Difference between revisions of "Template:LIMSpec/Information privacy"
From LIMSWiki
Jump to navigationJump to searchShawndouglas (talk | contribs) |
Shawndouglas (talk | contribs) m (NIST tweaks) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 8: | Line 8: | ||
! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ! style="color:brown; background-color:#ffffee; width:700px;"| Requirement | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br />[https://www.astm.org/ | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br />[https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories G17.2]<br />[https://www.astm.org/e1578-18.html ASTM E1578-18 S-5-1]<br />[https://elss.cap.org/elss/ShowProperty?nodePath=/UCMCON/Contribution%20Folders/DctmContent/education/OnlineCourseContent/2017/LAP-TLTM/misc/lam.pdf CAP Laboratory Accreditation Manual]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, PT-2 and PT-2(2)] | ||
| style="background-color:white;" |'''36.1''' The system shall comply with privacy protection compliance like that found in HIPAA provisions. | | style="background-color:white;" |'''36.1''' The system shall comply with privacy protection compliance like that found in HIPAA provisions. | ||
|- | |- | ||
| style="padding:5px; width:500px;" | | | style="padding:5px; width:500px;" | | ||
[https://www.law.cornell.edu/cfr/text/10/20.2106 10 CFR Part 20.2106 (d)]<br /> | |||
[https://www.law.cornell.edu/cfr/text/45/164.105 45 CFR Part 164.105]<br /> | [https://www.law.cornell.edu/cfr/text/45/164.105 45 CFR Part 164.105]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C 45 CFR Part 164 Subpart C]<br /> | [https://www.law.cornell.edu/cfr/text/45/part-164/subpart-C 45 CFR Part 164 Subpart C]<br /> | ||
[https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | [https://www.law.cornell.edu/cfr/text/45/170.315 45 CFR Part 170.315 (d)]<br /> | ||
[https://www.astm.org/ | [https://www.astm.org/e1578-18.html ASTM E1578-18 S-5-2]<br /> | ||
| style="background-color:white;" |'''36.2''' The system should be provisioned with enough security to prevent personally identifiable information in the system from being compromised. | [https://ichgcp.net/ ICH GCP 2.11]<br /> | ||
[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, PT-2 and PT-2(2)]<br /> | |||
[https://www.wadsworth.org/regulatory/clep/clinical-labs/laboratory-standards NYSDOH CLEP Clinical Laboratory Standards of Practice, General Systems Standards]<br /> | |||
[https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-laboratories-isl WADA International Standard for Laboratories (ISL) 5.3.8.3]<br /> | |||
[https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-protection-privacy-and-personal WADA International Standard for the Protection of Privacy and Personal Information (ISPPPI) (throughout)] | |||
| style="background-color:white;" |'''36.2''' The system should be provisioned with enough security to automatically enforce verification mechanisms that prevent personally identifiable information in the system from being compromised. | |||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514] | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/164.514 45 CFR Part 164.514]<br />[https://www.acmg.net/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards/ACMG/Medical-Genetics-Practice-Resources/Genetics_Lab_Standards.aspx ACMG Technical Standards for Clinical Genetics Laboratories C5.5]<br />[https://elss.cap.org/elss/ShowProperty?nodePath=/UCMCON/Contribution%20Folders/DctmContent/education/OnlineCourseContent/2017/LAP-TLTM/misc/lam.pdf CAP Laboratory Accreditation Manual]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SI-19]<br />[https://www.wada-ama.org/en/resources/world-anti-doping-program/international-standard-protection-privacy-and-personal WADA International Standard for the Protection of Privacy and Personal Information (ISPPPI) 10.3] | ||
| style="background-color:white;" |'''36.3''' The system shall allow authorized individuals to de-identify select data in the system, including but not limited to names, geographic locations, dates, government-issued identification numbers, telephone numbers, email addresses, full-face photos, and other personal identifiers. | | style="background-color:white;" |'''36.3''' The system shall allow authorized individuals to de-identify select data in the system, including but not limited to names, geographic locations, dates, government-issued identification numbers, telephone numbers, email addresses, full-face photos, and other personal identifiers. | ||
|- | |- | ||
| style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br /> | | style="padding:5px; width:500px;" |[https://www.law.cornell.edu/cfr/text/45/part-164/subpart-E 45 CFR Part 164 Subpart E]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, AC-6]<br />[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SI-19] | ||
[https:// | |||
| style="background-color:white;" |'''36.4''' The system shall be able to verify and ensure that users authorized to view de-identified data are also not a member of a role that permits access to information that re-identifies the data, i.e., segregate duties. | | style="background-color:white;" |'''36.4''' The system shall be able to verify and ensure that users authorized to view de-identified data are also not a member of a role that permits access to information that re-identifies the data, i.e., segregate duties. | ||
|- | |||
| style="padding:5px; width:500px;" |[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, SI-19(7)] | |||
| style="background-color:white;" |'''36.5''' The system should use validated algorithms to de-identify data in the system and be validated to use those algorithms. | |||
|- | |||
| style="padding:5px; width:500px;" |[https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final NIST 800-53, Rev. 5, PT-4 and PT-4(3)] | |||
| style="background-color:white;" |'''36.6''' The system should provide tools or mechanisms for recording the consent—and revocation of consent—of individuals who wish to allow—or disallow—their personally identifiable information to be processed, stored, and otherwise managed. | |||
|- | |- | ||
|} | |} | ||
|} | |} |
Latest revision as of 22:37, 14 March 2023
|