scope:

This Technical Specification contains principles and requirements for privacy protection using pseudonymization services for the protection of personal health information. This technical specification is applicable to organizations who wish to undertake pseudonymization processes for themselves or to organizations who make a claim of trustworthiness for operations engaged in pseudonymization services. This Technical Specification: -- defines one basic concept for pseudonymization; -- gives an overview of different use cases for pseudonymization that can be both reversible and irreversible; -- defines one basic methodology for pseudonymization services including organizational as well as technical aspects; -- gives a guide to risk assessment for re-identification; -- specifies a policy framework and minimal requirements for trustworthy practices for the operations of a pseudonymization service; -- specifies a policy framework and minimal requirements for controlled re-identification;