Blog post by John Moehrke
https://healthcaresecprivacy.blogspot.ch/2016/05/healthcare-blockchain-big-data.html?spref=tw
De-Identification, Reversible and Irreversible Pseudonymisation (NIST + IHE + ISO)
NISTIR 8053 De-Identification of Personal Information (Simson L. Garfinkel)
https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
IHE
Technical Frameworks:
http://www.ihe.net/Technical_Frameworks/#IT
Healthcare De-Identification Handbook:
https://wiki.ihe.net/index.php/Healthcare_De-Identification_Handbook
ISO 25237
ISO/TS 25237 describes the objectives of de-identification to include:
- secondary use of clinical data (e.g., research);
- clinical trials and post-marketing surveillance;
- pseudonymous care;
- patient identification systems;
- public health monitoring and assessment;
- confidential patient-safety reporting (e.g., adverse drug effects);
- comparative quality indicator reporting;
- peer review;
- consumer groups;
- medical device calibration or maintenance.
Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management – A Consolidated Proposal for Terminology (Pfitzmann/Hansen)
in German: Privacy Notice template for web sites (Prof. Hoeren)
USA: FTC: Mobile Health Apps Interactive Tool
Careful as this is US-specific.
https://www.ftc.gov/tips-advice/business-center/guidance/mobile-health-apps-interactive-tool
OWASP Application Security Verification Standard Project
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development.
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
ICO: Cookies
Enforcement actions by ICO on cookies
https://ico.org.uk/action-weve-taken/cookies/
ICO guidance on use of cookies and similar technologies
https://ico.org.uk/media/for-organisations/documents/1545/cookies_guidance.pdf