Content library
Management of data sets
Process for managing unique patient identifiers
Management of data sets
Management of data sets

Process for managing unique patient identifiers

Start free trial

Task description

Process for managing unique patient identifiers

The organization should establish a clear process to ensure every care recipient is uniquely identified within its systems. This process should include a method for regularly detecting and merging duplicate records to maintain the integrity and accuracy of patient information.

The organization should define and enforce a consistent data collection process across all departments and systems, mandating a specific set of demographic identifiers (e.g., full legal name, date of birth, national identifier). A formal, documented process should be created for authorized staff to review potential duplicates, validate patient identities, and safely merge the records into a single, comprehensive file.

A centralized database technology should be deployed to serve as the authoritative source for patient identity, linking all of a patient's records from different systems. The organization should proactively run system-wide checks and analyses to identify potential duplicates, fragmented records, and other identity-related data errors for remediation.

Requirements connected to the task

No items found.

Other tasks from the same security theme

Task name
Priority
Policy
Other requirements
Rules ensuring secure network data transfer
Critical
High
Normal
Low
Management of data sets
7
requirements

Examples of other requirements this task affects

5.1.2: Information transfer
TISAX
PR.AA-04: Identity assertions
NIST 2.0
PR.DS-02: Data-in-transit is protected
NIST 2.0
Article 35: Data, system and network security
DORA simplified RMF
See all related requirements and other information from tasks own page.
Go to >
Rules ensuring secure network data transfer
Personnel guidelines for file usage and local data
Critical
High
Normal
Low
Management of data sets
15
requirements

Examples of other requirements this task affects

7.2.2: Information security awareness, education and training
ISO 27001
11.2.9: Clear desk and clear screen policy
ISO 27001
6.6.4: Fyysisten tilojen, laitteiden ja tulosteiden turvallisuus
Omavalvontasuunnitelma
FYY-04: Tiedon säilytys
Julkri
5.10: Acceptable use of information and other associated assets
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Personnel guidelines for file usage and local data
Documentation of data sets for data stores
Critical
High
Normal
Low
Management of data sets
72
requirements

Examples of other requirements this task affects

5. Principles relating to processing of personal data
GDPR
6. Lawfulness of processing
GDPR
8.1.1: Inventory of assets
ISO 27001
18.1.3: Protection of records
ISO 27001
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
See all related requirements and other information from tasks own page.
Go to >
Documentation of data sets for data stores
Process for managing unique patient identifiers
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Process for managing unique patient identifiers
Implementation of emergency ePHI access
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Implementation of emergency ePHI access
Patient identification on system outputs
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Patient identification on system outputs
Information to market surveillance authorities
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 23: Identification of economic operators
CRA
See all related requirements and other information from tasks own page.
Go to >
Information to market surveillance authorities
Keeping documentation available after release
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 13.18: Information and instructions
CRA
See all related requirements and other information from tasks own page.
Go to >
Keeping documentation available after release
Voluntary vulnerability notifications
Critical
High
Normal
Low
Management of data sets
4
requirements

Examples of other requirements this task affects

Article 15.1: Vulnerability reporting
CRA
See all related requirements and other information from tasks own page.
Go to >
Voluntary vulnerability notifications
Organizing long-term records retrieval
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Organizing long-term records retrieval
Auditing the information and documentation management process
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Auditing the information and documentation management process
Clear desk and monitors policy
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Clear desk and monitors policy
Information Protection and Secure Data Exchange
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Information Protection and Secure Data Exchange
Use of correct and valid medical code sets
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Use of correct and valid medical code sets
Limited data set usage and agreements
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Limited data set usage and agreements
Documentation maintenance and six-year retention rule (HIPAA)
Critical
High
Normal
Low
Management of data sets
4
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Documentation maintenance and six-year retention rule (HIPAA)
Use of standard transactions
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Use of standard transactions
Rules for the use of nonmedical standard code sets
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Rules for the use of nonmedical standard code sets
Safe destruction of data
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

Article 35: Data, system and network security
DORA simplified RMF
Article 13.1(.2.m): Removing data
CRA
See all related requirements and other information from tasks own page.
Go to >
Safe destruction of data
Process for secure information return or removal upon service termination
Critical
High
Normal
Low
Management of data sets
4
requirements

Examples of other requirements this task affects

5.3.3: Secure removal of IT assets from services
TISAX
GV.SC-10: Post-partnership activities in cybersecurity supply chain risk management plans
NIST 2.0
See all related requirements and other information from tasks own page.
Go to >
Process for secure information return or removal upon service termination
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen tuhoaminen osana laitteiden elinkaaren hallintaa
System to check trade report data
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

Article 10: Detection
DORA
See all related requirements and other information from tasks own page.
Go to >
System to check trade report data
Destruction of non-digital information (CL IV–CL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

F-08.4: DISPOSAL OF INFORMATION IN NON-ELECTRONIC FORMAT
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Destruction of non-digital information (CL IV–CL II)
Designation of data set owners
Critical
High
Normal
Low
Management of data sets
13
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
8.1.2: Ownership of assets
ISO 27001
18.1.3: Protection of records
ISO 27001
13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
TiHL
15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
See all related requirements and other information from tasks own page.
Go to >
Designation of data set owners
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST IV)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST III)
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I19: Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävää tietoa sisältävien tietoaineistojen hävittäminen (ST II)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST IV)
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

I21: Fyysinen turvallisuus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Salassa pidettävien tietojen käsittely fyysisesti suojattujen alueiden sisällä (ST III-II)
Documentation of assets inventories outside the ISMS
Critical
High
Normal
Low
Management of data sets
43
requirements

Examples of other requirements this task affects

8.1.1: Inventory of assets
ISO 27001
ID.AM-1: Physical device inventory
NIST
ID.AM-2: Software and app inventory
NIST
HAL-04: Suojattavat kohteet
Julkri
HAL-04.1: Suojattavat kohteet - vastuut
Julkri
See all related requirements and other information from tasks own page.
Go to >
Documentation of assets inventories outside the ISMS
Secure transfer of confidential data outside the organization
Critical
High
Normal
Low
Management of data sets
8
requirements

Examples of other requirements this task affects

A.11.6: Encryption of PII transmitted over public data-transmission networks
ISO 27018
TEK-16: Tiedon salaaminen
Julkri
PR.DS-2: Data-in-transit is protected.
CyberFundamentals
2.7.4: Use encryption when transferring confidential information or when trust in the information channel is low
NSM ICT-SP
14.4: Train Workforce on Data Handling Best Practices
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Secure transfer of confidential data outside the organization
Approval of data transfers outside the organization
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Approval of data transfers outside the organization
Limiting hard copy creation of material displaying personal data
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Limiting hard copy creation of material displaying personal data
Archiving and destruction processes for data sets
Critical
High
Normal
Low
Management of data sets
14
requirements

Examples of other requirements this task affects

PR.IP-6: Data destruction
NIST
A.7.4.5: PII de-identification and deletion at the end of processing
ISO 27701
A.7.4.8: Disposal
ISO 27701
8.10: Information deletion
ISO 27001
C1.2: Disposal of confidental information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Archiving and destruction processes for data sets
Tietojen tuhoaminen pilvipalveluissa
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.2: Sähköisessä muodossa olevien tietojen tuhoaminen - pilvipalveluissa olevan tiedon tuhoaminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Tietojen tuhoaminen pilvipalveluissa
Identification of actors in the information processing environment (CL IV)
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

TEK-08.4: Tietojenkäsittely-ympäristön toimijoiden tunnistaminen - TL IV
Julkri
I-07: DEFENCE-IN-DEPTH - IDENTIFICATION OF ACTORS OF THE INFORMATION PROCESSING ENVIRONMENT WITHIN A PHYSICALLY PROTECTED SECURITY AREA
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Identification of actors in the information processing environment (CL IV)
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

TEK-21.4: Sähköisessä muodossa olevien tietojen tuhoaminen - toisen viranomaisen laatimat tiedot - TL II
Julkri
See all related requirements and other information from tasks own page.
Go to >
Toisen viranomaisen laatimien sähköisten tietojen tuhoaminen (TL II)
Measures for the storage of incoming information, information being processed and outgoing information
Critical
High
Normal
Low
Management of data sets
10
requirements

Examples of other requirements this task affects

PI1.5: Procedures for storing inputs, items in processing, and outputs in accordance with system spefications
SOC 2
3.4: Tietoturvallinen arkistointi ja tuhoaminen
TiHL tietoturvavaatimukset
5.2.4: Log management and analysis
TISAX
ID.AM-3: Organizational communication and data flows are mapped.
CyberFundamentals
3.14: Log Sensitive Data Access
CIS 18
See all related requirements and other information from tasks own page.
Go to >
Measures for the storage of incoming information, information being processed and outgoing information
Access management for personal data in files and papers
Critical
High
Normal
Low
Management of data sets
1
requirements

Examples of other requirements this task affects

9.2.5: Review of user access rights
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Access management for personal data in files and papers
Minimization of information outside data systems
Critical
High
Normal
Low
Management of data sets
8
requirements

Examples of other requirements this task affects

32. Security of processing
GDPR
8.1.3: Acceptable use of assets
ISO 27001
8.3.1: Management of removable media
ISO 27001
9.4.4: Use of privileged utility programs
ISO 27001
A.11.2: Restriction of the creation of hardcopy material
ISO 27018
See all related requirements and other information from tasks own page.
Go to >
Minimization of information outside data systems
Using data loss prevention policies
Critical
High
Normal
Low
Management of data sets
16
requirements

Examples of other requirements this task affects

18.1.2: Intellectual property rights
ISO 27001
18.1.3: Protection of records
ISO 27001
5.33: Protection of records
ISO 27001
8.12: Data leakage prevention
ISO 27001
C1.1: Identification and maintainment of confidental information
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Using data loss prevention policies
IRM protection of files
Critical
High
Normal
Low
Management of data sets
0
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
IRM protection of files
Preventing downloads of confidential information on unsupported devices
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

6.2.1: Mobile device policy
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Preventing downloads of confidential information on unsupported devices
Blocking downloads of confidential information on external networks
Critical
High
Normal
Low
Management of data sets
2
requirements

Examples of other requirements this task affects

13.1.1: Network controls
ISO 27001
13.2.1: Information transfer policies and procedures
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Blocking downloads of confidential information on external networks
Documentation of personal data outside data systems
Critical
High
Normal
Low
Management of data sets
17
requirements

Examples of other requirements this task affects

5. Principles relating to processing of personal data
GDPR
8.1.1: Inventory of assets
ISO 27001
5.9: Inventory of information and other associated assets
ISO 27001
63: Rakenteettoman tiedon tunnistaminen ja hallinta
Digiturvan kokonaiskuvapalvelu
CC6.1a: Identification and listing of assets
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Documentation of personal data outside data systems
Tietoaineistojen turvalliset säilytystilat
Critical
High
Normal
Low
Management of data sets
3
requirements

Examples of other requirements this task affects

15 §: Tietoaineistojen turvallisuuden varmistaminen
TiHL
3.1: Tietoaineistojen tietoturvallisuus
TiHL tietoturvavaatimukset
3.2: Toimitilaturvallisuus
TiHL tietoturvavaatimukset
See all related requirements and other information from tasks own page.
Go to >
Tietoaineistojen turvalliset säilytystilat

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security
No items found.