欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    CEN ISO TS 14441-2013 Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment《健康信息学 合格评定中使用的EHR系统安全和隐私要求》.pdf

    • 资源ID:591922       资源大小:2.26MB        全文页数:124页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    CEN ISO TS 14441-2013 Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment《健康信息学 合格评定中使用的EHR系统安全和隐私要求》.pdf

    1、BSI Standards PublicationPD CEN ISO/TS 14441:2013Health informatics Securityand privacy requirementsof EHR systems for use inconformity assessmentCopyright European Committee for Standardization Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without licen

    2、se from IHS-,-,-PD CEN ISO/TS 14441:2013 PUBLISHED DOCUMENTNational forewordThis Published Document is the UK implementation of CEN ISO/TS14441:2013.The UK participation in its preparation was entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented on this comm

    3、ittee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2013. Published by BSI StandardsLimited 2013ISBN 978 0 580 77978 7ICS 35.240.80

    4、Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 31 December 2013.Amendments issued since publicationDate Text affectedCopyright European Committee for Standardiz

    5、ation Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN ISO/TS 14441 December 2013 ICS 35.240.80 English Version Health informatics - Security and privac

    6、y requirements of EHR systems for use in conformity assessment (ISO/TS 14441:2013)Informatique de sant - Scurit et exigences dintimit des systmes de EHR pour lvaluation de la conformit (ISO/TS 14441:2013) Medizinische Informatik - Sicherheits- und Datenschutzanforderungen fr die Konformittsprfung vo

    7、n EGA-Systemen (ISO/TS 14441:2013) This Technical Specification (CEN/TS) was approved by CEN on 7 April 2013 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particul

    8、arly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting

    9、national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav

    10、 Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE

    11、NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN ISO/TS 14441:2013 ECopyright European Committee for Standardization

    12、 Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 14441:2013CEN ISO/TS 14441:2013 (E) 3 Foreword This document (CEN ISO/TS 14441:2013) has been prepared by Technical Committee ISO/TC 215 “Health informatics” in col

    13、laboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or a

    14、ll such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republ

    15、ic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Copyright European Committee for Standardization Provided b

    16、y IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E) ISO 2013 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Abbreviati

    17、ons. 95 Security and privacy requirements 95.1 General . 95.2 Theoretical foundation 95.3 Privacy and security requirements 125.4 Common Criteria 286 Best practice and guidance for establishing and maintaining conformity assessment programs .306.1 Concepts 316.2 Conformity assessment processes 33Ann

    18、ex A (informative) Conformity assessment programs Design considerations and illustrative examples from member countries as of 2010 36Annex B (informative) Comparison of jurisdictional requirements 54Bibliography . 112Copyright European Committee for Standardization Provided by IHS under license with

    19、 CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing Intern

    20、ational Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with

    21、 ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical c

    22、ommittees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.In other circumstances, p

    23、articularly when there is an urgent market requirement for such documents, a technical committee may decide to publish other types of document: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working group and is accepted for publication

    24、if it is approved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the members of the committee casting a v

    25、ote.An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a further three years, at which time it must

    26、either be transformed into an International Standard or be withdrawn.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO/TS 14441 was prepared by Tech

    27、nical Committee ISO/TC 215, Health informatics.iv ISO 2013 All rights reservedCopyright European Committee for Standardization Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)Introduc

    28、tionAs local, regional and national EHR infostructures develop, electronic patient record systems are being implemented at the many points of care where patients are seen point-of-service (POS) clinical systems. In addition to institutional settings like hospitals, where the systems in various depar

    29、tments (e.g. nursing units) are typically integrated into a single patient record, smaller single purpose systems such as electronic medical records (EMRs) are also being implemented in physician offices and other non-institutional settings such as public health where the sophistication of the syste

    30、ms and the local IT support infrastructure is much less. As countries begin to connect these POS clinical systems to EHR infostructures (or directly exchange clinical information with other POS clinical systems through system-to-system communications), the security and privacy of these systems becom

    31、es much more critical and complex than when the systems operated in a disconnected or stand-alone state. To ensure the required standards are implemented correctly into these systems, so that they will securely interact with EHR infostructures and maintain the privacy of patient information, many co

    32、untries are implementing certification and conformance testing programs to provide objective evidence of conformity with these requirements.This Technical Specification identifies the security and privacy requirements, harvested from the above mentioned standards and international experiences, which

    33、 should be in place for conformance testing for interoperable POS clinical (electronic patient record) systems interfacing with EHRs.The POS clinical systems profiled receive, store, process, display and communicate clinical data and administrative actions, as well as information related to system u

    34、sers (demographics, personal).The systems are always accessed by authorized and authenticated users. These users are: health professionals that input, access and use patient data, clinical procedures, and statistics; administrative users that input and read patients personal and demographics data, a

    35、dministrative and statistical information; administrators that control users power, perform backups, provide system configuration, including security ones; auditors that read audit trails; other EHR systems that input and receive data; subjects of care and their substitute decision makers, who may h

    36、ave restricted access to input and retrieve authorized data.Key assumptions that apply for compliant POS clinical systems are as follows: the Target of Evaluation (TOE) comprises commercial off the shelf (COTS), governmental, proprietary and free and open source software; authenticated users recogni

    37、ze the need for a secure IT environment; authenticated users can be trusted to comply with the organizations security policy; business security processes are implemented with due regard for what can (and cannot) be reasonably accomplished in a clinical setting; competent security administration is c

    38、arried out in relation to the systems installation and ongoing operations.This Technical Specification draws from international standards, which have been developed by ISO/TC 215 for EHRs, as well as other ISO standards such as such as ISO/IEC 27001 and the ISO/IEC 17000 series of standards develope

    39、d by the ISO Committee on conformity assessment (CASCO). This Technical Specification also reflects the experience that various countries have had to date in implementing certification and conformance testing programs in addressing privacy and security requirements in the ISO 2013 All rights reserve

    40、d vCopyright European Committee for Standardization Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)context where electronic patient record (clinical) systems at the point of care are

    41、 interoperable with regional and national EHRs.This Technical Specification includes: security and privacy requirements that should be met to ensure that information is protected as well as the main categories of attack; discussion of the theoretical foundations underpinning the requirements; guidan

    42、ce on best practice for establishing and maintaining conformity assessment programs; description of the conformity assessment process, including the key concepts and processes.Annex A provides more detailed information on conformity assessment models and processes, plus examples of conformity assess

    43、ment programs in four example countries at a point in time (2010).Annex B provides a detailed examination of the privacy and security requirements in place in five jurisdictions at the time that this Technical Specification was written. This analysis was used to derive the security and privacy requi

    44、rements in Clause 5.This Technical Specification is to be used by agencies which accredit or operate programs for certifying health software products through conformity assessment against privacy and security standards, software suppliers demonstrating their compliance with those requirements, and p

    45、urchasers of those systems who want assurance that the requirements have been met.vi ISO 2013 All rights reservedCopyright European Committee for Standardization Provided by IHS under license with CENNot for ResaleNo reproduction or networking permitted without license from IHS-,-,-PD CEN ISO/TS 144

    46、41:2013TECHNICAL SPECIFICATION ISO/TS 14441:2013(E)Health informatics Security and privacy requirements of EHR systems for use in conformity assessment1 ScopeThis Technical Specification examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. H

    47、ardware and process controls are out of the scope. This Technical Specification addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.ISO/IEC 15408 (all parts) defines “targets of ev

    48、aluation” for security evaluation of IT products. This Technical Specification includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts). The point-of-service (POS) clinical software is typically part of a larger system, for

    49、example, running on top of an operating system, so it must work in concert with other components to provide proper security and privacy. While a Protection Profile (PP) includes requirements for component security functions to support system security services, it does not specify protocols or standar


    注意事项

    本文(CEN ISO TS 14441-2013 Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment《健康信息学 合格评定中使用的EHR系统安全和隐私要求》.pdf)为本站会员(syndromehi216)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开