1、Designation: E1869 04 (Reapproved 2010)An American National StandardStandard Guide forConfidentiality, Privacy, Access, and Data SecurityPrinciples for Health Information Including Electronic HealthRecords1This standard is issued under the fixed designation E1869; the number immediately following th
2、e designation indicates the year oforiginal adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the pr
3、inciples for confidentiality,privacy, access, and security of person identifiable healthinformation. The focus of this standard is computer-basedsystems; however, many of the principles outlined in this guidealso apply to health information and patient records that are notin an electronic format. Ba
4、sic principles and ethical practicesfor handling confidentiality, access, and security of healthinformation are contained in a myriad of federal and state laws,rules and regulations, and in ethical statements of professionalconduct. The purpose of this guide is to synthesize andaggregate into a cohe
5、sive guide the principles that underpin thedevelopment of more specific standards for health informationand to support the development of policies and procedures forelectronic health record systems and health information sys-tems.1.2 This guide includes principles related to:SectionPrivacy 7Confiden
6、tiality 8Collection, Use, and Maintenance 9Ownership 10Access 11Disclosure/Transfer of Data 12Data Security 13Penalties/Sanctions 14Education 151.3 This guide does not address specific technical require-ments. It is intended as a base for development of more specificstandards.2. Referenced Documents
7、2.1 ASTM Standards:2E1384 Practice for Content and Structure of the ElectronicHealth Record (EHR)E1714 Guide for Properties of a Universal HealthcareIdentifier (UHID)E1762 Guide for Electronic Authentication of Health CareInformationE1769 Guide for Properties of Electronic Health Recordsand Record S
8、ystemsE1986 Guide for Information Access Privileges to HealthInformationE1987 Guide for Individual Rights Regarding Health Infor-mation3E1988 Guide for Training of Persons who have Access toHealth Information3E2017 Guide for Amendments to Health InformationE2147 Specification for Audit and Disclosur
9、e Logs for Usein Health Information Systems3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software, systems or structure) or patient ide
10、ntifiable data andinformation, or both.3.1.2 authentication:3.1.2.1 authentication (data entry)to authorize or validatean entry in a record by a signature including first initial, lastname, and discipline or a unique identifier allowing identifica-tion of the responsible individual.3.1.2.2 authentic
11、ation (data origin/sender)corroborationthat the source/sender of data received is as claimed.3.1.2.3 authentication (user/receiver)the provision of as-surance of the claimed identity of an entity/receiver.3.1.3 authorizethe granting to a user the right of access tospecified data and information, a p
12、rogram, a terminal, or aprocess.3.1.4 clinical data centersall computer-based (andmanual) systems which handle and store patient records andhealth information, for example, solo practitioners, clinics,1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and are the di
13、rect responsibility of Subcommittee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved March 1, 2010. Published August 2010. Originallyapproved in 1997. Last previous edition approved in 2004 as E186904. DOI:10.1520/E1869-04R10.2For referenced ASTM s
14、tandards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.3Withdrawn. The last approved version of this historical standard is referencedon w
15、ww.astm.org.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.hospitals, state departments of health, data centers, and healthmaintenance organizations.3.1.5 clinical informationdata and information collectedfrom the patient or patient
16、s family by a healthcare practitioneror healthcare organization. A healthcare practitioners objec-tive measurement or subjective evaluation of a patientsphysical or mental state of health, descriptions of an individu-als health history and family health history, diagnostic studies,decision rationale
17、, descriptions of procedures performed, find-ings, therapeutic interventions, medications prescribed, de-scription of responses to treatment, prognostic statements anddescriptions of socioeconomic factors, and environmental fac-tors related to the patients health.3.1.6 computer-based patient records
18、ee patient record.3.1.7 confidentialstatus accorded to data or informationindicating that it is sensitive for some reason, and therefore itneeds to be protected against theft, disclosure, or improper use,or both, and must be disseminated only to authorized individu-als or organizations with a need t
19、o know.3.1.8 datacollection of elements on a given subject;things known, given, or assumed, as the basis for decisionmaking; the raw material of information systems expressed intext, numbers, symbols and images; facts.3.1.9 data protection measurea planned operation, forexample, procedure, policy, p
20、rogram, or technology, employedin the privacy system to prevent, detect, or sanction breaches ofsecurity.3.1.10 disclosureto release, transfer, or otherwise divulgeconfidential health information to any entity other than theindividual who is the subject of such information.3.1.11 health care(1) prev
21、entive, diagnostic, therapeutic,rehabilitative, maintenance, or palliative care, public health,counseling, service, or procedure with respect to the physicalor mental condition of an individual; or affecting the structureor function of the human body; or (2) any sale or dispensing ofa drug, device,
22、equipment, or other item to an individual, or forthe use of an individual, pursuant to a prescription.3.1.12 health informationany information, whether oralor recorded in any form or medium (1) that is created orreceived by a health care provider; a health plan; healthresearcher, public health autho
23、rity, instructor, employer, lifeinsurer, school or university; health care clearinghouse, healthinformation service or other entity that creates, receives,obtains, maintains, uses, or transmits health information; ahealth oversight agency, a health information service organi-zation, or (2) that rela
24、tes to the past, present, or future physicalor mental health or condition of an individual, the provision ofhealth care to an individual, or the past, present, or futurepayment for the provision of health care to an individual; and(3) that identifies the individual, with respect to which there isa r
25、easonable basis to believe that the information can be usedto identify the individual.3.1.13 inferencerefers to the ability to deduce the identityof a person associated with a set of data through “clues9contained in that information. This analysis permits determi-nation of the individuals identity b
26、ased on a combination offacts associated with that person even though specific identi-fiers have been removed, like name and social security number.3.1.14 informationdata that have been processed for use;human interpretation of data; data that have been processedinto a meaningful form.3.1.15 informe
27、d consentinformed consent requires thatindividuals be informed, in advance, of the information beingcollected from them, or generated, and the purposes for whichit will be used; and be given an opportunity to accept, reject, ormodify the terms presented. Central to the principle of in-formed consent
28、 is providing individuals with the ability tocontrol the use of information once collected. The general ruleis that information collected for one purpose must not be usedfor another purpose without the individuals consent. In prac-tice, this requires that no use or disclosure occur, except to adocum
29、ented request by, or with the prior consent of, theindividual to whom the record pertains unless the disclosure ispermitted by law. Under some circumstances a guardian ordesignee may consent on behalf of the individual.3.1.16 informational privacy(1) a state or condition ofcontrolled access to perso
30、nal information. (2) The ability of anindividual to control the use and dissemination of informationthat relates to himself or herself. (3) The individuals ability tocontrol what information is available to various users and tolimit redisclosures of information.3.1.17 patient record:3.1.17.1 longitu
31、dinal patient recorda permanent, coordi-nated patient record of significant information, in chronologi-cal sequence. It may include all historical data collected or beretrieved as a user designated synopsis of significant demo-graphic, genetic, clinical and environmental facts and eventsmaintained w
32、ithin an automated system.3.1.17.2 patient health recordthe primary legal recorddocumenting the healthcare services provided to a person, inany aspect of healthcare delivery.DiscussionThe term patient health record is synonymouswith: medical record, patient care record, hospital record,clinical reco
33、rd, client record, resident record, electronic medi-cal record, and computer-based patient record. The termincludes routine clinical or office records, hospital records,records of care in any health-related setting, research protocols,preventive care, life style evaluation, special study records, an
34、dvarious clinical databases.3.1.17.3 patient record systemthe set of components thatform the mechanism by which patient records are created,used, stored, and retrieved. A patient record system is usuallylocated within a healthcare provider/practitioner setting. Itincludes people, data, rules and pro
35、cedures, processing andstorage devices (for example, paper and pen, hardware andsoftware), and communications and support function.3.1.17.4 secondary patient recorda record that is derivedfrom the primary health record and contains selected dataelements to aid nonclinical persons (that is, persons n
36、otinvolved in direct patient care) in supporting, evaluating, oradvancing patient care. Patient care support refers to adminis-tration, regulation, and payment functions. Patient care evalu-ation refers to quality assurance, utilization management, andmedical or legal audits. Patient care advancemen
37、t refers toresearch. These records are often combined to form a second-ary database, for example, an insurance claims database.E1869 04 (2010)23.1.18 personally identifiable health informationhealthinformation which contains an individuals identifiers (name,social security number) or contains a suff
38、icient number ofvariables to allow identification of an individual.3.1.19 practitioner (licensed/certified)an individual atany level of professional specialization who requires a publiclicense to deliver health care to individuals. An individual atany level of professional specialization who is cert
39、ified by apublic agency or professional organization to provide healthservices to individuals. A practitioner may also be a provider.3.1.20 privacythe right of individuals to be left alone andto be protected against physical or psychological invasion orthe misuse of their property. It includes freed
40、om from intrusionor observation into ones private affairs, the right to maintaincontrol over certain personal information, and the freedom toact without outside interference. See also informational pri-vacy.3.1.21 privilegethe individuals right to hold private andconfidential the information given t
41、o a healthcare provider inthe context of a professional relationship. The individual may,by overt act of consent or by other means, waive the right toprivilege. For example, if a patient brings a lawsuit against afacility and the records are needed to present the facilitys case,the privilege is waiv
42、ed.3.1.22 providera business entity which furnishes healthcare to a consumer; it includes a professionally licensedpractitioner who is authorized to operate a healthcare deliveryfacility.3.1.23 security:3.1.23.1 data securitythe result of effective data protec-tion measures; the sum of measures that
43、 safeguard data andcomputer programs from undesired occurrences and exposureto: (1) accidental or intentional access or disclosure to unau-thorized persons, or a combination thereof, (2) accidental ormalicious alteration, (3) unauthorized copying, (4) loss by theftor destruction by hardware failures
44、, software deficiencies,operating mistakes; physical damage by fire, water, smoke,excessive temperature, electrical failure or sabotage; or acombination thereof. Data security exists when data are pro-tected from accidental or intentional disclosure to unauthorizedpersons and from unauthorized or ac
45、cidental alteration.3.1.23.2 system securitysecurity is the totality of safe-guards including hardware, software, personnel policies, infor-mation practice policies, disaster preparedness, and oversightof these components. Security protects both the system and theinformation contained within from un
46、authorized access fromwithout and from misuse from within. Security enables theentity or system to protect the confidential information it storesfrom unauthorized access, disclosure, or misuse; thereby pro-tecting the privacy of the individuals who are the subjects ofthe stored information.4. Signif
47、icance and Use4.1 Many U.S. healthcare and health information systemsleaders believe that electronic health information systems thatinclude computer-based patient records will improve healthcare. To achieve this goal these systems will need to protectindividual privacy of patient data, provide appro
48、priate access,and use adequate data security measures. Sound informationpolicies and practices must be in place prior to the wide-scaledeployment of health information systems. Strong enforceableprivacy policies must shape the development and implementa-tion of these systems.4.2 The purposes of pati
49、ent records are to document thecourse of the patients illness or health status during eachencounter and episode of care; to furnish documentary evi-dence of the course of the patients health evaluation, treatmentand change in condition; to document an individuals healthstatus; to provide data for preventive care; to documentcommunication between the practitioner responsible for thepatients care and any other healthcare practitioner who con-tributes to the patients care; to assist in protecting the legalinterest of the patient, the health
