DPS
Drejtoria e Përgjithshme e Standardizimit
0 Items
My account
E-albania
Phone: +355 4 222 62 55
E-mail: info@dps.gov.al
Address: Address: "Reshit Collaku" Str., (nearby ILDKPKI, VI floor), Po.Box 98, Tiranë - Albania
Main menu

DS CR 14302:2002

Health informatics - Framework for security requirements for intermittently connected devices

Oct 28, 2010

General information

60.60     Oct 28, 2010

DPS

DPS/KT 224

CEN Report

35.240.80  

English  

Buying

Published

Language in which you want to receive the document.

Scope

This CEN Report is aimed at providing a basis for a planned European Standard on the same subject, work item Security Requirements for Intermittently Connected Devices. The reason for processing this document as a formal CEN Report is that it has been requested as immediate guidance to the current work of CEN TC224/WG12 in its preparation of standards specifying the mechanisms for implementing security requirements in systems using machine readable cards in health care. The scope of this report is also to serve as guidance, without being normative, to the many large projects using cards in health care for both patients, professionals and other persons working in the health care sector, presently under development in Europe.

This report defines a framework of security requirements in systems with intermittently connected devices and discusses requirements for the following security services for ICD-systems:

Data Integrity protection
Data Origin and Entity Authentication
Access Control
Confidentiality protection

The report defines security requirements on the ICD-interchange interface between an application system and an ICD-System. However, the overall security requirements can only be met if certain requirements on the devices themselves are also followed.

Requirements for establishment of secure sessions with various types of ICDs as well as object related security services are defined.

The report particularly defines how access to different types of data on intermittently connected devices could be restricted to different classes of health care persons (professionals and other types of personnel) or to the patients, especially when multinational access should be allowed. The rights to read, add, change and delete must be defined separately.

The security policies proposed should also guarantee the authenticity of identification, administrative and clinical information that may have important implications.

Life cycle

NOW

PUBLISHED
DS CR 14302:2002
60.60 Standard published
Oct 28, 2010

Related project

Adopted from CR 14302:2002

Preview

Only informative sections of projects are publicly available. To view the full content, you will need to members of the committee. If you are a member, please log in to your account by clicking on the "Log in" button.

Login