1、Designation: E 1869 04An American National StandardStandard Guide forConfidentiality, Privacy, Access, and Data SecurityPrinciples for Health Information Including Electronic HealthRecords1This standard is issued under the fixed designation E 1869; the number immediately following the designation in
2、dicates the year oforiginal adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the principles for co
3、nfidentiality,privacy, access, and security of person identifiable healthinformation. The focus of this standard is computer-basedsystems; however, many of the principles outlined in this guidealso apply to health information and patient records that are notin an electronic format. Basic principles
4、and ethical practicesfor handling confidentiality, access, and security of healthinformation are contained in a myriad of federal and state laws,rules and regulations, and in ethical statements of professionalconduct. The purpose of this guide is to synthesize andaggregate into a cohesive guide the
5、principles that underpin thedevelopment of more specific standards for health informationand to support the development of policies and procedures forelectronic health record systems and health information sys-tems.1.2 This guide includes principles related to:SectionPrivacy 7Confidentiality 8Collec
6、tion, Use, and Maintenance 9Ownership 10Access 11Disclosure/Transfer of Data 12Data Security 13Penalties/Sanctions 14Education 151.3 This guide does not address specific technical require-ments. It is intended as a base for development of more specificstandards.2. Referenced Documents2.1 ASTM Standa
7、rds:2E 1384 Guide for the Content and Structure of theComputer-Based Patient RecordE 1714 Guide for the Properties of a Universal HealthcareIdentifierE 1762 Guide for Electronic Authentication of Health In-formationE 1769 Guide for the Properties of Electronic HealthRecords and Record SystemsE 1986
8、Guide for Information Access Privileges to HealthInformationE 1987 Guide for the Individual Rights Regarding HealthInformationE 1988 Guide for Training of Persons who have Access toHealth InformationE 2017 Guide for Amendments to Health InformationE 2147 Specification for Audit and Disclosure Logs f
9、or Usein Health Information Systems3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software, systems or structure) or patient identifiabl
10、e data andinformation, or both.3.1.2 authentication:3.1.2.1 authentication (data entry)to authorize or validatean entry in a record by a signature including first initial, lastname, and discipline or a unique identifier allowing identifica-tion of the responsible individual.3.1.2.2 authentication (d
11、ata origin/sender)corroborationthat the source/sender of data received is as claimed.3.1.2.3 authentication (user/receiver)the provision of as-surance of the claimed identity of an entity/receiver.3.1.3 authorizethe granting to a user the right of access tospecified data and information, a program,
12、a terminal, or aprocess.3.1.4 clinical data centersall computer-based (andmanual) systems which handle and store patient records andhealth information, for example, solo practitioners, clinics,1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and are the direct res
13、ponsibility of Subcommittee E31.25 on HealthcareManagement, Security, Confidentiality, and Privacy.Current edition approved Nov. 1, 2004. Published December 2004. Originallyapproved in 1997. Last previous edition approved in 1997 as E 1869 97.2For referenced ASTM standards, visit the ASTM website, w
14、ww.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.hos
15、pitals, state departments of health, data centers, and healthmaintenance organizations.3.1.5 clinical informationdata and information collectedfrom the patient or patients family by a healthcare practitioneror healthcare organization. A healthcare practitioners objec-tive measurement or subjective e
16、valuation of a patientsphysical or mental state of health, descriptions of an individu-als health history and family health history, diagnostic studies,decision rationale, descriptions of procedures performed, find-ings, therapeutic interventions, medications prescribed, de-scription of responses to
17、 treatment, prognostic statements anddescriptions of socioeconomic factors, and environmental fac-tors related to the patients health.3.1.6 computer-based patient recordsee patient record.3.1.7 confidentialstatus accorded to data or informationindicating that it is sensitive for some reason, and the
18、refore itneeds to be protected against theft, disclosure, or improper use,or both, and must be disseminated only to authorized individu-als or organizations with a need to know.3.1.8 datacollection of elements on a given subject;things known, given, or assumed, as the basis for decisionmaking; the r
19、aw material of information systems expressed intext, numbers, symbols and images; facts.3.1.9 data protection measurea planned operation, forexample, procedure, policy, program, or technology, employedin the privacy system to prevent, detect, or sanction breaches ofsecurity.3.1.10 disclosureto relea
20、se, transfer, or otherwise divulgeconfidential health information to any entity other than theindividual who is the subject of such information.3.1.11 health care(1) preventive, diagnostic, therapeutic,rehabilitative, maintenance, or palliative care, public health,counseling, service, or procedure w
21、ith respect to the physicalor mental condition of an individual; or affecting the structureor function of the human body; or (2) any sale or dispensing ofa drug, device, equipment, or other item to an individual, or forthe use of an individual, pursuant to a prescription.3.1.12 health informationany
22、 information, whether oralor recorded in any form or medium (1) that is created orreceived by a health care provider; a health plan; healthresearcher, public health authority, instructor, employer, lifeinsurer, school or university; health care clearinghouse, healthinformation service or other entit
23、y that creates, receives,obtains, maintains, uses, or transmits health information; ahealth oversight agency, a health information service organi-zation, or (2) that relates to the past, present, or future physicalor mental health or condition of an individual, the provision ofhealth care to an indi
24、vidual, or the past, present, or futurepayment for the provision of health care to an individual; and(3) that identifies the individual, with respect to which there isa reasonable basis to believe that the information can be usedto identify the individual.3.1.13 inferencerefers to the ability to ded
25、uce the identityof a person associated with a set of data through “clues9contained in that information. This analysis permits determi-nation of the individuals identity based on a combination offacts associated with that person even though specific identi-fiers have been removed, like name and socia
26、l security number.3.1.14 informationdata that have been processed for use;human interpretation of data; data that have been processedinto a meaningful form.3.1.15 informed consentinformed consent requires thatindividuals be informed, in advance, of the information beingcollected from them, or genera
27、ted, and the purposes for whichit will be used; and be given an opportunity to accept, reject, ormodify the terms presented. Central to the principle of in-formed consent is providing individuals with the ability tocontrol the use of information once collected. The general ruleis that information co
28、llected for one purpose must not be usedfor another purpose without the individuals consent. In prac-tice, this requires that no use or disclosure occur, except to adocumented request by, or with the prior consent of, theindividual to whom the record pertains unless the disclosure ispermitted by law
29、. Under some circumstances a guardian ordesignee may consent on behalf of the individual.3.1.16 informational privacy(1) a state or condition ofcontrolled access to personal information. (2) The ability of anindividual to control the use and dissemination of informationthat relates to himself or her
30、self. (3) The individuals ability tocontrol what information is available to various users and tolimit redisclosures of information.3.1.17 patient record:3.1.17.1 longitudinal patient recorda permanent, coordi-nated patient record of significant information, in chronologi-cal sequence. It may includ
31、e all historical data collected or beretrieved as a user designated synopsis of significant demo-graphic, genetic, clinical and environmental facts and eventsmaintained within an automated system.3.1.17.2 patient health recordthe primary legal recorddocumenting the healthcare services provided to a
32、person, inany aspect of healthcare delivery.DiscussionThe term patient health record is synonymouswith: medical record, patient care record, hospital record,clinical record, client record, resident record, electronic medi-cal record, and computer-based patient record. The termincludes routine clinic
33、al or office records, hospital records,records of care in any health-related setting, research protocols,preventive care, life style evaluation, special study records, andvarious clinical databases.3.1.17.3 patient record systemthe set of components thatform the mechanism by which patient records ar
34、e created,used, stored, and retrieved. A patient record system is usuallylocated within a healthcare provider/practitioner setting. Itincludes people, data, rules and procedures, processing andstorage devices (for example, paper and pen, hardware andsoftware), and communications and support function
35、.3.1.17.4 secondary patient recorda record that is derivedfrom the primary health record and contains selected dataelements to aid nonclinical persons (that is, persons notinvolved in direct patient care) in supporting, evaluating, oradvancing patient care. Patient care support refers to adminis-tra
36、tion, regulation, and payment functions. Patient care evalu-ation refers to quality assurance, utilization management, andmedical or legal audits. Patient care advancement refers toresearch. These records are often combined to form a second-ary database, for example, an insurance claims database.E18
37、690423.1.18 personally identifiable health informationhealthinformation which contains an individuals identifiers (name,social security number) or contains a sufficient number ofvariables to allow identification of an individual.3.1.19 practitioner (licensed/certified)an individual atany level of pr
38、ofessional specialization who requires a publiclicense to deliver health care to individuals. An individual atany level of professional specialization who is certified by apublic agency or professional organization to provide healthservices to individuals. A practitioner may also be a provider.3.1.2
39、0 privacythe right of individuals to be left alone andto be protected against physical or psychological invasion orthe misuse of their property. It includes freedom from intrusionor observation into ones private affairs, the right to maintaincontrol over certain personal information, and the freedom
40、 toact without outside interference. See also informational pri-vacy.3.1.21 privilegethe individuals right to hold private andconfidential the information given to a healthcare provider inthe context of a professional relationship. The individual may,by overt act of consent or by other means, waive
41、the right toprivilege. For example, if a patient brings a lawsuit against afacility and the records are needed to present the facilitys case,the privilege is waived.3.1.22 providera business entity which furnishes healthcare to a consumer; it includes a professionally licensedpractitioner who is aut
42、horized to operate a healthcare deliveryfacility.3.1.23 security:3.1.23.1 data securitythe result of effective data protec-tion measures; the sum of measures that safeguard data andcomputer programs from undesired occurrences and exposureto: (1) accidental or intentional access or disclosure to unau
43、-thorized persons, or a combination thereof, (2) accidental ormalicious alteration, (3) unauthorized copying, (4) loss by theftor destruction by hardware failures, software deficiencies,operating mistakes; physical damage by fire, water, smoke,excessive temperature, electrical failure or sabotage; o
44、r acombination thereof. Data security exists when data are pro-tected from accidental or intentional disclosure to unauthorizedpersons and from unauthorized or accidental alteration.3.1.23.2 system securitysecurity is the totality of safe-guards including hardware, software, personnel policies, info
45、r-mation practice policies, disaster preparedness, and oversightof these components. Security protects both the system and theinformation contained within from unauthorized access fromwithout and from misuse from within. Security enables theentity or system to protect the confidential information it
46、 storesfrom unauthorized access, disclosure, or misuse; thereby pro-tecting the privacy of the individuals who are the subjects ofthe stored information.4. Significance and Use4.1 Many U.S. healthcare and health information systemsleaders believe that electronic health information systems thatinclud
47、e computer-based patient records will improve healthcare. To achieve this goal these systems will need to protectindividual privacy of patient data, provide appropriate access,and use adequate data security measures. Sound informationpolicies and practices must be in place prior to the wide-scaledep
48、loyment of health information systems. Strong enforceableprivacy policies must shape the development and implementa-tion of these systems.4.2 The purposes of patient records are to document thecourse of the patients illness or health status during eachencounter and episode of care; to furnish docume
49、ntary evi-dence of the course of the patients health evaluation, treatmentand change in condition; to document an individuals healthstatus; to provide data for preventive care; to documentcommunication between the practitioner responsible for thepatients care and any other healthcare practitioner who con-tributes to the patients care; to assist in protecting the legalinterest of the patient, the health care facility and the respon-sible practitioner; to provide continuity of care; to provide datato substantiate insurance claims; to provid
