PRICES include / exclude VAT
Homepage>BS Standards>35 INFORMATION TECHNOLOGY. OFFICE MACHINES>35.240 Applications of information technology>35.240.80 IT applications in health care technology>PD CEN ISO/TS 14441:2013 Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment
Sponsored link
immediate downloadReleased: 2014-02-28
PD CEN ISO/TS 14441:2013 Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment

PD CEN ISO/TS 14441:2013

Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment

Format
Availability
Price and currency
English Secure PDF
Immediate download
399.30 EUR
You can read the standard for 1 hour. More information in the category: E-reading
Reading the standard
for 1 hour
39.93 EUR
You can read the standard for 24 hours. More information in the category: E-reading
Reading the standard
for 24 hours
119.79 EUR
English Hardcopy
In stock
399.30 EUR
Standard number:PD CEN ISO/TS 14441:2013
Pages:124
Released:2014-02-28
ISBN:978 0 580 85785 0
Status:Standard
DESCRIPTION

PD CEN ISO/TS 14441:2013


This standard PD CEN ISO/TS 14441:2013 Health informatics. Security and privacy requirements of EHR systems for use in conformity assessment is classified in these ICS categories:
  • 35.240.80 IT applications in health care technology

This Technical Specification examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. Hardware and process controls are out of the scope. This Technical Specification addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.

ISO/IEC 15408 (all parts) defines “targets of evaluation” for security evaluation of IT products. This Technical Specification includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts). The point-of-service (POS) clinical software is typically part of a larger system, for example, running on top of an operating system, so it must work in concert with other components to provide proper security and privacy. While a Protection Profile (PP) includes requirements for component security functions to support system security services, it does not specify protocols or standards for conformity assessment, and does not address privacy requirements.

This Technical Specification focuses on two main topics:

  • Security and privacy requirements (Clause 5). Clause 5 is technical and provides a comprehensive set of 82 requirements necessary to protect (information, patients) against the main categories of risks, addressing the broad scope of security and privacy concerns for point of care, interoperable clinical (electronic patient record) systems. These requirements are suitable for conformity assessment purposes.

  • Best practice and guidance for establishing and maintaining conformity assessment programs (Clause 6). Clause 6 provides an overview of conformity assessment concepts and processes that can be used by governments, local authorities, professional associations, software developers, health informatics societies, patients’ representatives and others, to improve conformity with health software security and privacy requirements. Annex A provides complementary information useful to countries in designing conformity assessment programs such as further material on conformity assessment business models, processes and other considerations, along with illustrative examples of conformity assessment activities in four countries.

Policies that apply to a local, regional or national implementation environment, and procedural, administrative or physical (including hardware) aspects of privacy and security management are outside the scope of this Technical Specification. Security management is included in the scope of ISO 27799.