欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ASTM E1762-1995(2009) Standard Guide for Electronic Authentication of Health Care Information《医疗保健信息的电子鉴定用的标准指南》.pdf

    • 资源ID:529409       资源大小:185.58KB        全文页数:16页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ASTM E1762-1995(2009) Standard Guide for Electronic Authentication of Health Care Information《医疗保健信息的电子鉴定用的标准指南》.pdf

    1、Designation: E 1762 95 (Reapproved 2009)An American National StandardStandard Guide forElectronic Authentication of Health Care Information1This standard is issued under the fixed designation E 1762; the number immediately following the designation indicates the year oforiginal adoption or, in the c

    2、ase of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. Asuperscript epsilon () indicates an editorial change since the last revision or reapproval.1. Scope1.1 This guide covers:1.1.1 Defining a document structure for use by electronicsignature mech

    3、anisms (Section 4),1.1.2 Describing the characteristics of an electronic signa-ture process (Section 5),1.1.3 Defining minimum requirements for different elec-tronic signature mechanisms (Section 5),1.1.4 Defining signature attributes for use with electronicsignature mechanisms (Section 6),1.1.5 Des

    4、cribing acceptable electronic signature mecha-nisms and technologies (Section 7),1.1.6 Defining minimum requirements for user identifica-tion, access control, and other security requirements for elec-tronic signatures (Section 9), and1.1.7 Outlining technical details for all electronic signaturemech

    5、anisms in sufficient detail to allow interoperability be-tween systems supporting the same signature mechanism(Section 8 and Appendix X1-Appendix X4).1.2 This guide is intended to be complementary to standardsunder development in other organizations. The determinationof which documents require signa

    6、tures is out of scope, since itis a matter addressed by law, regulation, accreditation stan-dards, and an organizations policy.1.3 Organizations shall develop policies and procedures thatdefine the content of the medical record, what is a documentedevent, and what time constitutes event time. Organi

    7、zationsshould review applicable statutes and regulations, accreditationstandards, and professional practice guidelines in developingthese policies and procedures.2. Referenced Documents2.1 ISO Standards:ISO 9594-8 1993: The Directory: Authentication Frame-work (also available as ITU-S X.509)2ISO 882

    8、5-1 1993: Specification of Basic Encoding Rulesfor ASN.12ISO 7816 1993: IC Cards with Contacts2ISO 10036 1994: Contactless IC Cards22.2 ANSI Standards:ANSI X9.30 Part 3: Certificate Management for DSA,November 1994 (ballot copy)3ANSI X9.31 Part 3: Certificate Management for RSA, July1994 (draft)3ANS

    9、I X9.31 Part 1: RSA Signature Algorithm, July 1994(ballot copy) (technically aligned with ISO/IEC 9796)3ANSI X9.30 Part 1: Digital Signature Algorithm, July 1994(ballot copy) (technically aligned with NIST FIPS PUB186)3ANSI X9F1, ANSI X9.45: Enhanced Management ControlsUsing Attribute Certificates,

    10、September 1994 (draft)32.3 Other Standards:FIPS PUB 112: Standards on Password Usage, May 19854FIPS PUB 181: Secure Hash Standard, 1994 (technicallyaligned with ANSI X9.301)4FIPS PUB 186: Digital Signature Standard, 1994 (techni-cally aligned with ANSI X9.301)4PKCS #1: RSA Encryption Standard (versi

    11、on 1.5), Novem-ber 19935PKCS #5: Password-Based Encryption Standard, 19945PKCS #7: Cryptographic Message Syntax Standard, 199453. Terminology3.1 Definitions:3.1.1 access controlthe prevention of unauthorized use ofa resource, including the prevention of use of a resource in anunauthorized manner.3.1

    12、.2 accountabilitythe property that ensures that theactions of an entity may be traced uniquely to the entity.3.1.3 attributea piece of information associated with theuse of a document.1This guide is under the jurisdiction of ASTM Committee E31 on HealthcareInformatics and is the direct responsibilit

    13、y of Subcommittee E31.25 on HealthcareData Management, Security, Confidentiality, and Privacy.Current edition approved April 1, 2009. Published September 2009. Originallyapproved in 1995. Last previous edition approved in 2003 as E 176295 (2003).2Available from ISO, 1 Rue de Varembe, Case Postale 56

    14、, CH 1211, Geneve,Switzerland.3Available from American National Standards Institute (ANSI), 25 W. 43rd St.,4th Floor, New York, NY 10036, http:/www.ansi.org.4Available from National Institute of Standards and Technology (NIST), 100Bureau Dr., Stop 1070, Gaithersburg, MD 20899-1070, http:/www.nist.go

    15、v.5Available from RSA Data Security, 100 Marine Parkway, Redwood City, CA64065.1Copyright ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.3.1.4 attribute certificatea digitally signed data structurethat binds a user to a set of attributes.3.1.5

    16、 authorizationverification that an electronicallysigned transaction is acceptable according to the rules andlimits of the parties involved.3.1.6 authorization certificatean attribute certificate inwhich the attributes indicate constraints on the documents theuser may digitally sign.3.1.7 availabilit

    17、ythe property of being accessible anduseable upon demand by an authorized entity.3.1.8 computer-based patient record (CPR)the computer-based patient record is a collection of health informationconcerning one person linked by one or more identifiers. In thecontext of this guide, this term is synonymo

    18、us with electronicpatient record and electronic health record.3.1.9 computer-based patient record system (CPRS)theCPRS uses the information of the CPR and performs theapplication functions according to underlying processes and itsinteracting with related data and knowledge bases. CPRS issynonymous w

    19、ith electronic patient record systems.3.1.10 data integritythe property that data has not beenaltered or destroyed in an unauthorized manner.3.1.11 data origin authenticationcorroboration that thesource of data received is as claimed.3.1.12 digital signaturedata appended to, or a crypto-graphic tran

    20、sformation of, a data unit that allows a recipient ofthe data unit to prove the source and integrity of the data unitand protect against forgery, for example, by the recipient.3.1.13 document access timethe time(s) when the subjectdocument was accessed for reading, writing, or editing.3.1.14 documen

    21、t attributean attribute describing a char-acteristic of a document.3.1.15 document creation timethe time of the creation ofthe subject document.3.1.16 document editing timethe time(s) of the editing ofthe subject document.3.1.17 domaina group of systems that are under control ofthe same security aut

    22、hority.3.1.18 electronic documenta defined set of digital infor-mation, the minimal unit of information that may be digitallysigned.3.1.19 electronic signaturethe act of attaching a signatureby electronic means.After the electronic signature process, it isa sequence of bits associated with an electr

    23、onic document,which binds it to a particular entity.3.1.20 event timethe time of the documented event.3.1.21 one-way hash functiona function that maps stringsof bits to fixed-length strings of bits, satisfying the followingtwo properties:3.1.21.1 It is computationally infeasible to find for a giveno

    24、utput an input that maps to this output.3.1.21.2 It is computationally infeasible to find for a giveninput a second input that maps to the same output.3.1.22 private keya key in an asymmetric algorithm; thepossession of this key is restricted, usually to one entity.3.1.23 public keya key in an asymm

    25、etric algorithm that ispublicly available.3.1.24 public key certificatea digitally signed data struc-ture which binds a users identity to a public key.3.1.25 repudiationdenial by one of the entities involvedin a communication of having participated in all or part of thecommunication.3.1.26 rolethe r

    26、ole of a user when performing a signature.Examples include: physician, nurse, allied health professional,transcriptionist/recorder, and others.3.1.27 secret keya key in a symmetric algorithm; thepossession of this key is restricted, usually to two entities.3.1.28 signaturethe act of taking responsib

    27、ility for adocument. Unless explicitly indicated otherwise, an electronicsignature is meant in this guide.3.1.29 signature attributean attribute characterizing agiven users signature on a document.3.1.30 signature purposean indication of the reason anentity signs a document. This is included in the

    28、signedinformation and can be used when determining accountabilityfor various actions concerning the document. Examples in-clude: author, transcriptionist/recorder, and witness.3.1.31 signature timethe time a particular signature wasgenerated and affixed to a document.3.1.32 signature verificationthe

    29、 process by which therecipient of a document determines that the document has notbeen altered and that the signature was affixed by the claimedsigner. This will in general make use of the document, thesignature, and other information, such as cryptographic keys orbiometric templates.3.1.33 user auth

    30、enticationthe provision of assurance ofthe claimed identity of an entity.3.2 Acronyms:Acronyms:AAMT American Association for Medical TranscriptionABA American Bar AssociationAHIMA American Health Information Management AssociationAIM Advanced Informatics in MedicineASC X3 Accredited Standards Commit

    31、tee X3ASC X9 Accredited Standards Committee X9ASC X12N Accredited Standards Committee X12NCA Certification AuthorityCEN Comit Europen de Normalisation (European Standards Com-mittee)CLC Comit Europen de Normalisation Electrotechnique(CENELEC)CRL Certificate Revocation ListDSA Digital Signature Algor

    32、ithm (NIST)EWOS European Workshop for Open SystemsES Electronic SignatureFDA Food and Drug AdministrationFIPS Federal Information Processing StandardISO International Standards OrganizationITSTC International Technology Steering CommitteeJCAHO Joint Commission on Accreditation of Healthcare Organiza

    33、tionsMAC Message Athentication CodeNIST National Institute for Standards and TechnologyNTP Network Time ProtocolPCMCIA Personal Computer Memory Card Interface AssociationRSA Rivest-Shamir-Adleman (signature algorithm)SEISMED Secure Environment for Information Systems in MedicineTHIS Trusted Health I

    34、nformation SystemsTTP Trusted Third Party4. Significance and Use4.1 This guide serves three purposes:4.1.1 To serve as a guide for developers of computersoftware providing, or interacting with, electronic signatureprocesses,E 1762 95 (2009)24.1.2 To serve as a guide to healthcare providers who areim

    35、plementing electronic signature mechanisms, and4.1.3 To be a consensus standard on the design, implemen-tation, and use of electronic signatures.5. Background Information5.1 The creation of computer-based patient record systemsdepends on a consensus of electronic signature processes thatare widely a

    36、ccepted by professional, regulatory, and legalorganizations. The objective is to create guidelines for enteringinformation into a computer system with the assurance that theinformation conforms with the principles of accountability,data integrity, and non-repudiation. Although various organi-zations

    37、 have commenced work in the field of electronicsignatures, a standard for the authentication of health informa-tion is needed. Consequently, this standard is intended as anational standard for electronic signatures for health careinformation. Technological advances and increases in thelegitimate use

    38、s and demands for patient health information ledthe Institute of Medicine (IOM) to convene a committee toidentify actions and research for a computer-based patientrecord (CPR). The committees report endorsed the adoption ofthe CPR as the standard for all health care records and theestablishment of a

    39、 Computer-based Patient Record Institute(CPRI). National Information Infrastructure initiatives, theever increasing complexity of health care delivery, a growingneed for accessible, affordable, and retrievable patient data tosupport clinical practice, research, and policy developmentsupport this rec

    40、ommendation. Major issues identified by CPRIas essential to the timely development of CPRs includeauthentication of electronic signatures (as replacements forpaper signatures), as well as patient and provider confidenti-ality and electronic data security.5.2 User authentication is used to identify a

    41、n entity (personor machine) and verify the identity of the entity. Data originauthentication binds that entity and verification to a piece ofinformation. The focus of this standard is the application ofuser and data authentication to information generated as part ofthe health care process. The mecha

    42、nism providing this capa-bility is the electronic signature.5.3 Determination of which events are documented andwhich documents must be signed are defined by law, regula-tion, accreditation standards, and the originating organizationspolicy. Such policy issues are discussed in Appendix X4.5.4 Signat

    43、ures have been a part of the documentationprocess in health care and have traditionally been indicators ofaccountability. Health care providers are faced with the inevi-table transition toward computerization. For electronic healthrecord systems to be accepted, they must provide an equivalentor grea

    44、ter level of accurate data entry, accountability, andappropriate quality improvement mechanisms. In this context,a standard is needed that does not allow a party to successfullydeny authorship and reject responsibility (repudiation).5.5 The guide addresses the following requirements, whichany system

    45、 claiming to conform to this guide shall support:5.5.1 Non-repudiation,5.5.2 Integrity,5.5.3 Secure user authentication,5.5.4 Multiple signatures,5.5.5 Signature attributes,5.5.6 Countersignatures,5.5.7 Transportability,5.5.8 Interoperability,5.5.9 Independent verifiability, and5.5.10 Continuity of

    46、signature capability.5.6 Various technologies may fulfill one or more of theserequirements. Thus, a complete electronic signature systemmay require more than one of the technologies described in thisguide. Currently, there are no recognized security techniquesthat provide the security service of non

    47、-repudiation in an opennetwork environment, in the absence of trusted third parties,other than digital signature-based techniques.5.7 The electronic signature process involves authenticationof the signers identity, a signature process according to systemdesign and software instructions, binding of t

    48、he signature to thedocument, and non-alterability after the signature has beenaffixed to the document. The generation of electronic signa-tures requires the successful identification and authenticationof the signer at the time of the signature. To conform to thisguide, a system shall also meet healt

    49、h information security andauthentication standards. Computer-based patient record sys-tems may also be subject to statutes and regulations in somejurisdictions.5.8 While most electronic signature standards in the bank-ing, electronic mail, and business sectors address only digitalsignature systems, this standard acknowledges the efforts ofindustry and systems integrators to achieve authentication withother methods. Therefore, this standard will not be restricted toa single technology.6. Document Structure6.1 For any data or information for


    注意事项

    本文(ASTM E1762-1995(2009) Standard Guide for Electronic Authentication of Health Care Information《医疗保健信息的电子鉴定用的标准指南》.pdf)为本站会员(李朗)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开