1、Designation: E1986 09An American National StandardStandard Guide forInformation Access Privileges to Health Information1This standard is issued under the fixed designation E1986; the number immediately following the designation indicates the year oforiginal adoption or, in the case of revision, the
2、year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope*1.1 This guide covers the process of granting and maintain-ing access privileges to health information. It direct
3、ly ad-dresses the maintenance of confidentiality of personal, pro-vider, and organizational data in the healthcare domain. Itaddresses a wide range of data and data elements not alltraditionally defined as healthcare data, but all elemental in theprovision of data management, data services, and admi
4、nistra-tive and clinical healthcare services. In addition, this guideaddresses specific requirements for granting access privilegesto patient-specific health information during health emergen-cies.1.2 This guide is based on long-term existing and estab-lished professional practices in the management
5、 of healthcareadministrative and clinical data. Healthcare data, and specifi-cally healthcare records (also referred to as medical records orpatient records), are generally managed under similar profes-sional practices throughout the United States, essentially re-gardless of specific variations in l
6、ocal, regional, state, andfederal laws regarding rules and requirements for data andrecord management.1.3 This guide applies to all individuals, groups, organiza-tions, data-users, data-managers, and public and private firms,companies, agencies, departments, bureaus, service-providers,and similar en
7、tities that collect individual, group, and organi-zational data related to health care.1.4 This guide applies to all collection, use, management,maintenance, disclosure, and access of all individual, group,and organizational data related to health care.1.5 This guide does not attempt to address spec
8、ific legisla-tive and regulatory issues regarding individual, group, andorganizational rights to protection of privacy.1.6 This guide covers all methods of collection and use ofdata whether paper-based, written, printed, typed, dictated,transcribed, forms-based, photocopied, scanned, facsimile,telef
9、ax, magnetic media, image, video, motion picture, stillpicture, film, microfilm, animation, 3D, audio, digital media,optical media, synthetic media, or computer-based.1.7 This guide does not directly define explicit disease-specific and evaluation/treatment-specific data control or ac-cess, or both.
10、 As defined under this guide, the confidentialprotection of elemental data elements in relation to which dataelements fall into restrictive or specifically controlled catego-ries, or both, is set by policies, professional practice, and laws,legislation and regulations.2. Referenced Documents2.1 ASTM
11、 Standards:2E1869 Guide for Confidentiality, Privacy, Access, and DataSecurity Principles for Health Information Including Elec-tronic Health RecordsE2595 Guide for Privilege Management Infrastructure3. Terminology3.1 Definitions:3.1.1 accessthe provision of an opportunity to approach,inspect, revie
12、w, retrieve, store, communicate with, or make useof health information system resources (for example, hardware,software, systems, or structure) or patient identifiable data andinformation, or both. (E1869)3.1.2 access controlthe prevention of unauthorized use ofa resource, including the prevention o
13、f use of a resource in anunauthorized manner.3.1.2.1 DiscussionAccess control counters the threat ofunauthorized access to, disclosure of, or modification of data.(ISO 7498-2)3.1.3 accountabilitythe property that ensures that theactions of an entity can be traced. (ISO 7498-2)3.1.4 audit traildata c
14、ollected and potentially used tofacilitate a security audit. (ISO 7498-2)3.1.5 authenticationthe corroboration that an entity is theone claimed. (ISO 7498-2)3.1.6 authorizethe granting to a user the right of access tospecified data and information, a program, a terminal, or aprocess. (E1869)3.1.7 au
15、thorization(1) The granting of rights, which in-cludes the granting of access based on access rights. (2) Themechanism for obtaining consent for the use and disclosure of1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommit
16、tee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved Dec. 1, 2009. Published January 2010. Originallyapproved in 1998. Last previous edition approved in 2005 as E1986 98(2005).DOI: 10.1520/E1986-09.2For referenced ASTM standards, visit the ASTM web
17、site, www.astm.org, orcontact ASTM Customer Service at serviceastm.org. For Annual Book of ASTMStandards volume information, refer to the standards Document Summary page onthe ASTM website.1*A Summary of Changes section appears at the end of this standard.Copyright ASTM International, 100 Barr Harbo
18、r Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.health information. (ISO 7498-2, CPRI, AHIMA)3.1.8 confidentialstatus accorded to data or informationindicating that it is sensitive for some reason and needs to beprotected against theft, disclosure, or improper use, or both,and
19、must be disseminated only to authorized individuals ororganizations with an approved need to know. Private infor-mation which is entrusted to another with the confidence thatunauthorized disclosure that will be prejudicial to the indi-vidual will not occur. (E1869)3.1.9 confidentialitythe property t
20、hat information is notmade available or disclosed to unauthorized individuals, enti-ties, or processes. (ISO 7498-2)3.1.10 databasea collection of data organized for rapidsearch and retrieval. (Websters, 1993)3.1.11 data elementthe combination of one or more dataentities that forms a unit or piece o
21、f information, such as thesocial security number, a diagnosis, an address, or a medica-tion.3.1.12 data entitya discrete form of data such as a numberor word.3.1.13 disclosure (health care)the release of informationto third parties within or outside the healthcare providerorganization from an indivi
22、duals record with or without theconsent of the individual to whom the record pertains.3.1.13.1 DiscussionUnder this guide the definition isslightly modified to read: the release of information to anindividual, group or organization from an individuals healthinformation with or without the authorizat
23、ion of the individualto whom the health information pertains. (CPRI)3.1.14 emergencya sudden demand for action. Conditionthat poses an immediate threat to the health of the patient.3.1.15 healthcare datadata which are input, stored, pro-cessed or output by the automated information system whichsuppo
24、rt the business functions of the healthcare establishment.These data may relate to person identifiable records or may bepart of an administrative system where persons are not identi-fied. (CEN)3.1.16 health informationany information, whether oralor recorded in any form or medium (1) that is created
25、 orreceived by a healthcare provider; a health plan; healthresearcher, public health authority, instructor, employer, schoolor university, health information service or other entity thatcreates, receives, obtains, maintains, uses, or transmits healthinformation; a health oversight agency, a health i
26、nformationservice organization, or (2) that relates to the past, present, orfuture physical or mental health or condition of an individual,the provision of health care to an individual, or the past,present, or future payments for the provision of health care toa protected individual; and (3) that id
27、entifies the individual;with respect to which there is a reasonable basis to believe thatthe information can be used to identify the individual.(HIPAA, E1869)3.1.17 informationdata to which meaning is assigned,according to context and assumed conventions.(National Security Council, 1991, E1869)3.2 D
28、efinitions of Terms Specific to This Standard:3.2.1 disclosureto release, transfer, or otherwise divulgeprotected health information to any entity other than theindividual who is the subject of such information.3.2.1.1 external disclosuredisclosure outside an organiza-tion.3.2.1.2 internal disclosur
29、edisclosure within an organiza-tion.4. Significance and Use4.1 The maintenance of confidentiality in paper-based, elec-tronic, or computer-based health information requires thatpolicies and procedures be in place to protect confidentiality.Confidentiality of information depends on structural and ex-
30、plicit mechanisms to allow persons or systems to define whohas access to what, and in what situation that access is granted.For guidelines on the development and implementation ofprivilege management infrastructures supporting these mecha-nisms, see Guide E2595.4.2 Confidential protection of data el
31、ements is a specificrequirement. The classification of data elements into restrictiveand specifically controlled categories is set by policies, profes-sional practice, and laws, legislation, and regulations.4.3 There are three explicit concepts upon which the use ofand access to health information c
32、onfidentiality are defined.Each of these concepts is an explicit and unique characteristicrelevant to confidentiality, but only through the combination(convergence) of all three concepts can appropriate access toan explicit data element at a specific point in time be provided,and unauthorized access
33、 denied. The three concepts are:4.3.1 The categorization and breakdown of data into logicaland reasonable elements or entities.4.3.2 The identification of individual roles or job functions.4.3.3 The establishment of context and conditions of datause at a specific point in time, and within a specific
34、 setting.4.4 The overriding principle in preserving the confidential-ity of information is to provide access to that information onlyunder circumstances and to individuals when there is anabsolute, established, and recognized need to access that data,and the information accessed should itself be con
35、strained onlyto that information essential to accomplish a defined andrecognized task or process. Information nonessential to thattask or process should ideally not be accessible, even though anindividual accessing that information may have some generalright of access to that information.5. Principl
36、es5.1 The following principles are based upon U.S. state andfederal laws, current European Economic Community initia-tives and laws and regulations resulting from those initiatives,and professional practice within the U.S. and European health-care domains.5.2 Individuals, groups, and organizations r
37、etain rights overthe specific, intermediate, and ultimate use of any data col-lected from them and about whom the data is retained andmanaged.5.3 No individual, group, or organizational data shall becollected, used, maintained, released, or disclosed without thespecific explicit informed consent of
38、the individual, group, orE1986 092organization, unless specifically required for the protection ofpublic health, and mandated by local, state, regional, or federallaw.5.4 Individual, group, or organizational data may only beused for the purpose for which it was collected. Explicitinformed consent of
39、 the individual, group, or organization fromwhich the data was collected is required if the data is to be usedfor any additional purpose. Organizational policies shall statethe purposes for which data will be collected, maintained, andused.5.5 All individuals, groups, organizations, data-users, data
40、-managers, and public and private firms, companies, agencies,departments, bureaus, service-providers, and similar entitiesthat collect individual, group and healthcare related data, arerequired to collect, manage, maintain, disclose, provide accessto, or release that data only in strict compliance w
41、ith the dataaccess rules defined in this guide. If they are unable to adhereto this guide they will not retain data beyond its initialcollection and use, or will securely and confidentially entrustthat data to an authorized organization that can abide by therules under this guide.5.6 Data and data e
42、lements under this guide are defined at adiscrete level. This is necessary in order to define data accessand use rights down to discrete elemental data. This guide isestablished under the assumption that there is no such thing as“dis-identified data” in that as long as data exist as discreteelementa
43、l data they are ultimately identifiable with an indi-vidual. For example a diagnosis or a patient weight is notdis-identified within a population just because it does not havea name or other outward identifying information attached orlinked to it. The average weight within a population or theinciden
44、ce of a given disease, both calculated or derived from apopulation aggregate, may be dis-identified from an individualwithin a population, but might still predispose the population toidentification or prejudice. For example an “abnormal” averageweight might increase the health risk to a population,
45、thereforeproviding valuable preventative and epidemiological data, butif that data is assumed to be dis-identified and generallyavailable for review, then it might allow population-basedprejudicial pricing for healthcare services or insurance. Diseaseincidence can also be used to target populations
46、at health risk,but if considered dis-identified and generally available forreview, disease incidence can also be used to identify popula-tions as to race, religion, ethnicity, genetics, sexual prefer-ences, and other prejudicial indicators. The protection ofindividual, group, and organizational data
47、 confidentiality underthis guide is, therefore, absolute and is always based upon theconnection of that data to the individual, group, or organizationfrom which the data was collected and for or about whom thedata is retained and managed. No data is releasable as discretedata or discrete data-types
48、under any assumption that sinceanother related data element (for example, name, age, sex,address, etc.) was not released, that the data is no longerindividual, group, or organizational data, or can no longer beidentified or connected to any individual, group, or organiza-tion.5.7 All access shall be
49、 explicitly authorized. Unauthorizedaccess is explicitly forbidden.6. Data Elements6.1 Data elements under this guide represent fragmentation(separation) of data into discrete entities. These entities (dataelements) represent discrete elemental data types that can bereconstructed into complete data sets according to varyingneeds and requirements of access and use, by appropriatedata-users, under appropriately defined and authorized roles.Data elements exist as discrete data in their own right or can beaggregated as data sets that represent data about a speci
