This article has multiple issues. Please help improve it or discuss these issues on the talk page . (Learn how and when to remove these template messages)
|
ASTM E1714 is a Standard Guide for Properties of a Universal Healthcare Identifier (UHID). This standard was create by the Association for Information and Image Management and ASTM International.
It defines thirty characteristics required of a UHID. The scope of the guide does not include implementation methodology, cost, or policy decisions. Encrypted UHIDs (EUHIDs) are included in the guide for hiding the identity of individuals while linking information. Separate EUHIDs are allowed for different episodes of care for the same patient. The guide also recommends the use of temporary patient identifiers (TPIs) controlled by individual organizations for emergency use and requires them to subsequently transfer all information to the correct UHID.
Accessible: Access is dependent upon the establishment of a network infrastructure, the trusted authority and policies and procedures that support the system.
Assignable: Assignment of the Sample UHID or EUHID, regardless of time or place of request, depends on the establishment and functions of a network infrastructure, the trusted authority, and the implementation of policies and procedures that support the system. It will also depend on the mechanism to request a Sample UHID.
Identifiable: This will depend on the identification information that the trusted authority links to the Sample UHID.
Verifiable: The Sample UHID includes a six digit check-digit for verification.
Mergeable: The internal data structure of the Sample UHID does not directly support merging duplicate or redundant identifiers. They can be linked at the trusted authority.
Splittable: There is no inherent support for splitting the Sample UHID. New IDs can be issued for future use. Splitting for retroactive information must be handled by the trusted authority.
Linkable: The Sample UHID has the ability to function as a data element and support the linkage of health records in both manual and automated environment.
Mappable: With the use of appropriate database system and software, the Sample UHID can be used to map currently existing healthcare identifiers.
Content Free: The Sample UHID is free of information about the individual.
Controllable: This depends on the policies and methods that will be adopted by the trusted authority.
Healthcare Focused: The Sample UHID is recommended solely for the purpose of healthcare application.
Secure: The Sample UHID includes an EUHID which offers mechanism for secure operation through the use of encryption and decryption processes. These capabilities depend on the policies and procedures that will be implemented by the trusted authority.
Dissidentifiable: EUHID supports multiple encryption schemes offering multiple EUHIDs to prevent revealing the identification of the individual.
Public: The EUHID's encryption scheme is intended to hide the identity of individual when linking information. However, public disclosure of a patient identifier without any risk to the privacy and confidentiality of patient information depends on appropriate access security and privacy legislation, similar to other identifiers.
Based on Industry Standards: The Sample UHID is not based on existing industry standards. It is based on ASTM's Standard Guide for Properties of a Universal Healthcare Identifier (UHID).
Deployable: The Sample UHID is capable of implementation in a variety of technologies such as scanners, bar code readers, etc.
Usable: The Sample UHID is capable of implementation in a variety of technologies such as scanners, bar code readers, etc. The 28 digit identifier will present difficulty for manual computation and transcription. It may be a time-consuming process and subject to human errors.
The ASTM guide and the proposed Sample UHID do not address the implementation issues and infrastructure requirements.
Unique: The trusted authority will be responsible for the uniqueness of the Sample UHID.
Repository-based: The Sample UHID can be stored in a repository.
Atomic: The Sample UHID consists of a sixteen digit sequential identifier, a one character delimiter, a six digit check-digit and a six digit encryption scheme. It can function as a single compound data element.
Concise: The Sample UHID is not concise. It is a 29-character length identifier.
Unambiguous: The Sample UHID is unambiguous. It uses numeric characters and a period as a delimiter.
Permanent: The Sample UHID has sufficient capacity to prevent reuse of identifiers.
Centrally governed: This policy issue is not addressed. The Sample UHID requires central administration and is dependent on the establishment and functions of a trusted authority.
Networked: The Sample UHID can be operated on a computer network. It requires establishment of the necessary network and technology infrastructure.
Longevity: The Sample UHID can support patient identification for a foreseeable future.
Retroactive: Has the capacity for retroactive assignment of the Sample UHID to every person in the United States
Universal: Can support patient identification for the entire world population [1]
Incremental Implementation: The Sample UHID can be implemented on an incremental basis. With the development and use of appropriate procedures and establishment of the necessary bidirectional mapping, both the Sample UHID and existing patient identifiers can co-exist during the time of transition.
Cost-effectiveness: The Sample UHID has the potential to support the functions of a Unique Patient Identifier. The establishment of both the administrative and technology infrastructures, the creation of a Trusted Authority, the design and development of computer software, hardware and communication networks, and the implementation security measures will require substantial investment of resources, time and effort.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.
Digital Imaging and Communications in Medicine (DICOM) is a technical standard for the digital storage and transmission of medical images and related information. It includes a file format definition, which specifies the structure of a DICOM file, as well as a network communication protocol that uses TCP/IP to communicate between systems. The primary purpose of the standard is to facilitate communication between the software and hardware entities involved in medical imaging, especially those that are created by different manufacturers. Entities that utilize DICOM files include components of picture archiving and communication systems (PACS), such as imaging machines (modalities), radiological information systems (RIS), scanners, printers, computing servers, and networking hardware.
Traceability is the capability to trace something. In some cases, it is interpreted as the ability to verify the history, location, or application of an item by means of documented recorded identification.
A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
The Health Insurance Portability and Accountability Act of 1996 is a United States Act of Congress enacted by the 104th United States Congress and signed into law by President Bill Clinton on August 21, 1996. It aimed to alter the transfer of healthcare information, stipulated the guidelines by which personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and addressed some limitations on healthcare insurance coverage. It generally prohibits healthcare providers and businesses called covered entities from disclosing protected information to anyone other than a patient and the patient's authorized representatives without their consent. The bill does not restrict patients from receiving information about themselves. Furthermore, it does not prohibit patients from voluntarily sharing their health information however they choose, nor does it require confidentiality where a patient discloses medical information to family members, friends or other individuals not employees of a covered entity.
An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.
Clinical audit is a process that has been defined as a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change
Continuity of Care Record (CCR) is a health record standard specification developed jointly by ASTM International, the Massachusetts Medical Society (MMS), the Healthcare Information and Management Systems Society (HIMSS), the American Academy of Family Physicians (AAFP), the American Academy of Pediatrics (AAP), and other health informatics vendors.
A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.
The European Institute for Health Records or EuroRec Institute is a non-profit organization founded in 2002 as part of the ProRec initiative. On 13 May 2003, the institute was established as a non-profit organization under French law. Current President of EuroRec is Prof. Dipak Kalra. The institute is involved in the promotion of high quality Electronic Health Record systems in the European Union. One of the main missions of the institute is to support, as the European authorised certification body, EHRs certification development, testing and assessment by defining functional and other criteria.
A payment card number, primary account number (PAN), or simply a card number, is the card identifier found on payment cards, such as credit cards and debit cards, as well as stored-value cards, gift cards and other similar cards. In some situations the card number is referred to as a bank card number. The card number is primarily a card identifier and may not directly identify the bank account number/s to which the card is/are linked by the issuing entity. The card number prefix identifies the issuer of the card, and the digits that follow are used by the issuing entity to identify the cardholder as a customer and which is then associated by the issuing entity with the customer's designated bank accounts. In the case of stored-value type cards, the association with a particular customer is only made if the prepaid card is reloadable. Card numbers are allocated in accordance with ISO/IEC 7812. The card number is typically embossed on the front of a payment card, and is encoded on the magnetic stripe and chip, but may also be imprinted on the back of the card.
The Continuity of Care Document (CCD) specification is an XML-based markup standard intended to specify the encoding, structure, and semantics of a patient summary clinical document for exchange.
Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.
ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.
Barcode technology in healthcare is the use of optical machine-readable representation of data in a hospital or healthcare setting.
Medical device connectivity is the establishment and maintenance of a connection through which data is transferred between a medical device, such as a patient monitor, and an information system. The term is used interchangeably with biomedical device connectivity or biomedical device integration. By eliminating the need for manual data entry, potential benefits include faster and more frequent data updates, diminished human error, and improved workflow efficiency.
Cross-domain interoperability exists when organizations or systems from different domains interact in information exchange, services, and/or goods to achieve their own or common goals. Interoperability is the method of systems working together (inter-operate). A domain in this instance is a community with its related infrastructure, bound by common purpose and interests, with consistent mutual interactions or rules of engagement that is separable from other communities by social, technical, linguistic, professional, legal or sovereignty related boundaries. The capability of cross-domain interoperability is becoming increasingly important as business and government operations become more global and interdependent. Cross-domain interoperability enables synergy, extends product utility and enables users to be more effective and successful within their own domains and the combined effort.
DNA encryption is the process of hiding or perplexing genetic information by a computational method in order to improve genetic privacy in DNA sequencing processes. The human genome is complex and long, but it is very possible to interpret important, and identifying, information from smaller variabilities, rather than reading the entire genome. A whole human genome is a string of 3.2 billion base paired nucleotides, the building blocks of life, but between individuals the genetic variation differs only by 0.5%, an important 0.5% that accounts for all of human diversity, the pathology of different diseases, and ancestral story. Emerging strategies incorporate different methods, such as randomization algorithms and cryptographic approaches, to de-identify the genetic sequence from the individual, and fundamentally, isolate only the necessary information while protecting the rest of the genome from unnecessary inquiry. The priority now is to ascertain which methods are robust, and how policy should ensure the ongoing protection of genetic privacy.
My Health Record (MHR) is the national digital health record platform for Australia, and is managed by the Australian Digital Health Agency. It was originally established as the Personally Controlled Electronic Health Record (PCEHR), a shared electronic health summary set up by the Australian government with implementation overseen by the National Electronic Health Transition Authority (NEHTA). The purpose of the MHR is to provide a secure electronic summary of people's medical history which will eventually include information such as current medications, adverse drug reactions, allergies and immunisation history in an easily accessible format. This MHR is stored in a network of connected systems with the ability to improve the sharing of information amongst health care providers to improve patient outcomes no matter where in Australia a patient presents for treatment. PCEHR was an opt-in system with a unique individual healthcare identifier (IHI) being assigned to participants and the option of masking and limiting information available for viewing controlled by the patient or a nominated representative; MHR uses an opt-out system.