ImageVerifierCode 换一换
格式:PDF , 页数:60 ,大小:1.49MB ,
资源ID:726588      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-726588.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(EN ISO 21091-2013 en Health informatics - Directory services for healthcare providers subjects of care and other entities《健康信息学 保健服务提供者 护理学科和其他实体用目录服务》.pdf)为本站会员(postpastor181)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

EN ISO 21091-2013 en Health informatics - Directory services for healthcare providers subjects of care and other entities《健康信息学 保健服务提供者 护理学科和其他实体用目录服务》.pdf

1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationBS EN ISO 21091:2013Health informatics Directory services for healthcare providers, subjects of care and other entities BS EN ISO 21091:2013 BRITISH STANDARDNational forewordThis

2、 British Standard is the UK implementation of EN ISO21091:2013.The UK participation in its preparation was entrusted to TechnicalCommittee IST/35, Health informatics.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to

3、include all the necessaryprovisions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2013. Published by BSI StandardsLimited 2013ISBN 978 0 580 65602 6ICS 35.240.80Compliance with a British Standard cannot confer immunity fromlegal obligations.This B

4、ritish Standard was published under the authority of theStandards Policy and Strategy Committee on 31 March 2013.Amendments issued since publicationDate Text affectedEUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 21091 February 2013 ICS 35.240.80 English Version Health informatics - Direct

5、ory services for healthcare providers, subjects of care and other entities (ISO 21091:2013) Informatique de sant - Services dannuaires pour les fournisseurs de soins de sant, les sujets de soins et autres entits (ISO 21091:2013) Medizinische Informatik - Verzeichnisdienste fr Anbieter, zu Behandelnd

6、e und andere Entitten im Gesundheitswesen (ISO 21091:2013) This European Standard was approved by CEN on 2 February 2013. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard witho

7、ut any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other l

8、anguage made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Den

9、mark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTE

10、E FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN ISO 21091:2013: EBS EN ISO 21091:2013EN I

11、SO 21091:2013 (E) 3 Foreword This document (EN ISO 21091:2013) has been prepared by Technical Committee ISO/TC 215 “Health informatics“ in collaboration with Technical Committee CEN/TC 251 “Health informatics” the secretariat of which is held by NEN. This European Standard shall be given the status

12、of a national standard, either by publication of an identical text or by endorsement, at the latest by August 2013, and conflicting national standards shall be withdrawn at the latest by August 2013. Attention is drawn to the possibility that some of the elements of this document may be the subject

13、of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgar

14、ia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turk

15、ey and the United Kingdom. Endorsement notice The text of ISO 21091:2013 has been approved by CEN as EN ISO 21091:2013 without any modification. BS EN ISO 21091:2013ISO 21091:2013(E) ISO 2013 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Normative references 13 Terms and

16、definitions . 14 Symbols (and abbreviated terms) 55 Healthcare context 65.1 General . 65.2 Healthcare persons . 75.3 Multiple affiliations . 75.4 Healthcare organizations . 85.5 Hardware/software 85.6 Healthcare security services . 86 Directory security management framework . 87 Interoperability . 9

17、7.1 Requirements . 97.2 Name space/tree structure 98 Healthcare schema 118.1 Healthcare persons 118.2 Organization identities . 188.3 Roles, Job Function and Group . 239 Distinguished Name .289.1 General 289.2 Relative Distinguished Name . 29Annex A (informative) Healthcare directory scenarios .32An

18、nex B (informative) Referenced object classes 40Bibliography .47BS EN ISO 21091:2013ISO 21091:2013(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally

19、carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the wo

20、rk. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical committees is to prepare Intern

21、ational Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.Attention is drawn to the possibility that some of the

22、elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO 21091 was prepared by Technical Committee ISO/TC 215, Health informatics.This first edition cancels and replaces ISO/TS 21091:2005, which has been techni

23、cally revised.iv ISO 2013 All rights reservedBS EN ISO 21091:2013ISO 21091:2013(E)IntroductionHealth informatics directory services for healthcare providers, subjects of care and other entities are intended to support the communication and security requirements of healthcare professionals in the con

24、duct of clinical and administrative functions. Healthcare requires extensive encipherment and access control requirements for the disclosure and transport of all confidential health information. In support of the healthcare public key infrastructure, healthcare will make available a registry of cert

25、ificates including business and professional information necessary to conduct healthcare transactions. This information necessarily includes identification of individual roles within the healthcare system as can only be identified by the respective healthcare organizations. As such, the registration

26、 and management functions are to be extensible, and potentially distributed throughout the healthcare community. Support for these additional healthcare requirements for security is also to be offered through the directory service.The directory is becoming an increasingly popular method of providing

27、 a means for single sign-on capabilities to support authentication. This goal has resulted in the inclusion of authentication and identity attributes to authenticate the identity of a healthcare person or entity.The directory also supports the communication of additional attributes that can be used

28、to support authorization decisions. This goal has driven directory schema extensions to include organization employee management information, healthcare-specific contact information, and healthcare identifiers. This International Standard addresses the healthcare-specific requirements of the directo

29、ry, and defines, as appropriate, standard specifications for inclusion of this information in the healthcare directory.Besides technical security measures that are discussed in other ISO standards, communication of healthcare data requires a reliable accountable “chain of trust.” In order to maintai

30、n this chain of trust within a public key infrastructure, users (relying parties) need to be able to obtain current correct certificates and certificate status information through secure directory management.The healthcare directory will support standard lightweight directory access protocol (LDAP)

31、client searches, interface engines for message transformation, and service oriented architecture (SOA) implementations to enable the service in any environment. Specific implementation guidance, search criteria and support are outside the scope of this International Standard.While specific security

32、measures and access control specifications are out of scope of this International Standard, due to the sensitive nature of health related and privacy information that may be supported through the directory services, significant controls need to be enabled at branch, object classes, and attribute lev

33、els. Processes and procedures should be in place to ensure information integrity represented within the health directory, and responsibility for the content of the directory should be clearly allocated through policy and process. It is anticipated that appropriate access controls managing who can re

34、ad, write or modify all items in the healthcare directory will be applied. This may be accomplished by assigning individuals within the directory to the HCOrganizationalRole and assigning appropriate privileges (e.g. read, modify, delete) to that role in directory management configuration. ISO 2013

35、All rights reserved vBS EN ISO 21091:2013BS EN ISO 21091:2013Health informatics Directory services for healthcare providers, subjects of care and other entities1 ScopeThis International Standard defines minimal specifications for directory services for healthcare. It can be used to enable communicat

36、ions between organizations, devices, servers, application components, systems, technical actors, and devices.This International Standard provides the common directory information and services needed to support the secure exchange of healthcare information over public networks where directory informa

37、tion and services are used for these purposes. It addresses the health directory from a community perspective in anticipation of supporting inter-enterprise, inter-jurisdiction, and international healthcare communications. While several options are supported by this International Standard, a given s

38、ervice will not need to include all of the options.In addition to the support of security services, such as access control and confidentiality, this International Standard provides specification for other aspects of communication, such as addresses and protocols of communication entities.This Intern

39、ational Standard also supports directory services aiming to support identification of health professionals and organizations and the subjects of care.2 Normative referencesThe following referenced documents are indispensable for the application of this document. For dated references, only the editio

40、n cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO/HL7 27931:2009, Data Exchange Standards Health Level Seven Version 2.5 An application protocol for electronic data exchange in healthcare environments3 Terms and definitionsF

41、or the purposes of this document, the following terms and definitions apply.3.1access controlmeans of ensuring that the resources of a data processing system can be accessed only by authorized entities in authorized waysISO/IEC 2382-83.2attribute authorityAAauthority which assigns privileges by issu

42、ing attribute certificatesX.509INTERNATIONAL STANDARD ISO 21091:2013(E) ISO 2013 All rights reserved 1BS EN ISO 21091:2013ISO 21091:2013(E)3.3attribute certificatedata structure, digitally signed by an attribute authority, that binds some attribute values with identification about its holderX.5093.4

43、authenticationprocess of reliably identifying security subjects by securely associating an identifier and its authenticatorISO 7498-23.5authorizationgranting of rights, which includes the granting of access based on access rightsISO 7498-23.6availabilityproperty of being accessible and useable upon

44、demand by an authorized entityISO 7498-23.7certificatepublic key certificate3.8certificate distributionact of publishing certificates and transferring certificates to security subjects3.9certificate issuerauthority trusted by one or more relying parties to create and assign certificatesNote 1 to ent

45、ry: Optionally the certification authority may create the relying parties keys.ISO/IEC 9594-83.10certificate managementprocedures relating to certificates, i.e. certificate generation, certificate distribution, certificate archiving and revocation3.11certificate revocationact of removing any reliabl

46、e link between a certificate and its related owner (or security subject owner) because the certificate is not trusted any more, even though it is unexpired3.12certificate revocation listCRLpublished list of the suspended and revoked certificates (digitally signed by the CA)3.13certificate verificati

47、onverifying that a certificate (3.7) is authentic2 ISO 2013 All rights reservedBS EN ISO 21091:2013ISO 21091:2013(E)3.14certification authorityCAauthority trusted by one or more relying parties to create and assign certificates and which may, optionally, create the relying parties keysNote 1 to entr

48、y: Adapted from ISO/IEC 9594-8.Note 2 to entry: Authority in the CA term does not imply any government authorization, but only denotes that it is trusted.Note 3 to entry: “Certificate issuer” may be a better term, but CA is very widely used.3.15confidentialityproperty that information is not made av

49、ailable or disclosed to unauthorized individuals, entities, or processesISO 7498-23.16data integrityproperty that data has not been altered or destroyed in an unauthorized mannerISO 7498-23.17digital signaturedata appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery e.g. by the recipientISO 7498-23.18identificationperformance of tests to enable a data processing system to recognize entitiesISO/IEC 238

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1