欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ISO TR 11636-2009 Health Informatics - Dynamic on-demand virtual private network for health information infrastructure《健康信息 健康信息基础架构用动态需求虚拟专用网》.pdf

    • 资源ID:1257564       资源大小:3.99MB        全文页数:78页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ISO TR 11636-2009 Health Informatics - Dynamic on-demand virtual private network for health information infrastructure《健康信息 健康信息基础架构用动态需求虚拟专用网》.pdf

    1、 Reference number ISO/TR 11636:2009(E) ISO 2009TECHNICAL REPORT ISO/TR 11636 First edition 2009-12-01 Health Informatics Dynamic on-demand virtual private network for health information infrastructure Informatique de sant Rseau priv, virtuel, dymanique, sur demande pour infrastructure dinformation d

    2、e sant ISO/TR 11636:2009(E) PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing

    3、. In downloading this file, parties accept therein the responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be fou

    4、nd in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the

    5、 address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2009 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from eithe

    6、r ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO 2009 All rights reservedISO/TR 11636:2009(E) ISO

    7、 2009 All rights reserved iiiContents Page Foreword iv Introduction.v 1 Scope1 2 Terms and definitions .1 3 Abbreviated terms .3 4 Network features in the healthcare field .4 4.1 Pattern of current or expected information services in the healthcare field 4 4.2 Category of healthcare information to b

    8、e protected (information assets)5 4.3 Network requirements in the healthcare field 6 5 Concept of network construction in the healthcare field6 5.1 Overview.6 5.2 Responsibility to manage security of healthcare information exchange including personal information between independent institutions 7 5.

    9、3 Security concepts in network systems for medical institutions 8 6 Threat analysis and measures .9 7 Network construction in the healthcare field .10 7.1 Minimum guidelines for security management of healthcare information exchange including personal information between external institutions.10 7.2

    10、 Technical and operational checklists for evaluation of network security.11 7.3 Application of an on-demand VPN 11 8 Cases of security measures in a dynamic on-demand VPN for exchange of healthcare information with external institutions .12 8.1 Introduction12 8.2 Regional healthcare cooperation mode

    11、l with a healthcare portal12 8.3 Online maintenance model.13 8.4 Regional cooperation model with the lead taken by a regional core hospital14 8.5 Model for teleradiology, remote maintenance and network conferencing with the cooperation of university hospitals, research institutions and regional hosp

    12、itals .15 8.6 University hospital model centred around teleradiology, telepathology and network conferences conducted between a university hospital and regional hospitals .16 Annex A (informative) Threat analysis and measures 18 Annex B (informative) Security management of medical information exchan

    13、ge including personal data between independent institutions (see reference 6) 25 Annex C (informative) Technical and operational checklists for the guideline35 Annex D (informative) Technology used: Dynamic on-demand VPN62 Bibliography70 ISO/TR 11636:2009(E) iv ISO 2009 All rights reservedForeword I

    14、SO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical c

    15、ommittee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electr

    16、otechnical standardization. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the m

    17、ember bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote. In exceptional circumstances, when a technical committee has collected data of a different kind from that which is normally published as an International Standard

    18、 (“state of the art”, for example), it may decide by a simple majority vote of its participating members to publish a Technical Report. A Technical Report is entirely informative in nature and does not have to be reviewed until the data it provides are considered to be no longer valid or useful. Att

    19、ention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. ISO/TR 11636 was prepared by Technical Committee ISO/TC 215, Health informatics. ISO/TR 11636:2009(E) IS

    20、O 2009 All rights reserved vIntroduction Currently, healthcare information is normally transferred in the form of paper documents or electronic data through schemes such as dedicated fixed lines connecting the headquarters and branches within a company, through public networks such as an Integrated

    21、Services Digital Network (ISDN), or through a dedicated network between specific institutions, enabling a virtual network for the specified users in a dedicated service network managed by communication providers, such as an Internet Protocol virtual private network (IP-VPN). Therefore, healthcare in

    22、formation cannot be transferred easily while maintaining security in most cases, because network configurations adequate to these solutions are limited and the costs are very high. The uses of various service networks in the healthcare field include online claims for medical fees, online maintenance

    23、 of medical devices, and remote medical care, such as teleradiology, telepathology and healthcare information services for regional healthcare cooperation. To provide such services however, it is necessary for multiple medical institutions to pass healthcare information to each other. A network in w

    24、hich a single medical institution is dynamically connected to multiple medical institutions and switched to another institution is required. To make such a network available to many medical institutions at low cost, an open network such as the Internet can be used for connecting with different medic

    25、al institutions, medical device providers, and patients. We can use the following VPNs as secure channel systems in an open network: Internet Protocol Security (IPsec) with Internet key exchange (IKE), described as IPsec + IKE which runs in the network layer with authentication and exchange of encry

    26、ption keys, and Secure Sockets Layer (SSL) protocol, which runs in the session layer with encrypted communication between a Web browser on a client and SSL servers. Thus, this is adapted to web applications, but other applications, such as e-mail, File Transfer Protocol (FTP), and unique client/serv

    27、er systems, cannot be used. On the other hand, the combination of IPsec + IKE can be used with any application needed by medical institutions to provide secure channels without reconstructing any application software. In addition, SSL has an inherent risk because it provides no protection methods ag

    28、ainst well-known lower-layer attacks, session hijacking, false Address Resolution Protocol (ARP) statements, and so on. The conventional VPN using IPsec + IKE however, requires complicated configuration of network devices, and setting up the system without expertise could result in failure to protec

    29、t healthcare information. Also, it is a fixed-type VPN and can only be connected with fixed parties. Lately, telecommunication carriers and online service providers (OSPs) have been developing systems to provide services with security on network lines, including setting up network devices to safegua

    30、rd against these threats, even for a VPN connected in an open network. When a medical institution uses these types of service, most of the responsibilities related to managing the communication lines fall to these service providers (SPs). This reduces the responsibility of the medical institution in

    31、 terms of its security-related liabilities, which is well suited for organizations without many IT engineers. A dynamic on-demand VPN, which this Technical Report describes, is one type of VPN. It is not a fixed connection like 1-to-1, which is generally used in ordinary VPN services. It can easily

    32、change connection to N-to-N, and the connection parameters are provided automatically by the telecommunication carrier. This makes it suitable for healthcare network infrastructure, as medical institutes are not required to be responsible for or have expertise in setting up such networks. Also, util

    33、izing the Internet makes the dynamic on-demand VPN an inexpensive network and thus readily acceptable to medical institutions in terms of cost. This Technical Report describes the threats anticipated in a healthcare network, as well as how a dynamic on-demand VPN is actually applied in the healthcar

    34、e field. TECHNICAL REPORT ISO/TR 11636:2009(E) ISO 2009 All rights reserved 1Health Informatics Dynamic on-demand virtual private network for health information infrastructure 1 Scope This Technical Report explains the network requirements in the healthcare field, the network security of an open net

    35、work for the healthcare field, and the minimum guidelines for security management of health information exchange, including personal data, between external institutions. These requirements will assist in understanding the operation of security and evaluation of security issues in the healthcare fiel

    36、d, and the usefulness of a managed VPN, like a dynamic on-demand VPN. This Technical Report introduces examples of security measures taken in a dynamic on-demand VPN for exchange of medical information; it is not intended to specify the dynamic on-demand VPN itself. These examples provide network so

    37、lutions to potential risks in such a user environment. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 demilitarized zone DMZ area of a network in which any data exchange with areas outside is allowed 2.2 high security zone HSZ area of a netw

    38、ork in which no data is exchanged directly with areas outside, except for the purpose of certain remote maintenance 2.3 IPsec standard for cipher communication, a protocol that prevents data tampering and provides confidentiality functions for each IP packet by using an encryption technique 2.4 inte

    39、rnet VPN VPN created via the Internet NOTE By using the Internet, connections between remote networks can be managed as connections in a LAN, while maintaining confidentiality. 2.5 IP-VPN VPN created via a wide-area IP network owned by a communication carrier NOTE By using an IP-VPN, connections bet

    40、ween remote networks can be managed in the same manner as connections in a local area network (LAN). ISO/TR 11636:2009(E) 2 ISO 2009 All rights reserved2.6 local area network LAN network in which computers, printers and other equipment are connected and data are transferred within one building 2.7 O

    41、SI reference model model that divides the functions of communication equipment, such as computers, into a layer structure based on the design policy of Open Systems Interconnection (OSI) established by ISO for network structuring, in order to facilitate heterogeneous network data transfer NOTE Commu

    42、nication functions are divided into seven layers, and the standard function module for each layer is defined. 2.8 provider service service that exchanges data between a telecommunication carrier and an OSP 2.9 relay service service that establishes a connection for the sole purpose of exchanging dat

    43、a between a network-connected device within a medical institute and an outside device 2.10 remote access connection to a network or computer from outside by using lines such as telephone lines NOTE Remotely accessing a distant computer enables direct operation of the computer as though it is right i

    44、n front of the user. 2.11 social insurance medical fee payment fund organization that reviews medical fees invoiced by medical institutions and makes appropriate payments NOTE The reviews are performed by a three-party committee consisting of representatives of medical institute workers, medical ins

    45、urers (e.g., health insurance companies), and academic experts. The medical institute submits a medical bill statement (receipt) and claims a payment for the treatment from the health insurance organization. An organization such as a social insurance medical fee payment fund reviews the receipt and

    46、makes a payment to the medical institution submitting the invoice. 2.12 SSL protocol that encrypts and transfers data on the internet being able to encrypt current widely used data, such as World Wide Web (www) and File Transfer Protocol (FTP) data and securely transmit and receive privacy-related i

    47、nformation and credit card numbers 2.13 security zone SZ area of a network in which limited data exchange with areas outside is allowed 2.14 virtual private network VPN service in which a public line can be used as if it is a dedicated line NOTE It is used for connecting different bases of a company

    48、s internal network, instead of installing dedicated lines, in order to reduce cost. ISO/TR 11636:2009(E) ISO 2009 All rights reserved 32.15 wide area network WAN network in which computers in geographically different locations (e.g., at a headquarters building and multiple branches) are connected th

    49、rough telephone lines or dedicated lines to transfer data 3 Abbreviated terms For the purposes of this document, the following abbreviations apply. AES Advanced Encryption Standard AH authentication header ASP application service provider ESP Encapsulating Security Payload FTP File Transfer Protocol HEASNET HEAlthcare information Secure NETwork consortium HMAC Hash Message Authentication Code IC integrated circuit IKE Internet key exchange IPsec Internet Protocol Security IP-VPN Internet-Protocol-based virtual private network ISAKMP Internet S


    注意事项

    本文(ISO TR 11636-2009 Health Informatics - Dynamic on-demand virtual private network for health information infrastructure《健康信息 健康信息基础架构用动态需求虚拟专用网》.pdf)为本站会员(brainfellow396)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开