This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (November 2014) (Learn how and when to remove this template message) |
This article is in a list format that may be better presented using prose. (October 2012) |
This article does not cite any sources . (December 2013) (Learn how and when to remove this template message) |
ASTM E 1714 is a Standard Guide for Properties of a Universal Healthcare Identifier (UHID). This standard was create by the Association for Information and Image Management and ASTM International.
The Association for Information and Image Management or AIIM is a non-profit membership organization. AIIM provides education, market research, and certification for information professionals.
ASTM International, formerly known as American Society for Testing and Materials, is an international standards organization that develops and publishes voluntary consensus technical standards for a wide range of materials, products, systems, and services. Some 12,575 ASTM voluntary consensus standards operate globally. The organization's headquarters is in West Conshohocken, Pennsylvania, about 5 mi (8.0 km) northwest of Philadelphia.
It defines thirty characteristics required of a UHID. The scope of the guide does not include implementation methodology, cost, or policy decisions. Encrypted UHIDs (EUHIDs) are included in the guide for hiding the identity of individuals while linking information. Separate EUHIDs are allowed for different episodes of care for the same patient. The guide also recommends the use of temporary patient identifiers (TPIs) controlled by individual organizations for emergency use and requires them to subsequently transfer all information to the correct UHID.
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption does not itself prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm – a cipher – generating ciphertext that can be read only if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, considerable computational resources and skills are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients but not to unauthorized users.
Accessible: Access is dependent upon the establishment of a network infrastructure, the trusted authority and policies and procedures that support the system.
Assignable: Assignment of the Sample UHID or EUHID, regardless of time or place of request, depends on the establishment and functions of a network infrastructure, the trusted authority, and the implementation of policies and procedures that support the system. It will also depend on the mechanism to request a Sample UHID.
Identifiable: This will depend on the identification information that the trusted authority links to the Sample UHID.
Verifiable: The Sample UHID includes a six (6) digit check-digit for verification.
Mergeable: The internal data structure of the Sample UHID does not directly support merging duplicate or redundant identifiers. They can be linked at the trusted authority.
Splittable: There is no inherent support for splitting the Sample UHID. New IDs can be issued for future use. Splitting for retroactive information must be handled by the trusted authority.
Linkable: The Sample UHID has the ability to function as a data element and support the linkage of health records in both manual and automated environment.
Mappable: With the use of appropriate database system and software, the Sample UHID can be used to map currently existing healthcare identifiers.
Content Free: The Sample UHID is free of information about the individual.
Controllable: This depends on the policies and methods that will be adopted by the trusted authority.
Healthcare Focused: The Sample UHID is recommended solely for the purpose of healthcare application.
Secure: The Sample UHID includes an EUHID which offers mechanism for secure operation through the use of encryption and decryption processes. These capabilities depend on the policies and procedures that will be implemented by the trusted authority.
Dissidentifiable: EUHID supports multiple encryption schemes offering multiple EUHIDs to prevent revealing the identification of the individual.
Public: The EUHID's encryption scheme is intended to hide the identity of individual when linking information. However, public disclosure of a patient identifier without any risk to the privacy and confidentiality of patient information depends on appropriate access security and privacy legislation, similar to other identifiers.
Based on Industry Standards: The Sample UHID is not based on existing industry standards. It is based on ASTM's Standard Guide for Properties of a Universal Healthcare Identifier (UHID).
Deployable: The Sample UHID is capable of implementation in a variety of technologies such as scanners, bar code readers, etc.
Usable: The Sample UHID is capable of implementation in a variety of technologies such as scanners, bar code readers, etc. The 28 digit identifier will present difficulty for manual computation and transcription. It may be a time-consuming process and subject to human errors.
The ASTM guide and the proposed Sample UHID do not address the implementation issues and infrastructure requirements.
Unique: The trusted authority will be responsible for the uniqueness of the Sample UHID.
Repository-based: The Sample UHID can be stored in a repository.
Atomic: The Sample UHID consists of a sixteen (16) digit sequential identifier, a one (1) character delimiter, a six (6) digit check-digit and a six (6) digit encryption scheme. It can function as a single compound data element.
Concise: The Sample UHID is not concise. It is a 29-character length identifier.
Unambiguous: The Sample UHID is unambiguous. It uses numeric characters and a period as a delimiter.
Permanent: The Sample UHID has sufficient capacity to prevent reuse of identifiers.
Centrally governed: This policy issue is not addressed. The Sample UHID requires central administration and is dependent on the establishment and functions of a trusted authority.
Networked: The Sample UHID can be operated on a computer network. It requires establishment of the necessary network and technology infrastructure.
Longevity: The Sample UHID can support patient identification for a foreseeable future.
Retroactive: Has the capacity for retroactive assignment of the Sample UHID to every person in the United States
Universal: Can support patient identification for the entire world population
Incremental Implementation: The Sample UHID can be implemented on an incremental basis. With the development and use of appropriate procedures and establishment of the necessary bidirectional mapping, both the Sample UHID and existing patient identifiers can co-exist during the time of transition.
Cost-effectiveness: The Sample UHID has the potential to support the functions of a Unique Patient Identifier. The establishment of both the administrative and technology infrastructures, the creation of a Trusted Authority, the design and development of computer software, hardware and communication networks, and the implementation security measures will require substantial investment of resources, time and effort.
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.
Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.
Traceability is the capability to trace something. In some cases, it is interpreted as the ability to verify the history, location, or application of an item by means of documented recorded identification.
A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.
ISO/IEC 7812 Identification cards — Identification of issuers was first published by the International Organization for Standardization (ISO) in 1989. It is the international standard specifies "a numbering system for the identification of the card issuers, the format of the issuer identification number (IIN) and the primary account number (PAN).", and procedures for registering IINs. ISO/IEC 7812 has two parts:
ISO/IEC 6523 Information technology – Structure for the identification of organizations and organization parts is an international standard that defines a structure for uniquely identifying organizations and parts thereof in computer data interchange and specifies the registration procedure to obtain an International Code Designator (ICD) value for an identification scheme.
Clinical governance is a systematic approach to maintaining and improving the quality of patient care within the National Health Service, (NHS). Clinical governance became important in health care after the Bristol heart scandal in 1995, during which an anaesthetist, Dr Stephen Bolsin, exposed the high mortality rate for paediatric cardiac surgery at the Bristol Royal Infirmary. It was originally elaborated within the United Kingdom National Health Service (NHS), and its most widely cited formal definition describes it as:
A framework through which NHS organisations are accountable for continually improving the quality of their services and safeguarding high standards of care by creating an environment in which excellence in clinical care will flourish.
Clinical audit is a process that has been defined as "a quality improvement process that seeks to improve patient care and outcomes through systematic review of care against explicit criteria and the implementation of change".
In computing, Network Security Services (NSS) comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. Previously tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License, NSS upgraded to GPL-compatible MPL 2.0 with release 3.14.
The ISO/TC 215 is the International Organization for Standardization's (ISO) Technical Committee (TC) on health informatics. TC 215 works on the standardization of Health Information and Communications Technology (ICT), to allow for compatibility and interoperability between independent systems.
Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. By extension, ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This of course requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.
A specification often refers to a set of documented requirements to be satisfied by a material, design, product, or service. A specification is often a type of technical standard.
The Continuity of Care Document (CCD) specification is an XML-based markup standard intended to specify the encoding, structure, and semantics of a patient summary clinical document for exchange.
ISO 9564 is an international standard for personal identification number (PIN) management and security in financial services.
Barcode technology in healthcare is the use of optical machine-readable representation of data in a hospital or healthcare setting.
Medical device connectivity is the establishment and maintenance of a connection through which data is transferred between a medical device, such as a patient monitor, and an information system. The term is used interchangeably with biomedical device connectivity or biomedical device integration. By eliminating the need for manual data entry, potential benefits include faster and more frequent data updates, diminished human error, and improved workflow efficiency.
The National Electronic Health Transition Authority (NEHTA) was established in July 2005 as a collaborative enterprise by the Australian Commonwealth, State and Territory governments to identify and develop the necessary foundations for electronic health (eHealth). NEHTA aims to unlock eHealth system aspects and improve the ways in which information is electronically collected and exchanged.
Cross-domain interoperability exists when organizations or systems from different domains interact in information exchange, services, and/or goods to achieve their own or common goals. Interoperability is the method of systems working together (inter-operate). A domain in this instance is a community with its related infrastructure, bound by common purpose and interests, with consistent mutual interactions or rules of engagement that is separable from other communities by social, technical, linguistic, professional, legal or sovereignty related boundaries.
Health care analytics is a term used to describe the healthcare analysis activities that can be undertaken as a result of data collected from four areas within healthcare; claims and cost data, pharmaceutical and research and development (R&D) data, clinical data, and patient behavior and sentiment data (patient behaviors and preferences,. Health care analytics is a growing industry in the United States, expected to grow to more than $31 billion by 2022. The industry focuses on the areas of clinical analysis, financial analysis, supply chain analysis, as well as, fraud and HR analysis.