ISO/DTS 6268-3

Health informatics — Cybersecurity framework for telehealth environments — Part 3: Cybersecurity controls of telehealth

Scope

This document is the third part of the ISO TS 6268 series and provides telehealth cybersecurity requirements of the overall security framework for systems and services applied to telehealth. Cybersecurity requirements for secure telehealth services are categorized into organizational, people, physical and technological requirements based on ISO 27799, including cybersecurity objectives, description, and guidance.
Telehealth services are often operated as part of the entire healthcare service of a HDO, and in this case, cybersecurity requirements applied to the entire HDO should inherit. Even in the case of telehealth centers, cybersecurity requirements of general HDOs should be tailored based on ISO 27799 first, and then the additional specialized controls for telehealth services should be considered. For this reason, the cybersecurity requirements of telehealth services focus only on telehealth service considerations as the operational viewpoint to ensure safe and secure telehealth services.
This document specifically addresses cybersecurity requirements uniquely applicable to telehealth, while general elements applicable to HDOs can be referenced from ISO 27799.