disclosure/Transfer of Data 12Data Security 13Penalties/Sanctions 14Education 151.3 This guide does not address specific technical require-ments. It is intended as a base for development of more specificstandards.2. Referenced Document
7、s2.1 ASTM Standards:2E1384 Practice for Content and Structure of the ElectronicHealth Record (EHR)E1714 Guide for Properties of a Universal Healthcare Iden-tifier (UHID)E1762 Guide for Electronic Authentication of Health CareInformationE1769 Guide for Properties of Electronic Health Recordsand Recor
8、d SystemsE1986 Guide for Information Access Privileges to HealthInformationE1987 Guide for Individual Rights Regarding Health Infor-mation (Withdrawn 2007)3E1988 Guide for Training of Persons who have Access toHealth Information (Withdrawn 2007)3E2017 Guide for Amendments to Health InformationE2147
9、Specification for Audit and Disclosure Logs for Usein Health Information Systems3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software,
10、 systems or structure) or patient identifiable data andinformation, or both.3.1.2 authentication:3.1.2.1 authentication (data entry)to authorize or validatean entry in a record by a signature including first initial, lastname, and discipline or a unique identifier allowing identifica-tion of the res
11、ponsible individual.3.1.2.2 authentication (data origin/sender)corroborationthat the source/sender of data received is as claimed.3.1.2.3 authentication (user/receiver)the provision of as-surance of the claimed identity of an entity/receiver.3.1.3 authorizethe granting to a user the right of access
12、tospecified data and information, a program, a terminal, or aprocess.1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and are the direct responsibility of Subcommittee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition appr
13、oved April 1, 2014. Published April 2014. Originallyapproved in 1997. Last previous edition approved in 2010 as E186904(2010). DOI:10.1520/E1869-04R14.2For referenced ASTM standards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStan
14、dards volume information, refer to the standards Document Summary page onthe ASTM website.3The last approved version of this historical standard is referenced onwww.astm.org.Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959. United StatesNOTICE: This
15、standard has either been superseded and replaced by a new version or withdrawn.Contact ASTM International (www.astm.org) for the latest information13.1.4 clinical data centersall computer-based (andmanual) systems which handle and store patient records andhealth information, for example, solo practi
16、tioners, clinics,hospitals, state departments of health, data centers, and healthmaintenance organizations.3.1.5 clinical informationdata and information collectedfrom the patient or patients family by a healthcare practitioneror healthcare organization. A healthcare practitioners objec-tive measure
17、ment or subjective evaluation of a patientsphysical or mental state of health, descriptions of an individu-als health history and family health history, diagnostic studies,decision rationale, descriptions of procedures performed,findings, therapeutic interventions, medications prescribed,description
18、 of responses to treatment, prognostic statementsand descriptions of socioeconomic factors, and environmentalfactors related to the patients health.3.1.6 computer-based patient recordsee patient record.3.1.7 confidentialstatus accorded to data or informationindicating that it is sensitive for some r
19、eason, and therefore itneeds to be protected against theft, disclosure, or improper use,or both, and must be disseminated only to authorized individu-als or organizations with a need to know.3.1.8 datacollection of elements on a given subject;things known, given, or assumed, as the basis for decisio
20、nmaking; the raw material of information systems expressed intext, numbers, symbols and images; facts.3.1.9 data protection measurea planned operation, forexample, procedure, policy, program, or technology, employedin the privacy system to prevent, detect, or sanction breaches ofsecurity.3.1.10 disc
21、losureto release, transfer, or otherwise divulgeconfidential health information to any entity other than theindividual who is the subject of such information.3.1.11 health care(1) preventive, diagnostic, therapeutic,rehabilitative, maintenance, or palliative care, public health,counseling, service,
22、or procedure with respect to the physicalor mental condition of an individual; or affecting the structureor function of the human body; or (2) any sale or dispensing ofa drug, device, equipment, or other item to an individual, or forthe use of an individual, pursuant to a prescription.3.1.12 health
23、informationany information, whether oral orrecorded in any form or medium (1) that is created or receivedby a health care provider; a health plan; health researcher,public health authority, instructor, employer, life insurer,school or university; health care clearinghouse, health infor-mation servic
24、e or other entity that creates, receives, obtains,maintains, uses, or transmits health information; a healthoversight agency, a health information service organization, or(2) that relates to the past, present, or future physical or mentalhealth or condition of an individual, the provision of healthc
25、are to an individual, or the past, present, or future payment forthe provision of health care to an individual; and (3) thatidentifies the individual, with respect to which there is areasonable basis to believe that the information can be used toidentify the individual.3.1.13 inferencerefers to the
26、ability to deduce the identityof a person associated with a set of data through “cluescontained in that information. This analysis permits determi-nation of the individuals identity based on a combination offacts associated with that person even though specific identi-fiers have been removed, like n
27、ame and social security number.3.1.14 informationdata that have been processed for use;human interpretation of data; data that have been processedinto a meaningful form.3.1.15 informed consentinformed consent requires thatindividuals be informed, in advance, of the information beingcollected from th
28、em, or generated, and the purposes for whichit will be used; and be given an opportunity to accept, reject, ormodify the terms presented. Central to the principle of in-formed consent is providing individuals with the ability tocontrol the use of information once collected. The general ruleis that i
29、nformation collected for one purpose must not be usedfor another purpose without the individuals consent. Inpractice, this requires that no use or disclosure occur, except toa documented request by, or with the prior consent of, theindividual to whom the record pertains unless the disclosure ispermi
30、tted by law. Under some circumstances a guardian ordesignee may consent on behalf of the individual.3.1.16 informational privacy(1) a state or condition ofcontrolled access to personal information. (2) The ability of anindividual to control the use and dissemination of informationthat relates to him
31、self or herself. (3) The individuals ability tocontrol what information is available to various users and tolimit redisclosures of information.3.1.17 patient record:3.1.17.1 longitudinal patient recorda permanent, coordi-nated patient record of significant information, in chronologi-cal sequence. It
32、 may include all historical data collected or beretrieved as a user designated synopsis of significantdemographic, genetic, clinical and environmental facts andevents maintained within an automated system.3.1.17.2 patient health recordthe primary legal recorddocumenting the healthcare services provi
33、ded to a person, inany aspect of healthcare delivery.DiscussionThe term patient health record is synonymouswith: medical record, patient care record, hospital record,clinical record, client record, resident record, electronic medi-cal record, and computer-based patient record. The termincludes routi
34、ne clinical or office records, hospital records,records of care in any health-related setting, research protocols,preventive care, life style evaluation, special study records, andvarious clinical databases.3.1.17.3 patient record systemthe set of components thatform the mechanism by which patient r
35、ecords are created,used, stored, and retrieved. A patient record system is usuallylocated within a healthcare provider/practitioner setting. Itincludes people, data, rules and procedures, processing andstorage devices (for example, paper and pen, hardware andsoftware), and communications and support
36、 function.3.1.17.4 secondary patient recorda record that is derivedfrom the primary health record and contains selected dataelements to aid nonclinical persons (that is, persons notinvolved in direct patient care) in supporting, evaluating, oradvancing patient care. Patient care support refers toE18
37、69 04 (2014)2administration, regulation, and payment functions. Patient careevaluation refers to quality assurance, utilization management,and medical or legal audits. Patient care advancement refers toresearch. These records are often combined to form a second-ary database, for example, an insuranc
38、e claims database.3.1.18 personally identifiable health informationhealthinformation which contains an individuals identifiers (name,social security number) or contains a sufficient number ofvariables to allow identification of an individual.3.1.19 practitioner (licensed/certified)an individual at a
39、nylevel of professional specialization who requires a publiclicense to deliver health care to individuals. An individual atany level of professional specialization who is certified by apublic agency or professional organization to provide healthservices to individuals. A practitioner may also be a p
40、rovider.3.1.20 privacythe right of individuals to be left alone andto be protected against physical or psychological invasion orthe misuse of their property. It includes freedom from intrusionor observation into ones private affairs, the right to maintaincontrol over certain personal information, an
41、d the freedom toact without outside interference. See also informational pri-vacy.3.1.21 privilegethe individuals right to hold private andconfidential the information given to a healthcare provider inthe context of a professional relationship. The individual may,by overt act of consent or by other
42、means, waive the right toprivilege. For example, if a patient brings a lawsuit against afacility and the records are needed to present the facilitys case,the privilege is waived.3.1.22 providera business entity which furnishes healthcare to a consumer; it includes a professionally licensedpractition
43、er who is authorized to operate a healthcare deliveryfacility.3.1.23 security:3.1.23.1 data securitythe result of effective data protec-tion measures; the sum of measures that safeguard data andcomputer programs from undesired occurrences and exposureto: (1) accidental or intentional access or discl
44、osure to unau-thorized persons, or a combination thereof, (2) accidental ormalicious alteration, (3) unauthorized copying, (4) loss by theftor destruction by hardware failures, software deficiencies,operating mistakes; physical damage by fire, water, smoke,excessive temperature, electrical failure o
45、r sabotage; or acombination thereof. Data security exists when data are pro-tected from accidental or intentional disclosure to unauthorizedpersons and from unauthorized or accidental alteration.3.1.23.2 system securitysecurity is the totality of safe-guards including hardware, software, personnel p
46、olicies, infor-mation practice policies, disaster preparedness, and oversightof these components. Security protects both the system and theinformation contained within from unauthorized access fromwithout and from misuse from within. Security enables theentity or system to protect the confidential i
47、nformation it storesfrom unauthorized access, disclosure, or misuse; thereby pro-tecting the privacy of the individuals who are the subjects ofthe stored information.4. Significance and Use4.1 Many U.S. healthcare and health information systemsleaders believe that electronic health information syste
48、ms thatinclude computer-based patient records will improve healthcare. To achieve this goal these systems will need to protectindividual privacy of patient data, provide appropriate access,and use adequate data security measures. Sound informationpolicies and practices must be in place prior to the
49、wide-scaledeployment of health information systems. Strong enforceableprivacy policies must shape the development and implementa-tion of these systems.4.2 The purposes of patient records are to document thecourse of the patients illness or health status during eachencounter and episode of care; to furnish documentary evi-dence of the course of the patients health evaluation, treatmentand change in condition; to document an individuals healthstatus; to provide data for preventive care; to documentcommunication between the prac
