scope:

This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. This Technical Specification: - defines one basic concept for pseudonymization; - gives an overview of different use cases for pseudonymization that can be both reversible and irreversible; - defines one basic methodology for pseudonymization services including organizational as well as technical aspects; - gives a guide to risk assessment for re-identification; - specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service; - specifies a policy framework and minimal requirements for controlled re-identification; - specifies interfaces for the interoperability of services interfaces.