TECHNICAL ISO/TR REPORT 18638 First edition 2017-06 Health informatics Guidance on health information privacy education in healthcare organizations Informatigue de santé-Composantes éducatives destinées a garantir la confidentialité des informations relatives a la sante Reference number ISO/TR 18638:2017(E) International Organization for Standardization @ IS0 2017 =ZHEJIANG INST OF STANDARDIZATION C1 5956617 vided by IHS underI Not for Resale, 2017/8/21 02:13:51 ted without license from IHS IS0/TR 18638:2017(E) COPYRIGHTPROTECTEDDOCUMENT IS0 2017, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org Internatinair PrganizationforStandardization ensee-ZHEJIANG INSTOF STANDARDIzARoISQa7 - All rights reserved Not for Resale, 2017/8/21 02:13:51 etworking permitted without license from IHS IS0/TR 18638:2017(E) Contents Page Foreword ..iv Introduction. ..V 1 Scope. .1 2 Normative references 3 Terms and definitions ..1 4 Abbreviations. .7 5 Understanding information privacy in healthcare .7 5.1 General concept .7 5.2 Information privacy in healthcare .8 5.2.1 Personal health information and privacy .8 5.2.2 Patient's rights on personal health information privacy 5.3 Privacy concerns .9 5.4 Organization's privacy protection program .9 5.4.1 Policies and practices to protect health information .9 5.4.2 Roles of workforce in protecting information privacy .10 5.4.3 Workforce education in protecting health information privacy .11 5.4.4 Patient's education in protecting information privacy ..11 6 Information privacy education in healthcare ..11 6.1 General concepts .11 6.2 Target audience of the privacy education ..12 6.3 Competencies, educational objectives and content .12 7 Examples of content modules .16 7.1 General .16 7.2 Introduction to information privacy, confidentiality and security in healthcare ..16 7.3 International guidelines and principles for information privacy protection ..16 7.4 National legislation, regulation and policies for information privacy protection ..16 7.5 Patient's rights on personal health information .17 7.6 Administrative policies for privacy protection .17 7.7 Technical and physical safeguards for protecting healthcare information privacy ..18 8 Instructional methods, delivery mechanisms and evaluation. .19 8.1 Instructors 19 8.2 Instructional methods and delivery mechanisms .19 8.3 Delivering training. .19 8.3.1 Orientation and on-boarding training. 19 8.3.2 Continuing education. .20 8.3.3 Education of patients. 20 8.4 Evaluation methods. 20 Annex A (informative) Iso/Tc215 Health informatics: List of standards on privacy protection....21 Annex B (informative) Setting learning objectives (example) (Source: TriageTraining Group, HIPAA training playbook) .22 Annex C (informative) Level of Learning Objectives by Audience (Provided by South Korea) .24 Annex D (informative) Educational methods (examples) .26 Annex E (informative) Questions for quiz for privacy education (example) (Provided by South Korea) ..27 Bibliography ..32 iii ZHEJIANG INST OF STANDARDIZATION C1 5956617 I without license from IHS