ASTM E1869 - 04(2014)

    Standard Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

    Active Standard ASTM E1869 | Developed by Subcommittee: E31.25

    Book of Standards Volume: 14.01


      Format Pages Price  
    PDF 9 $43.00   ADD TO CART
    Hardcopy (shipping and handling) 9 $43.00   ADD TO CART


    Significance and Use

    4.1 Many U.S. healthcare and health information systems leaders believe that electronic health information systems that include computer-based patient records will improve health care. To achieve this goal these systems will need to protect individual privacy of patient data, provide appropriate access, and use adequate data security measures. Sound information policies and practices must be in place prior to the wide-scale deployment of health information systems. Strong enforceable privacy policies must shape the development and implementation of these systems.

    4.2 The purposes of patient records are to document the course of the patient's illness or health status during each encounter and episode of care; to furnish documentary evidence of the course of the patient's health evaluation, treatment and change in condition; to document an individual's health status; to provide data for preventive care; to document communication between the practitioner responsible for the patient's care and any other healthcare practitioner who contributes to the patient's care; to assist in protecting the legal interest of the patient, the health care facility and the responsible practitioner; to provide continuity of care; to provide data to substantiate insurance claims; to provide a basis for evaluating the adequacy and appropriateness of care; and to provide data for use in continuing education and research.

    4.3 Health information is a broad concept. It includes all information related to an individual's physical and mental health, the provision of health care generally, and payment for health care. The patient record is a major component of the health information system. The creation of electronic databases and communication protocols to transfer data between systems presents new opportunities to implement more effective systems for health information, to enhance patient care, reduce the cost of health care, and improve patient outcomes. National standards guide all that have responsibilities for records and information systems containing person identifiable health data and information.

    4.4 This guide also acknowledges the large and growing list of health information databases already in existence. These databases have been assembled to pay for services rendered (insurance), to validate the appropriate use of patient services (utilization management), to support policy (national levels), to gather data for research/tracking of specific problems (registries—such as tumor, trauma, birth defects, mental health case management), to prevent the spread of disease (required reporting of communicable diseases such as tuberculosis, gonorrhea, AIDS), and to respond to new uses which are proposed each year.

    4.5 National standards delineating principles and practices in the areas of confidentiality, privacy, access, and data security will provide a guide for policy, law, and systems development and a base for standards for electronic health information regardless of its location.

    1. Scope

    1.1 This guide covers the principles for confidentiality, privacy, access, and security of person identifiable health information. The focus of this standard is computer-based systems; however, many of the principles outlined in this guide also apply to health information and patient records that are not in an electronic format. Basic principles and ethical practices for handling confidentiality, access, and security of health information are contained in a myriad of federal and state laws, rules and regulations, and in ethical statements of professional conduct. The purpose of this guide is to synthesize and aggregate into a cohesive guide the principles that underpin the development of more specific standards for health information and to support the development of policies and procedures for electronic health record systems and health information systems.

    1.2 This guide includes principles related to:

     

    Section

    Privacy

    7

    Confidentiality

    8

    Collection, Use, and Maintenance

    9

    Ownership

    10

    Access

    11

    Disclosure/Transfer of Data

    12

    Data Security

    13

    Penalties/Sanctions

    14

    Education

    15


    1.3 This guide does not address specific technical requirements. It is intended as a base for development of more specific standards.


    2. Referenced Documents (purchase separately) The documents listed below are referenced within the subject standard but are not provided as part of the standard.

    ASTM Standards

    E1384 Practice for Content and Structure of the Electronic Health Record (EHR)

    E1714 Guide for Properties of a Universal Healthcare Identifier (UHID)

    E1762 Guide for Electronic Authentication of Health Care Information

    E1769 Guide for Properties of Electronic Health Records and Record Systems

    E1986 Guide for Information Access Privileges to Health Information

    E1987 Guide for Individual Rights Regarding Health Information

    E1988 Guide for Training of Persons who have Access to Health Information

    E2017 Guide for Amendments to Health Information

    E2147 Specification for Audit and Disclosure Logs for Use in Health Information Systems


    ICS Code

    ICS Number Code 11.020 (Medical sciences and health care facilities in general); 35.240.80 (IT applications in health care technology)

    UNSPSC Code

    UNSPSC Code


    Referencing This Standard

    DOI: 10.1520/E1869

    ASTM International is a member of CrossRef.

    Citation Format

    ASTM E1869-04(2014), Standard Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records, ASTM International, West Conshohocken, PA, 2014, www.astm.org

    Back to Top