1. Scope

1.1 This guide covers the process of granting and maintaining access privileges to health information. It directly addresses the maintenance of confidentiality of personal, provider, and organizational data in the healthcare domain. It addresses a wide range of data and data elements not all traditionally defined as healthcare data, but all elemental in the provision of data management, data services, and administrative and clinical healthcare services. In addition, this guide addresses specific requirements for granting access privileges to patient-specific health information during health emergencies.

1.2 This guide is based on long-term existing and established professional practices in the management of healthcare administrative and clinical data. Healthcare data, and specifically healthcare records (also referred to as medical records or patient records), are generally managed under similar professional practices throughout the United States, essentially regardless of specific variations in local, regional, state, and federal laws regarding rules and requirements for data and record management.

1.3 This guide applies to all individuals, groups, organizations, data-users, data-managers, and public and private firms, companies, agencies, departments, bureaus, service-providers, and similar entities that collect individual, group, and organizational data related to health care.

1.4 This guide applies to all collection, use, management, maintenance, disclosure, and access of all individual, group, and organizational data related to health care.

1.5 This guide does not attempt to address specific legislative and regulatory issues regarding individual, group, and organizational rights to protection of privacy.

1.6 This guide covers all methods of collection and use of data whether paper-based, written, printed, typed, dictated, transcribed, forms-based, photocopied, scanned, facsimile, telefax, magnetic media, image, video, motion picture, still picture, film, microfilm, animation, 3D, audio, digital media, optical media, synthetic media, or computer-based.

1.7 This guide does not directly define explicit disease-specific and evaluation/treatment-specific data control or access, or both. As defined under this guide, the confidential protection of elemental data elements in relation to which data elements fall into restrictive or specifically controlled categories, or both, is set by policies, professional practice, and laws, legislation and regulations.

2. Referenced Documents (purchase separately) The documents listed below are referenced within the subject standard but are not provided as part of the standard.

ASTM Standards

E1869 Guide for Confidentiality, Privacy, Access, and Data Security Principles for Health Information Including Electronic Health Records

E2595 Guide for Privilege Management Infrastructure

Keywords

access; access privileges; confidentiality; health data; health information; healthcare records;

ICS Code

ICS Number Code 03.160 (Law. Administration); 11.020 (Medical sciences and health care facilities in general); 35.240.80 (IT applications in health care technology)

DOI: 10.1520/E1986-98R05

ASTM International is a member of CrossRef.