Personal health data better protected by ISO standard

Issue 35 – February 2012

A new Standard for Health informatics – Classification of purposes for processing personal health information, ISO/TS 14265:2011, will increase protection of personal health information used by clinicians and others in healthcare organisations. The Standard defines a set of high-level categories of purposes for which such personal health information can be processed.

Elaine Sawatsky and Dipak Kalra, Project leaders of the committee that developed the Standard, comment, 'This important piece of work is now available to help organisations understand how to manage the personal health information that they hold, and how to ensure that the information is used appropriately and consistently.'

Electronic health records (EHRs) are used more and more. They involve the systematic electronic collection of health information about individual patients or populations. Information may at times need to be shared with other organisations (for example, between a hospital and a general practitioner). For ethical and legal reasons, information should only be used for the purposes for which it was collected or created. Up to now there has been no standard listing of the possible kinds of purpose of use of personal health information.

ISO/TS 14265 provides a framework to classify the various specific purposes that can be defined and used by individual policy domains (for example, healthcare organisations, regional health authorities, and jurisdiction countries).

Published in health.