iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST-TP CR 14302:2003

(Main)

Health informatics - Framework for security requirements for intermittently connected devices

Health informatics - Framework for security requirements for intermittently connected devices

This CEN Report is aimed at providing a basis for a planned European Standard on the same subject, work item Security Requirements for Intermittently Connected Devices. The reason for processing this document as a formal CEN Report is that it has been requested as immediate guidance to the current work of CEN TC224/WG12 in its preparation of standards specifying the mechanisms for implementing security requirements in systems using machine readable cards in health care. The scope of this report is also to serve as guidance, without being normative, to the many large projects using cards in health care for both patients, professionals and other persons working in the health care sector, presently under development in Europe.
This report defines a framework of security requirements in systems with intermittently connected devices and discusses requirements for the following security services for ICD-systems:
Data Integrity protection
Data Origin and Entity Authentication
Access Control
Confidentiality protection
The report defines security requirements on the ICD-interchange interface between an application system and an ICD-System.  However, the overall security requirements can only be met if certain requirements on the devices themselves are also followed.
Requirements for establishment of secure sessions with various types of ICDs as well as object related security services are defined.
The report particularly defines how access to different types of data on intermittently connected devices could be restricted to different classes of health care persons (professionals and other types of personnel) or to the patients, especially when multinational access should be allowed. The rights to read, add, change and delete must be defined separately.
The security policies proposed should also guarantee the authenticity of identification, administrative and clinical information that may have important implications.

Zdravstvena informatika – Okvirne določbe o varnostnih zahtevah za naprave, ki niso priključene stalno

General Information

Status
Withdrawn
Publication Date
30-Sep-2003
Withdrawal Date
09-Aug-2020
ICS
35.030 - IT Security
35.240.80 - IT applications in health care technology
Technical Committee
ITC - Information technology
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
05-Aug-2020
Due Date
28-Aug-2020
Completion Date
10-Aug-2020
Ref Project
CR 14302:2002 - Health informatics - Framework for security requirements for intermittently connected devices
TP CR 14302:2003TP CR 14302:2003
PreviousNext
Technical report
TP CR 14302:2003
English language
30 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-oktober-2003
=GUDYVWYHQDLQIRUPDWLND±2NYLUQHGRORþEHRYDUQRVWQLK]DKWHYDK]DQDSUDYHNL
QLVRSULNOMXþHQHVWDOQR
Health informatics - Framework for security requirements for intermittently connected
devices
Ta slovenski standard je istoveten z: CR 14302:2002
ICS:
35.240.80 Uporabniške rešitve IT v IT applications in health care
zdravstveni tehniki technology
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN REPORT
CR 14302
RAPPORT CEN
CEN BERICHT
January 2002
ICS
English version
Health informatics - Framework for security requirements for
intermittently connected devices
This CEN Report was approved by CEN on 14 December 2001. It has been drawn up by the Technical Committee CEN/TC 251.
CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece,
Iceland, Ireland, Italy, Luxembourg, Malta, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2002 CEN All rights of exploitation in any form and by any means reserved Ref. No. CR 14302:2002 E
worldwide for CEN national Members.

CONTENTS
FOREWORD . 3
INTRODUCTION. 3
1. SCOPE . 4
2. NORMATIVE REFERENCES. 5
3. DEFINITIONS . 5
4. THE VARIETY OF SYSTEMS FOR INTERMITTENTLY CONNECTED DEVICES. 6
5. THE MAJOR ACTORS INVOLVED AND THEIR INTERESTS . 7
6. INTERACTING WITH CARDS . 8
7. ETHICAL AND LEGAL CONSIDERATIONS. 10
7.1 ETHICAL STATEMENTS .10
7.2 LEGISLATION ON HEALTH CARE DATA AND CARDS. 11
7.3 SOME BASIC PRINCIPLES FOR MEDICAL RECORDS. 12
7.4 RECOMMENDATIONS FOR CARD USE . 12
8. THE SECURITY SERVICES AND THE MEANS TO IMPLEMENT THEM. 14
8.1 CONFIDENTIALITY. 14
8.1.1 Physical card protection is not enough . 14
8.1.2 Data Object protection versus Device and Session protection. 15
8.1.3 Tamper protection of the card. 16
8.1.4 Access Control. 17
8.1.5 Cryptographic authentication . 17
Public key cryptography. 18
8.1.6 Defining classes of health care professionals is the issue . 20
8.1.7 Access conditions and functions. 21
8.1.8 Methods for card holder verification. 22
8.2 INTEGRITY AND QUALITY OF THE DATA. 22
8.2.1 Problems of a complicated data structure. 23
8.2.2 Unalterable. 23
8.3 AVAILABILITY. 25
9. THE PATIENT CARD AND TELEMATICS . 26
9.1 PATIENT CARDS AND ENCRYPTED TRANSFER OF RECORDS. 26
9. 2 PATIENT CARDS AND REMOTE PROOF OF CONSENT. 26
10. HEALTHCARE PROFESSIONAL CARDS.27
11. ISSUES OF INTERNATIONAL FUNCTION OF SECURITY MECHANISMS. 28
11.1 TRUSTED THIRD PARTY SERVICES . 28
11.2 RESTRICTIONS ON THE USE OF ENCRYPTION. 29
GLOSSARY . 30
Foreword
This CEN Report was prepared by CEN/TC 251 Health Informatics, the secretariat of which is held
by SIS – Swedish Standards Institute.
This work is based on several years of discussions on various documents in CEN/ TC 251/ WG 7 and
WG 6 and CEN TC 224/WG 12 . In particular, the work of TC251/PT 7-009 that drafted the ENV
12018 ” Medical Informatics - Identification, Administrative, and common Clinical Data structure for
Intermittently Connected Devices used in Health Care (including machine readable cards)” should be
acknowledged. Many of the concepts explained in this report are in fact underlying the security
objects defined in that standard.
This CEN Report is also based on work carried out within the following CEC projects:
CEC - AIM Eurocards Concerted Action on Extending the use of Patient Data Cards: The Security
Report and Assessment of Health Care Professional Card.
CEC - INFOSEC '94 programme on Electronic Signature and Trusted Third Party Services: Trusted
Health Information Systems: Part 1. Requirements on Electronic Signature Services and Part 2.
Trusted Third Party Services, published by Spri, Swedish Institute for Health Services Development,
Stockholm 1995.
CEC – Health Telematics project TrustHealth 1. Deliverable 2.1 Selection of Security Services and
Interfaces.
Introduction
Intermittently connected devices such as patient cards may carry important clinical information as
well as administrative data of importance to health care delivery. The information regarding an
identifiable individual is always sensitive and with clinical data it is particularly important to provide
appropriate means to ensure the protection of confidentiality. In addition several other security
services must be ensured to protect the patient safety as well as accountability of the professionals
responsible for recording data and reading data from intermittently connected devices.
Health care person devices, particularly microprocessor cards, carried by professionals and other
persons working in the health care sector, may play an important role in the provision of security for
all health information systems for the following core functions; to provide a secure user
authentication, to provide a digital signature mechanism and as a means to carry cryptographic keys
for confidentiality protection of stored and communicated health care information. The authentication
function may serve as a key to protected data on a Patient data card.
1. Scope
This CEN Report is aimed at providing a basis for a planned European Standard on the same subject,
work item Security Requirements for Intermittently Connected Devices. The reason for processing
this document as a formal CEN Report is that it has been requested as immediate guidance to the
current work of CEN TC224/WG12 in its preparation of standards specifying the mechanisms for
implementing security requirements in systems using machine readable cards in health care. The
scope of this report is also to serve as guidance, without being normative, to the many large projects
using cards in health care for both patients, professionals and other persons working in the health care
sector, presently under development in Europe.
This report defines a framework of security requirements in systems with intermittently connected
devices and discusses requirements for the following security services for ICD-systems:
Data Integrity protection
Data Origin and Entity Authentication
Access Control
Confidentiality protection
The report defines security requirements on the ICD-interchange interface between an application
system and an ICD-System. However, the overall security requirements can only be met if certain
requirements on the devices themselves are also followed.
Requirements for establishment of secure sessions with various types of ICDs as well as object related
security services are defined.
The report particularly defines how access to different types of data on intermittently connected
devices could be restricted to different classes of health care persons (professionals and other types of
personnel) or to the patients, especially when multinational access should be allowed. The rights to
read, add, change and delete must be defined separately.
The security policies proposed should also guarantee the authenticity of identification, administrative
and clinical information that may have important implications.
This report gives detailed security requirements for active devices such as microprocessor cards,
which are the only possibilities to implement some of the proposed services. The report also gives
important advice for passive devices such as magnetic stripe card systems or floppy disks. The major
focus is on systems for handling sensitive medical information on devices (mainly cards) held by
patients. However, some requirements on ICDs to be used by health care persons (professionals and
others) are also given. Detailed protocols for interaction between such devices and general medical
information systems for the purpose of secure user identification will be developed within a separate
work item.
2. Normative references
This CEN report incorporates by dated or undated reference, provisions from other publications.
These normative references are cited at the appropriate places in the text and the publications are
listed hereafter. For dated references, subsequent amendments to or revisions of any one of these
publications apply to this standard only when incorporated in it by amendment or revision. For
undated references the latest edition of the publication applies.
ISO 7498-2:1989 Information processing systems - Open systems interconnection Basic
reference model - Part 2: Security architecture.
ISO/IEC 9594-8:1990 Information technology - Open Systems interconnection: The Directory - Part
8: Authentication framework.
ISO/IEC 9798-1:1991 Information technology - Security techniques - Entity authentication
mechanisms - Part 1: General model
ISO/IEC 9796: 1991 Information technology - Open systems interconnection - Digital signature
scheme giving message recovery
ENV 12388: 1996 Medical Informatics – Algorithm for Digital Signature Services
ENV 12018: 1996 Medical Informatics - Identification, Administrative, and common Clinical
Data structure for Intermittently Connected Devices used in Health Care
(including machine readable cards)
3. Definitions
This CEN Report does not introduce any new normative definitions. Please refer to the Glossary in
the end of this document for definitions of commonly used security terms.
4. The variety of systems for intermittently connected
devices
Intermittently connected devices may be used for many different applications and the security issues
will vary accordingly. Patient data cards and cards held by health care professionals and other types of
personnel have attracted particular attention in recent years. For the purpose of this report we are
pointing at some of the differences with regard to administrative and medical uses of patient data
cards. However, it is frequently impracticable to draw a sharp line between these applications. This
report is an analysis of the security issues that arise with patient data cards and possible solutions.
With a few exceptions it does not give recommendations that apply to all patient card systems. The
flexible introduction of standardised security countermeasures based on the needs of the specific
application is emphasised. The combination of medical data with non health care related applications
have been suggested but the security problems involved makes it very difficult to implement.
Aspect Administrative use Medical use
Overall obj
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO 13606-4:2019(Main)
Health informatics - Electronic health record communication - Part 4: Security (ISO 13606-4:2019)
EN ISO 13606-4:2019

This document describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in ISO 13606-1.
This document seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.
NOTE       Security requirements for EHR systems not related to the communication of EHRs are outside the scope of this document.

  • Standard
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 27799:2017(Main)
Health informatics - Information security management in health using ISO/IEC 27002 (ISO 27799:2016)
EN ISO 27799:2016

ISO 27799:2016 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).
It defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that International Standard.
ISO 27799:2016 provides implementation guidance for the controls described in ISO/IEC 27002 and supplements them where necessary, so that they can be effectively used for managing health information security. By implementing ISO 27799:2016, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information in their care.
It applies to health information in all its aspects, whatever form the information takes (words and numbers, sound recordings, drawings, video, and medical images), whatever means are used to store it (printing or writing on paper or storage electronically), and whatever means are used to transmit it (by hand, through fax, over computer networks, or by post), as the information is always be appropriately protected.
ISO 27799:2016 and ISO/IEC 27002 taken together define what is required in terms of information security in healthcare, they do not define how these requirements are to be met. That is to say, to the fullest extent possible, ISO 27799:2016 is technology-neutral. Neutrality with respect to implementing technologies is an important feature. Security technology is still undergoing rapid development and the pace of that change is now measured in months rather than years. By contrast, while subject to periodic review, International Standards are expected on the whole to remain valid for years. Just as importantly, technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that ISO 27799:2016 describes.
As noted in the introduction, familiarity with ISO/IEC 27002 is indispensable to an understanding of ISO 27799:2016.
The following areas of information security are outside the scope of ISO 27799:2016:
a)   methodologies and statistical tests for effective anonymization of personal health information;
b)   methodologies for pseudonymization of personal health information (see Bibliography for a brief description of a Technical Specification that deals specifically with this topic);
c)   network quality of service and methods for measuring availability of networks used for health informatics;
d)   data quality (as distinct from data integrity).

  • Standard
    114 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN ISO/TS 14441:2014(Main)
Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment (ISO/TS 14441:2013)
CEN ISO/TS 14441:2013

ISO/TS 14441:2013 examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. ISO/TS 14441:2013 addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.
ISO/TS 14441:2013 includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts).

  • Technical specification
    122 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TP CEN/TR 15300:2006(Main)
Health informatics - Framework for formal modelling of healthcare security policies
CEN/TR 15300:2006

This CEN report specifies the starting point for working on some formalising tools that could be used by the healthcare actors to express, compare and validate local and/or network security policies.
Defining and validating a correct security policy encompass different activities such as expressing correctly
(i.e. without any ambiguity), formulating correctly (i.e. without any misinterpretation) and proving the correctness (i.e. without known failures or major lack) of the [to be formally modelled] security policy.
This CEN report does NOT intend at all to specify a UNIQUE or UNIVERSAL formal model that need to be used by the European healthcare community: it only indicates, as a first working step, some ways that could be followed to help that healthcare community to correctly and fruitfully manipulate the security policy concept(s) and the formal modelling techniques.
This CEN report does NOT intend to indicate an EXHAUSTIVE spectrum of all the published formal security policy models: it only gives a readable and understandable flavour of the most well-known formal models and also of the [maybe] most interesting ones from the healthcare activity and needs point of view. This CEN report is, in this very first version, divided in five parts:
o   Part #1 - Introduction to formal modelling: this clause summarises and justifies the following needs:
i.   need for policies, in general and for any context;
ii.   need for security policies, in any data processing context;
iii.   need for models (or modelling facilities) of security policies, in some generic system environments;
iv.   need for formal models (or formal modelling facilities) of security policies, in some sensitive areas;
v.   need for healthcare-oriented formal models of security policies, specialized to healthcare specificities.
o   Part #2 - Historical security policies and models: this clause explains and introduces the main objectives and concepts of the security policy modelling activity that seems to be of

  • Technical report
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 12251:2005(Main)
Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords
EN 12251:2004

This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.
This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information.
This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.

  • Standard
    13 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 14484:2004(Main)
Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy
EN 14484:2003

This item will provide guidance on the data protection policy which should be implemented by organisations which are participants in international applications which involve transfer of person identifiable data across national borders and which require compliance with the EU Data Protection Directive.

  • Standard
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO 27799:2025(Main)
Health informatics - Information security management in health using ISO/IEC 27002 (ISO/DIS 27799:2025)
prEN ISO 27799

ISO 27799:2016 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).
It defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that International Standard.
ISO 27799:2016 provides implementation guidance for the controls described in ISO/IEC 27002 and supplements them where necessary, so that they can be effectively used for managing health information security. By implementing ISO 27799:2016, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information in their care.
It applies to health information in all its aspects, whatever form the information takes (words and numbers, sound recordings, drawings, video, and medical images), whatever means are used to store it (printing or writing on paper or storage electronically), and whatever means are used to transmit it (by hand, through fax, over computer networks, or by post), as the information is always be appropriately protected.
ISO 27799:2016 and ISO/IEC 27002 taken together define what is required in terms of information security in healthcare, they do not define how these requirements are to be met. That is to say, to the fullest extent possible, ISO 27799:2016 is technology-neutral. Neutrality with respect to implementing technologies is an important feature. Security technology is still undergoing rapid development and the pace of that change is now measured in months rather than years. By contrast, while subject to periodic review, International Standards are expected on the whole to remain valid for years. Just as importantly, technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that ISO 27799:2016 describes.
As noted in the introduction, familiarity with ISO/IEC 27002 is indispensable to an understanding of ISO 27799:2016.
The following areas of information security are outside the scope of ISO 27799:2016:
a) methodologies and statistical tests for effective anonymization of personal health information;
b) methodologies for pseudonymization of personal health information (see Bibliography for a brief description of a Technical Specification that deals specifically with this topic);
c) network quality of service and methods for measuring availability of networks used for health informatics;
d) data quality (as distinct from data integrity).

  • Draft
    82 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN 13608-3:2006
Health informatics - Security for healthcare communication - Part 3: Secure data channels
prEN 13608-3
  • Draft
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN 13608-1:2006
Health informatics - Security for healthcare communication - Part 1: Concepts and terminology
prEN 13608-1
  • Draft
    85 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 81001-5-1:2022(Main)
Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle (IEC 81001-5-1:2021)
EN IEC 81001-5-1:2022

This document defines the LIFE CYCLE requirements for development and maintenance of HEALTH SOFTWARE needed to support conformance to IEC 62443-4-1[11] – taking the specific needs for HEALTH SOFTWARE into account. The set of PROCESSES, ACTIVITIES, and TASKS described in this document establishes a common framework for secure HEALTH SOFTWARE LIFE CYCLE PROCESSES. An informal overview of activities for HEALTH SOFTWARE is shown in Figure 2.
[Figure 2]
[derived from IEC 62304:2006[8], Figure 2]
Figure 2 - HEALTH SOFTWARE LIFE CYCLE PROCESSES
The purpose is to increase the CYBERSECURITY of HEALTH SOFTWARE by establishing certain ACTIVITIES and TASKS in the HEALTH SOFTWARE LIFE CYCLE PROCESSES and also by increasing the SECURITY of SOFTWARE LIFE CYCLE PROCESSES themselves.
It is important to maintain an appropriate balance of the key properties SAFETY, effectiveness and SECURITY as discussed in ISO 81001-1[17].
This document excludes specification of ACCOMPANYING DOCUMENTATION contents.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day