1、Designation: E1986 09 (Reapproved 2013) An American National StandardStandard Guide forInformation Access Privileges to Health Information1This standard is issued under the fixed designation E1986; the number immediately following the designation indicates the year oforiginal adoption or, in the cas
2、e of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope*1.1 This guide covers the process of granting and maintain-ing access privileges to health inf
3、ormation. It directly ad-dresses the maintenance of confidentiality of personal,provider, and organizational data in the healthcare domain. Itaddresses a wide range of data and data elements not alltraditionally defined as healthcare data, but all elemental in theprovision of data management, data s
4、ervices, and administra-tive and clinical healthcare services. In addition, this guideaddresses specific requirements for granting access privilegesto patient-specific health information during health emergen-cies.1.2 This guide is based on long-term existing and estab-lished professional practices
5、in the management of healthcareadministrative and clinical data. Healthcare data, and specifi-cally healthcare records (also referred to as medical records orpatient records), are generally managed under similar profes-sional practices throughout the United States, essentially re-gardless of specifi
6、c variations in local, regional, state, andfederal laws regarding rules and requirements for data andrecord management.1.3 This guide applies to all individuals, groups,organizations, data-users, data-managers, and public and pri-vate firms, companies, agencies, departments, bureaus, service-provide
7、rs, and similar entities that collect individual, group,and organizational data related to health care.1.4 This guide applies to all collection, use, management,maintenance, disclosure, and access of all individual, group,and organizational data related to health care.1.5 This guide does not attempt
8、 to address specific legisla-tive and regulatory issues regarding individual, group, andorganizational rights to protection of privacy.1.6 This guide covers all methods of collection and use ofdata whether paper-based, written, printed, typed, dictated,transcribed, forms-based, photocopied, scanned,
9、 facsimile,telefax, magnetic media, image, video, motion picture, stillpicture, film, microfilm, animation, 3D, audio, digital media,optical media, synthetic media, or computer-based.1.7 This guide does not directly define explicit disease-specific and evaluation/treatment-specific data control orac
10、cess, or both. As defined under this guide, the confidentialprotection of elemental data elements in relation to which dataelements fall into restrictive or specifically controlledcategories, or both, is set by policies, professional practice, andlaws, legislation and regulations.2. Referenced Docum
11、ents2.1 ASTM Standards:2E1869 Guide for Confidentiality, Privacy, Access, and DataSecurity Principles for Health Information Including Elec-tronic Health RecordsE2595 Guide for Privilege Management Infrastructure3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,in
12、spect, review, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software, systems, or structure) or patient identifiable data andinformation, or both. (E1869)3.1.2 access controlthe prevention of unauthorized use ofa resource, including the
13、prevention of use of a resource in anunauthorized manner.3.1.2.1 DiscussionAccess control counters the threat ofunauthorized access to, disclosure of, or modification of data.(ISO 7498-2)3.1.3 accountabilitythe property that ensures that theactions of an entity can be traced. (ISO 7498-2)3.1.4 audit
14、 traildata collected and potentially used tofacilitate a security audit. (ISO 7498-2)3.1.5 authenticationthe corroboration that an entity is theone claimed. (ISO 7498-2)1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommitt
15、ee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved March 1, 2013. Published March 2013. Originallyapproved in 1998. Last previous edition approved in 2009 as E1986 09. DOI:10.1520/E1986-09R13.2For referenced ASTM standards, visit the ASTM website,
16、 www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.*A Summary of Changes section appears at the end of this standardCopyright ASTM International, 100 Barr Harbor Drive
17、, PO Box C700, West Conshohocken, PA 19428-2959. United StatesNOTICE: This standard has either been superseded and replaced by a new version or withdrawn.Contact ASTM International (www.astm.org) for the latest information13.1.6 authorizethe granting to a user the right of access tospecified data an
18、d information, a program, a terminal, or aprocess. (E1869)3.1.7 authorization(1) The granting of rights, which in-cludes the granting of access based on access rights. (2) Themechanism for obtaining consent for the use and disclosure ofhealth information. (ISO 7498-2, CPRI, AHIMA)3.1.8 confidentials
19、tatus accorded to data or informationindicating that it is sensitive for some reason and needs to beprotected against theft, disclosure, or improper use, or both,and must be disseminated only to authorized individuals ororganizations with an approved need to know. Private infor-mation which is entru
20、sted to another with the confidence thatunauthorized disclosure that will be prejudicial to the indi-vidual will not occur. (E1869)3.1.9 confidentialitythe property that information is notmade available or disclosed to unauthorized individuals,entities, or processes. (ISO 7498-2)3.1.10 databasea col
21、lection of data organized for rapidsearch and retrieval. (Websters, 1993)3.1.11 data elementthe combination of one or more dataentities that forms a unit or piece of information, such as thesocial security number, a diagnosis, an address, or a medica-tion.3.1.12 data entitya discrete form of data su
22、ch as a numberor word.3.1.13 disclosure (health care)the release of informationto third parties within or outside the healthcare providerorganization from an individuals record with or without theconsent of the individual to whom the record pertains.3.1.13.1 DiscussionUnder this guide the definition
23、 isslightly modified to read: the release of information to anindividual, group or organization from an individuals healthinformation with or without the authorization of the individualto whom the health information pertains. (CPRI)3.1.14 emergencya sudden demand for action. Conditionthat poses an i
24、mmediate threat to the health of the patient.3.1.15 healthcare datadata which are input, stored, pro-cessed or output by the automated information system whichsupport the business functions of the healthcare establishment.These data may relate to person identifiable records or may bepart of an admin
25、istrative system where persons are notidentified. (CEN)3.1.16 health informationany information, whether oral orrecorded in any form or medium (1) that is created or receivedby a healthcare provider; a health plan; health researcher,public health authority, instructor, employer, school oruniversity,
26、 health information service or other entity thatcreates, receives, obtains, maintains, uses, or transmits healthinformation; a health oversight agency, a health informationservice organization, or (2) that relates to the past, present, orfuture physical or mental health or condition of an individual
27、,the provision of health care to an individual, or the past,present, or future payments for the provision of health care toa protected individual; and (3) that identifies the individual;with respect to which there is a reasonable basis to believe thatthe information can be used to identify the indiv
28、idual.(HIPAA, E1869)3.1.17 informationdata to which meaning is assigned,according to context and assumed conventions.(National Security Council, 1991, E1869)3.2 Definitions of Terms Specific to This Standard:3.2.1 disclosureto release, transfer, or otherwise divulgeprotected health information to an
29、y entity other than theindividual who is the subject of such information.3.2.1.1 external disclosuredisclosure outside an organiza-tion.3.2.1.2 internal disclosuredisclosure within an organiza-tion.4. Significance and Use4.1 The maintenance of confidentiality in paper-based,electronic, or computer-b
30、ased health information requires thatpolicies and procedures be in place to protect confidentiality.Confidentiality of information depends on structural and ex-plicit mechanisms to allow persons or systems to define whohas access to what, and in what situation that access is granted.For guidelines o
31、n the development and implementation ofprivilege management infrastructures supporting thesemechanisms, see Guide E2595.4.2 Confidential protection of data elements is a specificrequirement. The classification of data elements into restrictiveand specifically controlled categories is set by policies
32、, profes-sional practice, and laws, legislation, and regulations.4.3 There are three explicit concepts upon which the use ofand access to health information confidentiality are defined.Each of these concepts is an explicit and unique characteristicrelevant to confidentiality, but only through the co
33、mbination(convergence) of all three concepts can appropriate access toan explicit data element at a specific point in time be provided,and unauthorized access denied. The three concepts are:4.3.1 The categorization and breakdown of data into logicaland reasonable elements or entities.4.3.2 The ident
34、ification of individual roles or job functions.4.3.3 The establishment of context and conditions of datause at a specific point in time, and within a specific setting.4.4 The overriding principle in preserving the confidential-ity of information is to provide access to that information onlyunder cir
35、cumstances and to individuals when there is anabsolute, established, and recognized need to access that data,and the information accessed should itself be constrained onlyto that information essential to accomplish a defined andrecognized task or process. Information nonessential to thattask or proc
36、ess should ideally not be accessible, even though anindividual accessing that information may have some generalright of access to that information.E1986 09 (2013)25. Principles5.1 The following principles are based upon U.S. state andfederal laws, current European Economic Community initia-tives and
37、 laws and regulations resulting from those initiatives,and professional practice within the U.S. and European health-care domains.5.2 Individuals, groups, and organizations retain rights overthe specific, intermediate, and ultimate use of any data col-lected from them and about whom the data is reta
38、ined andmanaged.5.3 No individual, group, or organizational data shall becollected, used, maintained, released, or disclosed without thespecific explicit informed consent of the individual, group, ororganization, unless specifically required for the protection ofpublic health, and mandated by local,
39、 state, regional, or federallaw.5.4 Individual, group, or organizational data may only beused for the purpose for which it was collected. Explicitinformed consent of the individual, group, or organization fromwhich the data was collected is required if the data is to be usedfor any additional purpos
40、e. Organizational policies shall statethe purposes for which data will be collected, maintained, andused.5.5 All individuals, groups, organizations, data-users, data-managers, and public and private firms, companies, agencies,departments, bureaus, service-providers, and similar entitiesthat collect
41、individual, group and healthcare related data, arerequired to collect, manage, maintain, disclose, provide accessto, or release that data only in strict compliance with the dataaccess rules defined in this guide. If they are unable to adhereto this guide they will not retain data beyond its initialc
42、ollection and use, or will securely and confidentially entrustthat data to an authorized organization that can abide by therules under this guide.5.6 Data and data elements under this guide are defined at adiscrete level. This is necessary in order to define data accessand use rights down to discret
43、e elemental data. This guide isestablished under the assumption that there is no such thing as“dis-identified data” in that as long as data exist as discreteelemental data they are ultimately identifiable with an indi-vidual. For example a diagnosis or a patient weight is notdis-identified within a
44、population just because it does not havea name or other outward identifying information attached orlinked to it. The average weight within a population or theincidence of a given disease, both calculated or derived from apopulation aggregate, may be dis-identified from an individualwithin a populati
45、on, but might still predispose the population toidentification or prejudice. For example an “abnormal” averageweight might increase the health risk to a population, thereforeproviding valuable preventative and epidemiological data, butif that data is assumed to be dis-identified and generallyavailab
46、le for review, then it might allow population-basedprejudicial pricing for healthcare services or insurance. Diseaseincidence can also be used to target populations at health risk,but if considered dis-identified and generally available forreview, disease incidence can also be used to identify popul
47、a-tions as to race, religion, ethnicity, genetics, sexualpreferences, and other prejudicial indicators. The protection ofindividual, group, and organizational data confidentiality underthis guide is, therefore, absolute and is always based upon theconnection of that data to the individual, group, or
48、 organizationfrom which the data was collected and for or about whom thedata is retained and managed. No data is releasable as discretedata or discrete data-types under any assumption that sinceanother related data element (for example, name, age, sex,address, etc.) was not released, that the data i
49、s no longerindividual, group, or organizational data, or can no longer beidentified or connected to any individual, group, or organiza-tion.5.7 All access shall be explicitly authorized. Unauthorizedaccess is explicitly forbidden.6. Data Elements6.1 Data elements under this guide represent fragmentation(separation) of data into discrete entities. These entities (dataelements) represent discrete elemental data types that can bereconstructed into complete data sets according to varyingneeds and requirements of access and use, by appropriatedata-users,