Hi Gerard Freriks, Thank you for your informative response.
There is indeed an EU Directive on Privacy w.r.t processing of personal data which I found here http://www.cdt.org/privacy/eudirective/EU_Directive_.html (unofficial) and http://eur-lex.europa.eu/LexUriServ/site/en/oj/2001/l_008/l_00820010112en00010022.pdf (official). Any pointers on how this directive has been translated into privacy requirements for EHRs standards and systems within the EU? I got the CEN/tc251 EN13606 from http://www.chime.ucl.ac.uk/resources/CEN/EN13606-1/ That patient safety and privacy as well as input from openEHR and other European standards were part of its design is quite attractive! I will now take a close look at it. Thank you for these useful pointers. Regards ---- Kuda On Fri, 2008-03-14 at 20:01 +0100, Gerard Freriks wrote: > Dear colleague, > > > In Europe there is a European Directive (law) on privacy. > > > The European standard for the EHR (CEN/tc251 EN13606 and also an ISO > standard by now) has incorporated several other European and ISO > standards: > - ISO 18308: requirements for EHR architectures > - ISO 22600 Privilege Management and Access Control > - CEN EN 13606 part 4 > > > It is for these reasons that European based EHR standards are unique > because Patient Safety and Privacy are part of the design requirements > from the start. > > > For more information search the CEN and ISO standardization > organisation websites. > To few people from the USA do that. > > > Gerard Freriks > > > > On 14, Mar, 2008, at 18:52 , Kudakwashe Dube wrote: > > > Hi All, > > > > I'm just beginning a research project on > > security/privacy/confidentiality in EHRs. I will greatly appreciate > > any > > pointers to any material on this topic, especially with respect to > > openEHR. > > > > I've just noted that in the US, HIPAA is driving > > security/privacy/confidentiality implementations in existing EHR > > systems > > and it seems its is turning out to be a policy/framework-level > > security > > standard for EHRs in the US that does not prescribe implementation > > issues. I am not sure whether or not EHR standards that incorporate > > HIPAA compliance have emerged yet. > > > > In the EU region, the situation seems different in the absence of > > HIPAA-type punitive legislation for enforcing healthcare information > > security and privacy. A number of EHR standards generally > > incorporate > > security and privacy considerations. I am not sure whether there are > > any > > security and privacy compliance requirements spec standards and > > implementation (incl. openEHR) in the EU region. I will appreciate > > any > > pointer to material in this regard. > > > > Thank you in advance > > > > Regards > > ---- > > Kuda > > > > > -- <private> -- > Gerard Freriks, MD > Huigsloterdijk 378 > 2158 LR Buitenkaag > The Netherlands > > > T: +31 252544896 > M: +31 620347088 > E: gfrer at luna.nl > > > > > Those who would give up essential Liberty, to purchase a little > temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov > 1755 > > > > > > > > > > > _______________________________________________ > openEHR-technical mailing list > openEHR-technical at openehr.org > http://lists.chime.ucl.ac.uk/mailman/listinfo/openehr-technical