ISO 25237:2017, 3.42.Health informatics: Pseudonymization

ISO 25237:2017 contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This document is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. It (a) defines one basic concept for pseudonymization, (b) defines one basic methodology for pseudonymization services including organizational, as well as technical aspects, (c) specifies a policy framework and minimal requirements for controlled re-identification,(d) gives an overview of different use cases for pseudonymization that can be both reversible and irreversible,(e) gives a guide to risk assessment for re-identification, (f) provides an example of a system that uses de-identification, (g) provides informative requirements to an interoperability to pseudonymization services, and (h) specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service