ISO/TS 25237:2008

Health informatics — Pseudonymization

Scope

ISO/TS 25237:2008 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. ISO/TS 25237:2008 is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services.
ISO/TS 25237:2008:

defines one basic concept for pseudonymization;
gives an overview of different use cases for pseudonymization that can be both reversible and irreversible;
defines one basic methodology for pseudonymization services including organizational as well as technical aspects;
gives a guide to risk assessment for re-identification;
specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service;
specifies a policy framework and minimal requirements for controlled re-identification;
specifies interfaces for the interoperability of services interfaces.