ASTM_E_1987_-_98.pdf

Designation:E 1987 98An American National StandardStandard Guide forIndividual Rights Regarding Health Information1This standard is issued under the fixed designation E 1987;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon(e)indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide outlines the rights of individuals,bothpatients and providers,regarding health information and rec-ommends procedures for the exercise of those rights.1.2 This guide is intended to amplify Guide E 1869.2.Referenced Documents2.1 ASTM Standards:E 1869 Guide for Confidentiality,Privacy,Access,and DataSecurity Principles for Health Information IncludingComputer-Based Patient Records23.Terminology3.1 Definitions:3.1.1 access,nthe provision of an opportunity to ap-proach,inspect,review,retrieve,store,communicate with,ormake use of health information system resources(for example,hardware,software,systems or structure)or patient identifiabledata and information,or both.E 18693.1.2 authorize,vthe granting to a user the right of accessto specified data and information,a program,a terminal or aprocess.E 18693.1.3 confidential,adjstatus accorded to data or informa-tion indicating that it is sensitive for some reason and needs tobe protected against theft,disclosure,or improper use,or both,and shall be disseminated only to authorized individual ororganizations with an approved need to know.Private infor-mation which is entrusted to another with the confidence thatunauthorized disclosure that will be prejudicial to the indi-vidual will not occur.E 18693.1.4 disclose,vas related to health care,to access,release,transfer,or otherwise divulge protected health infor-mation to an entity other than the individual who is the subjectof such informationE 18693.1.5 health information,nany information,whether oralor recorded in any form or medium(1)that is created orreceived by a healthcare provider;a health plan;healthresearcher,public health authority,instructor,employer,schoolor university,health information service or other entity thatcreates,receives,obtains,maintains uses or transmits healthinformation;a health oversight agency,a health informationservice organizations,or(2)that relates to the past,present,orfuture physical or metal health or condition of an individual,the provision of health care to an individual,or the past,presentor future payments for the provision of health care to aprotected individual;present or future payments for the provi-sion of health care to a protected individual;and(3)thatidentifies the individual;with respect to which there is areasonable basis to believe that the information can be used toidentify the individual.E 18693.1.6 information,ndata to which meaning is assigned,according to context and assumed conventions.E 18693.1.7 informational privacy,n(1)a state or condition ofcontrolled access to personal information,(2)the ability of anindividual to control the use and dissemination of informationthat relates to himself or herself,(3)the individuals ability tocontrol what information is available to various users and tolimit redisclosures of information.E 18693.1.8 privacy,nthe right of an individual to be left aloneand to be protected against physical or psychological invasionor misuse of their property.It includes freedom from instruc-tion or observation into ones private affairs the right tomaintain control over certain personal information,and thefreedom to act without outside interference.E 18693.2 Definitions of Terms Specific to This Standard:3.2.1 external disclosure,ndisclosure outside an organi-zation.3.2.2 internal disclosure,ndisclosure within an organiza-tion.4.Background4.1 The health information in patient records documents thecourse of a patients illness and treatment during each episodeof care.It serves as an important means of communicationbetween the physician,other healthcare professionals,andsubsequent caregivers.4.2 Health information primarily supports the delivery ofpatient care but is commonly used for health care payment,research,public health,management and oversight purposes.1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibility of Subcommittee E31.20 on Data andSystem Security for Health Information.Current edition approved Oct.10,1998.Published November 1998.2Annual Book of ASTM Standards,Vol 14.01.1Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959,United States.Health information may migrate from the healthcare deliverysystem to other business record systems(insurance,employ-ment,credit,etc.).In addition to health professionals,individu-ally identifiable health information is available to many othersnot directly involved in patient care.4.3 Understanding and improving the perf