Inventory of Health Care Information Standards. ASTM

01/01/1997

The American Society for Testing and Materials (ASTM) Committee E31 on Computerized Systems established a Division on Security and Confidentiality in early 1996 to facilitate the acceleration of health care security and confidentiality standards development within the ASTM and to coordinate security standards development efforts with other SDOs. The Division on Security and Confidentiality primarily coordinates the efforts of three sub-committees:

E31:17 - Privacy, Confidentiality, and Access

E31:20 - Data and System Security for Health Information

E31.22 - Medical Transcription and Documentation.

These three sub-committees within ASTM currently have seventeen (17) standards either under ballot or in draft or outline form that are targeted for completion by spring and summer 1997.

The objective of ASTM sub-committee E31.17 - Privacy, Confidentiality, and Access, is to establish a set of guidelines and standards for the procedural, technical, and administrative management of health information. In addition, the sub-committee is charged with identifying the rights and privileges of individual users, and the subjects of, health information. This latter focus is oriented towards taking a comprehensive view of "confidentiality" as incorporating the protection, not only of the "subject" of patient-specific health information (the patient), but also of health care providers and health care organizations. It is important to note that E31.17 is not concentrating on a definition of the rights of "privacy". Privacy is the domain of legislation, and ethical and moral professional practice of health care providers. Confidentiality, involves the framework in which to protect data privacy to meet legislative and professional practice guidelines.

One of the critical issues that has come up in the work of E31.17 over the last few years is a recognition of a lack of uniform standards, not only for the management of computer based health records (electronic, automated, et. al.), but explicitly for the management of paper-based, and derivative paper-based (photocopy, FAX, computer printed) health records. E31.17 efforts, therefore, are targeted at defining uniform standards for the management of health information, regardless of the "media" used for access, display, exchange, or administration of health records. In addition, the E31.17 sub-committee is treating all health information, including financial and administrative health information, under the same standards and guidelines, so that all health information is covered by a comprehensive set of confidentiality, security, disclosure, and access guidelines, appropriate to the type of data (clinical, administrative, financial).

E31.17 security standards completed or under development are as follows:

Balloted

· Standard Guide for Confidentiality, Privacy, Access and Data Security Principles for Health Information Including Computer Based Patient Records

Draft

· Documentation of Access for Individually-Identifiable Health Information

· Standard Guide for Confidentiality and Security Training of Persons Who Have Access to Health Information

· Standard Guide for Amendments/Additions to Health Information by Health Care Providers, Administrative Personnel, and by the Subjects of Health Information

· Standard Guide to the Transfer/Disclosure of Health Information in an Emergency Treatment Event

· Standard Guide for the Use and Disclosure of Health Information

· Policy Guide for the Transfer/Re-disclosure of Health Information Between Health Plans

· Rights of the Individual in Health Information

· Standard Guide to the Use of Audit Trails, and for Access and Disclosure Logging/Tracking in the Management of Health Information

The objective of ASTM sub-committee E31.20 - Data and System Security for Health Information, is to establish a technical framework and infrastructure, outlined in a set of guidelines and standards, to specify security and confidentiality implementations that will protect the privacy of health care information. The sub-committee, through its strong representation of industry experts, is focused on using existing techniques and technologies, such as digital signatures, to build a health care security infrastructure. In addition, the sub-committees efforts are directed at providing standards for health care security and confidentiality that are based upon existing and emerging standards in other industries.

E31.20 security standards completed or under development are as follows:

Published (ANSI Approved)

· E 1762 - Standard Guide for Authentication of Healthcare Information

Ballot Pending

· Standard Specification for Authentication of Healthcare Information Using Digital Signatures

Draft

· Authentication and Authorization to Access Healthcare Information

· Internet and Intranet Security for Healthcare Information
· Secure Timestamps for Healthcare Information

· Data Security, Reliability, Integrity, and Availability for Healthcare Information

· Distributed Authentication and Authorization to Access Healthcare Information

The objective of ASTM sub-committee E31.22 - Medical Transcription and Documentation, is to establish a set of guidelines and standards for the procedural, technical, and administrative management of dictated and transcribed health information. In addition, the sub-committee is charged with identifying the rights and privileges of individual users (transcriptionists, health records personnel, and health care providers), and the subjects of, health information. This latter focus is oriented towards taking a comprehensive view of "confidentiality" as incorporating the protection, not only of the "subject" of patient-specific health information (the patient), but also of health care providers, transcriptionists, health records personnel, and health care organizations.

E31.22 security standards completed or under development are as follows:

Draft

· Security and Confidentiality of Dictated and Transcribed Health Information

American Society for Testing and Materials (ASTM) contact:

Teresa Cendrowska

ASTM

100 Bar Harbor Drive

West Conshohocken, PA 19428-2959

tcendrow@astm.org

610-832-9500 [main office number]

610-832-9718 [voice - direct]

610-832-9666 [fax]