1、Designation: E 1986 98 (Reapproved 2005)An American National StandardStandard Guide forInformation Access Privileges to Health Information1This standard is issued under the fixed designation E 1986; the number immediately following the designation indicates the year oforiginal adoption or, in the ca
2、se of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon (e) indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers the process of granting and maintain-ing access privileges to health in
3、formation. It directly ad-dresses the maintenance of confidentiality of personal, pro-vider, and organizational data in the healthcare domain. Itaddresses a wide range of data and data elements not alltraditionally defined as healthcare data, but all elemental in theprovision of data management, dat
4、a services, and administra-tive and clinical healthcare services. In addition, this guideaddresses specific requirements for granting access privilegesto patient-specific health information during health emergen-cies.1.2 This guide is based on long-term existing and estab-lished professional practic
5、es in the management of healthcareadministrative and clinical data. Healthcare data, and specifi-cally healthcare records (also referred to as medical records orpatient records), are generally managed under similar profes-sional practices throughout the United States, essentially re-gardless of spec
6、ific variations in local, regional, state, andfederal laws regarding rules and requirements for data andrecord management.1.3 This guide applies to all individuals, groups, organiza-tions, data-users, data-managers, and public and private firms,companies, agencies, departments, bureaus, service-prov
7、iders,and similar entities that collect individual, group, and organi-zational data related to health care.1.4 This guide applies to all collection, use, management,maintenance, disclosure, and access of all individual, group,and organizational data related to health care.1.5 This guide does not att
8、empt to address specific legisla-tive and regulatory issues regarding individual, group, andorganizational rights to protection of privacy.1.6 This guide covers all methods of collection and use ofdata whether paper-based, written, printed, typed, dictated,transcribed, forms-based, photocopied, scan
9、ned, facsimile,telefax, magnetic media, image, video, motion picture, stillpicture, film, microfilm, animation, 3D, audio, digital media,optical media, synthetic media, or computer-based.1.7 This guide does not directly define explicit disease-specific and evaluation/treatment-specific data control
10、or ac-cess, or both. As defined under this guide, the confidentialprotection of elemental data elements in relation to which dataelements fall into restrictive or specifically controlled catego-ries, or both, is set by policies, professional practice, and laws,legislation and regulations.2. Referenc
11、ed Documents2.1 ASTM Standards:2E 1869 Guide for Confidentiality, Privacy,Access, and DataSecurity Principles for Health Information Including Elec-tronic Health Records3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, review, retrieve, store, communicate
12、 with, or make useof health information system resources (for example, hardware,software, systems, or structure) or patient identifiable data andinformation, or both. (E 1869)3.1.2 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunaut
13、horized manner.3.1.2.1 DiscussionAccess control counters the threat ofunauthorized access to, disclosure of, or modification of data.(ISO 7498-2)3.1.3 accountabilitythe property that ensures that theactions of an entity can be traced. (ISO 7498-2)3.1.4 audit traildata collected and potentially used
14、tofacilitate a security audit. (ISO 7498-2)3.1.5 authenticationthe corroboration that an entity is theone claimed. (ISO 7498-2)3.1.6 authorizethe granting to a user the right of access tospecified data and information, a program, a terminal, or aprocess. (E 1869)3.1.7 authorization(1) The granting o
15、f rights, which in-cludes the granting of access based on access rights. (2) Themechanism for obtaining consent for the use and disclosure of1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.25 on HealthcareData
16、Management, Security, Confidentiality, and Privacy.Current edition approved July 17, 2006. Published January 2006. Originallyapproved in 1998. Last previous edition approved in 1998 as E 1986 98.2For referenced ASTM standards, visit the ASTM website, www.astm.org, orcontact ASTM Customer Service at
17、serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.health information. (ISO 7498-2, CPRI, AHIMA)3.1.8
18、confidentialstatus accorded to data or informationindicating that it is sensitive for some reason and needs to beprotected against theft, disclosure, or improper use, or both,and must be disseminated only to authorized individuals ororganizations with an approved need to know. Private infor-mation w
19、hich is entrusted to another with the confidence thatunauthorized disclosure that will be prejudicial to the indi-vidual will not occur. (E 1869)3.1.9 confidentialitythe property that information is notmade available or disclosed to unauthorized individuals, enti-ties, or processes. (ISO 7498-2)3.1.
20、10 databasea collection of data organized for rapidsearch and retrieval. (Websters, 1993)3.1.11 data elementthe combination of one or more dataentities that forms a unit or piece of information, such as thesocial security number, a diagnosis, an address, or a medica-tion.3.1.12 data entitya discrete
21、 form of data such as a numberor word.3.1.13 disclosure (health care)the release of informationto third parties within or outside the healthcare providerorganization from an individuals record with or without theconsent of the individual to whom the record pertains.3.1.13.1 DiscussionUnder this guid
22、e the definition isslightly modified to read: the release of information to anindividual, group or organization from an individuals healthinformation with or without the authorization of the individualto whom the health information pertains. (CPRI)3.1.14 emergencya sudden demand for action. Conditio
23、nthat poses an immediate threat to the health of the patient.3.1.15 healthcare datadata which are input, stored, pro-cessed or output by the automated information system whichsupport the business functions of the healthcare establishment.These data may relate to person identifiable records or may be
24、part of an administrative system where persons are not identi-fied. (CEN)3.1.16 health informationany information, whether oralor recorded in any form or medium (1) that is created orreceived by a healthcare provider; a health plan; healthresearcher, public health authority, instructor, employer, sc
25、hoolor university, health information service or other entity thatcreates, receives, obtains, maintains, uses, or transmits healthinformation; a health oversight agency, a health informationservice organization, or (2) that relates to the past, present, orfuture physical or mental health or conditio
26、n of an individual,the provision of health care to an individual, or the past,present, or future payments for the provision of health care toa protected individual; and (3) that identifies the individual;with respect to which there is a reasonable basis to believe thatthe information can be used to
27、identify the individual.(HIPAA, E 1869)3.1.17 informationdata to which meaning is assigned,according to context and assumed conventions.(National Security Council, 1991, E 1869)3.2 Definitions of Terms Specific to This Standard:3.2.1 disclosureto release, transfer, or otherwise divulgeprotected heal
28、th information to any entity other than theindividual who is the subject of such information.3.2.1.1 external disclosuredisclosure outside an organiza-tion.3.2.1.2 internal disclosuredisclosure within an organiza-tion.4. Significance and Use4.1 The maintenance of confidentiality in paper-based, elec
29、-tronic, or computer-based health information requires thatpolicies and procedures be in place to protect confidentiality.Confidentiality of information depends on structural and ex-plicit mechanisms to allow persons or systems to define whohas access to what, and in what situation that access is gr
30、anted.4.2 Confidential protection of data elements is a specificrequirement. The classification of data elements into restrictiveand specifically controlled categories is set by policies, profes-sional practice, and laws, legislation, and regulations.4.3 There are three explicit concepts upon which
31、the use ofand access to health information confidentiality are defined.Each of these concepts is an explicit and unique characteristicrelevant to confidentiality, but only through the combination(convergence) of all three concepts can appropriate access toan explicit data element at a specific point
32、 in time be provided,and unauthorized access denied. The three concepts are:4.3.1 The categorization and breakdown of data into logicaland reasonable elements or entities.4.3.2 The identification of individual roles or job functions.4.3.3 The establishment of context and conditions of datause at a s
33、pecific point in time, and within a specific setting.4.4 The overriding principle in preserving the confidential-ity of information is to provide access to that information onlyunder circumstances and to individuals when there is anabsolute, established, and recognized need to access that data,and t
34、he information accessed should itself be constrained onlyto that information essential to accomplish a defined andrecognized task or process. Information nonessential to thattask or process should ideally not be accessible, even though anindividual accessing that information may have some generalrig
35、ht of access to that information.5. Principles5.1 The following principles are based upon U.S. state andfederal laws, current European Economic Community initia-tives and laws and regulations resulting from those initiatives,and professional practice within the U.S. and European health-care domains.
36、5.2 Individuals, groups, and organizations retain rights overthe specific, intermediate, and ultimate use of any data col-lected from them and about whom the data is retained andmanaged.5.3 No individual, group, or organizational data shall becollected, used, maintained, released, or disclosed witho
37、ut thespecific explicit informed consent of the individual, group, ororganization, unless specifically required for the protection ofpublic health, and mandated by local, state, regional, or federallaw.E 1986 98 (2005)25.4 Individual, group, or organizational data may only beused for the purpose for
38、 which it was collected. Explicitinformed consent of the individual, group, or organization fromwhich the data was collected is required if the data is to be usedfor any additional purpose. Organizational policies shall statethe purposes for which data will be collected, maintained, andused.5.5 All
39、individuals, groups, organizations, data-users, data-managers, and public and private firms, companies, agencies,departments, bureaus, service-providers, and similar entitiesthat collect individual, group and healthcare related data, arerequired to collect, manage, maintain, disclose, provide access
40、to, or release that data only in strict compliance with the dataaccess rules defined in this guide. If they are unable to adhereto this guide they will not retain data beyond its initialcollection and use, or will securely and confidentially entrustthat data to an authorized organization that can ab
41、ide by therules under this guide.5.6 Data and data elements under this guide are defined at adiscrete level. This is necessary in order to define data accessand use rights down to discrete elemental data. This guide isestablished under the assumption that there is no such thing as“dis-identified dat
42、a” in that as long as data exist as discreteelemental data they are ultimately identifiable with an indi-vidual. For example a diagnosis or a patient weight is notdis-identified within a population just because it does not havea name or other outward identifying information attached orlinked to it.
43、The average weight within a population or theincidence of a given disease, both calculated or derived from apopulation aggregate, may be dis-identified from an individualwithin a population, but might still predispose the population toidentification or prejudice. For example an “abnormal” averagewei
44、ght might increase the health risk to a population, thereforeproviding valuable preventative and epidemiological data, butif that data is assumed to be dis-identified and generallyavailable for review, then it might allow population-basedprejudicial pricing for healthcare services or insurance. Dise
45、aseincidence can also be used to target populations at health risk,but if considered dis-identified and generally available forreview, disease incidence can also be used to identify popula-tions as to race, religion, ethnicity, genetics, sexual prefer-ences, and other prejudicial indicators. The pro
46、tection ofindividual, group, and organizational data confidentiality underthis guide is, therefore, absolute and is always based upon theconnection of that data to the individual, group, or organizationfrom which the data was collected and for or about whom thedata is retained and managed. No data i
47、s releasable as discretedata or discrete data-types under any assumption that sinceanother related data element (for example, name, age, sex,address, etc.) was not released, that the data is no longerindividual, group, or organizational data, or can no longer beidentified or connected to any individ
48、ual, group, or organiza-tion.5.7 All access shall be explicitly authorized. Unauthorizedaccess is explicitly forbidden.6. Data Elements6.1 Data elements under this guide represent fragmentation(separation) of data into discrete entities. These entities (dataelements) represent discrete elemental dat
49、a types that can bereconstructed into complete data sets according to varyingneeds and requirements of access and use, by appropriatedata-users, under appropriately defined and authorized roles.Data elements exist as discrete data in their own right or can beaggregated as data sets that represent data about a specificindividual, provider, group, or organization, or they can beaggregated across individuals, providers, groups, or organiza-tions.6.2 Data elements and data entities under this guide areexplicitly delineated and apply to healthcare related data ina