NEMA HN 1-2013 Manufacturer Disclosure Statement for Medical Device Security.pdf

1、 HIMSS/NEMA HN 1-2013 Manufacturer Disclosure Statement for Medical Device Security HIMSS/NEMA Standard HN 1-2013 Manufacturer Disclosure Statement for Medical Device Security Published by National Electrical Manufacturers Association 1300 North 17th Street, Suite 900 Rosslyn, Virginia 22209 www.nem

2、a.org Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. All rights including translation into other languages, reserved under the Universal Copyright Convention, the Berne Convention for the Protection of Literary and A

3、rtistic Works, and the International and Pan American Copyright Conventions. Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. NOTICE AND DISCLAIMER The information in this publication was considered technically sound b

4、y the consensus of persons engaged in the development and approval of the document at the time it was developed. Consensus does not necessarily mean that there is unanimous agreement among every person participating in the development of this document. The National Electrical Manufacturers Associati

5、on (NEMA) standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have an interest in the topic covered by this pu

6、blication. While NEMA administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of any information or the soundness of any judgments contained

7、in its standards and guideline publications. NEMA disclaims liability for any personal injury, property, or other damages of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application, or reliance on th

8、is document. NEMA disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of any information published herein, and disclaims and makes no warranty that the information in this document will fulfill any of your particular purposes or needs. NEMA does not

9、undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of this standard or guide. In publishing and making this document available, NEMA is not undertaking to render professional or other services for or on behalf of any person or entity, nor

10、is NEMA undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstance

11、s. Information and other standards on the topic covered by this publication may be available from other sources, which the user may wish to consult for additional views or information not covered by this publication. NEITHER THE HEALTHCARE INFORMATION AND MANAGEMENT SYSTEMS SOCIETY (HIMSS) NOR NEMA

12、HAVE POWER, NOR DO THEY UNDERTAKE TO POLICE OR ENFORCE COMPLIANCE WITH THE CONTENTS OF THIS DOCUMENT. NEITHER HIMSS NOR NEMA CERTIFY, TEST, OR INSPECT PRODUCTS, DESIGNS, OR INSTALLATIONS FOR SAFETY OR HEALTH PURPOSES. ANY CERTIFICATION OR OTHER STATEMENT OF COMPLIANCE WITH ANY HEALTH OR SAFETY RELAT

13、ED INFORMATION IN THIS DOCUMENT SHALL NOT BE ATTRIBUTABLE TO HIMSS OR NEMA AND IS SOLELY THE RESPONSIBILITY OF THE CERTIFIER OR MAKER OF THE STATEMENT. HN 1-2013 Page i Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society.

14、CONTENTS FOREWORD . ii CHANGES FROM PREVIOUS (2008) MDS2 REVISION . iv Section 1 GENERAL 1 1.1 SCOPE.1 1.1.1 The Role of Healthcare Providers in the Security Management Process 1 1.1.2 The Role of Medical Device Manufacturers in the Security Management Process .1 1.2 REFERENCES 1 1.3 DEFINITIONS 2 1

15、.4 ACRONYMS4 Section 2 INSTRUCTIONS FOR OBTAINING, USING, AND COMPLETING MDS2 FORM .5 2.1 OBTAINING THE MDS2 FORM (PROVIDERS) .5 2.2 USING THE MDS2 FORM (PROVIDERS) 5 2.2.1 Device Description 5 2.2.2 Explanatory notes .5 2.2.3 Security Capabilities 5 2.3 COMPLETING THE MDS2 FORM (MANUFACTURERS)5 2.3

16、.1 General .5 2.3.2 MDS2 Form Completion Guidance .5 Section 3 MDS2 FORM . 15 Annex COMPARISON OF PREVIOUS (2008) AND CURRENT (2013) MDS2 (Informative) 23 HN 1-2013 Page ii Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Socie

17、ty. FOREWORD This document consists of the Manufacturer Disclosure Statement for Medical Device Security (MDS2) form and related instructions how to complete the form. The intent of the MDS2 form is to supply healthcare providers with important information to assist them in assessing the vulnerabili

18、ty and risks associated with protecting private data transmitted or maintained by medical devices and systems. Because security risk assessment spans an entire organization, this document focuses on only those elements of the security risk assessment process associated with medical devices that main

19、tain or transmit private data. A standardized form 1) allows manufacturers to quickly respond to a potentially large volume of information requests from providers regarding the security- related features of the medical devices they manufacture; and 2) facilitates the providers review of the large vo

20、lume of security-related information supplied by the manufacturers. The manufacturer-completed MDS2 should: (1) Be useful to healthcare provider organizations worldwide. The information presented should be useful for any healthcare delivery organization that aspires to have an effective information

21、security risk management program. (2) Include device-specific information addressing the technical security-related attributes of the individual device model. (3) Provide a simple, flexible way of collecting the technical, device-specific elements of the common/typical information needed by provider

22、 organizations (device users/operators) to begin medical device information security (i.e., confidentiality, integrity, availability) risk assessments. HIMSS and NEMA grant permission to make copies and use this form. PLEASE BE ADVISEDThe MDS2 form is not intended to nor should it be used as the sol

23、e basis for medical device procurement. Writing procurement specifications requires a deeper and more extensive knowledge of security (including the individual facilitys/providers situation) and the healthcare mission. Using the information provided by the manufacturer in the MDS2 form together with

24、 information collected about the care delivery environment (e.g., through tools such as ACCE, American College of Clinical Engineering/ECRIs Guide for Information Security for Biomedical Technology), the providers multidisciplinary risk assessment team can review assembled information and make infor

25、med decisions on implementing a local security management plan. This form was originally adapted from portions of the ACCE/ECRI Biomedical Equipment Survey Form, a key tool found in Information Security for Biomedical Technology: A HIPAA* Compliance Guide (ACCE/ECRI, 2004). This form was published o

26、riginally in 2004, MDS2 v. 1.0 (2004-11-01) and then as a joint HIMSS/NEMA standard in 2008, HIMSS/NEMA Standard HN 1-2008. *Health Insurance Portability and Accountability Act. In 2010, International Electrotechnical Commission standard IEC 80001-1, Application of risk management for IT-networks in

27、corporating medical devices, was published. The standard deals with the application of risk management to IT-networks incorporating medical devices and provides the roles, responsibilities and activities necessary for risk management. In 2012, a Technical Report (TR) supplement to IEC 80001 was publ

28、ished, IEC/TR 80001-2-2, Guidance for the communication of medical device security needs, risks and controls. In this supplement, 19 relevant security capabilities of a medical device or IT component are defined. The 19 high-level security capabilities are “.intended to be the starting point for a s

29、ecurity-centric discussion HN 1-2013 Page iii Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. between vendor and purchaser or among a larger group of stakeholders involved in a Medical Device IT-Network project.“ Sinc

30、e this goal closely matches the primary objective of the MDS2 initiative, HIMSS and NEMA have undertaken an expansion and re-categorization of the MDS2 information provided by manufacturers in order to closely align with the 19 IEC/TR 80001-2-2 security categories. HIMSS and NEMA recommend that the

31、information in the MDS2 form be used as part of each organizations security compliance and risk assessment efforts. In the preparation of this standards publication, input of users and other interested parties has been sought and evaluated. Inquiries, comments, and proposed or recommended revisions

32、should be submitted to the concerned NEMA product subdivision by contacting the: Senior Technical Director, Operations National Electrical Manufacturers Association 1300 North 17th Street, Suite 900 Rosslyn, Virginia 22209 HN 1-2013 Page iv Copyright 2013 by the National Electrical Manufacturers Ass

33、ociation and the Healthcare Information and Management Systems Society. CHANGES FROM PREVIOUS (2008) MDS2 REVISION 1) Alignment of MDS2 with International Electrotechnical Commission (IEC) standard 80001-1 supplement, IEC/TR 80001-2-2, Guidance for the communication of medical device security needs,

34、 risks and controls. a) The order and numbering of the (2008) MDS2 questions has been changed and questions are now placed in either the MANAGEMENT OF PRIVATE DATA section or under the appropriate heading in one of the 19 categories in the SECURITY CAPABILITIES section of the MDS2 form. b) The amoun

35、t of MDS2 data requested of device manufacturers has been increased to more adequately address the 19 security capabilities of IEC/TR 80001-2-2. c) MDS2 term definitions have been added or updated to be consistent with definitions used in IEC 80001 when applicable. All of the MDS2 security-related q

36、uestions of previous MDS2 revisions remain in this latest revision with no (or only minor) changes. A cross reference of the 2008 MDS2 questions vs. 2013 MDS2 questions is provided in the Annex. 2) De-localization Several region-specific references and standards have been removed or replaced with mo

37、re generic/less region-specific references. The term “Protected Health Information” (PHI), defined in USA HIPAA legislation has been replaced in this MDS2 revision by the term “private data,” as defined in IEC 80001. HN 1-2013 Page 1 Copyright 2013 by the National Electrical Manufacturers Associatio

38、n and the Healthcare Information and Management Systems Society. Section 1 GENERAL 1.1 SCOPE Information provided on the MDS2 form is intended to assist professionals responsible for security risk assessment processes in their management of medical device security issues. The information on the MDS2

39、 form is not intended, and may be inappropriate, for other purposes. 1.1.1 The Role of Healthcare Providers in the Security Management Process The provider organization has the ultimate responsibility for providing effective security management. Device manufacturers can assist providers in their sec

40、urity management programs by offering information describing: the type of data maintained/transmitted by the manufacturers device; how data is maintained/transmitted by the manufacturers device; any security-related features incorporated in the manufacturers device. In order to effectively manage me

41、dical information security and comply with relevant regulations, healthcare providers must employ administrative, physical, and technical safeguardsmost of which are extrinsic to the actual device. 1.1.2 The Role of Medical Device Manufacturers in the Security Management Process The greatest impact

42、manufacturers can have on medical device security is to incorporate technical safeguards (i.e., security features) in their devices to facilitate healthcare providers efforts in maintaining effective security programs and meeting any relevant regulatory requirements and/or standards. The medical dev

43、ice manufacturing industry is increasingly aware of the importance of having effective security functionality in their devices. Manufacturers are generally including such security-related requirements in the production of new devices based on provider needs and requirements. 1.2 REFERENCES The follo

44、wing reference documents are included herein as suggested further reading, supportive material, and related publications: Application of risk management for IT-networks incorporating medical devices - Part 1: Roles, responsibilities and activities, IEC 80001-1:2010 Application of risk management.- P

45、art 2-1: Step by Step Risk Management of Medical IT-Networks; Practical Applications and Examples, IEC 80001-2-1:2012 Application of risk management.- Part 2-2: Guidance for the communication of medical device security needs, risks and controls, IEC/TR 80001-2-2:2012 Health Insurance Portability and

46、 Accountability Act of 1996 (HIPAA), Pub. L. 104-191 (USA) Health Insurance Reform: Security Standards; Final Rule, 45 CFR pts.160, 162, 164 (USA, 2003). EC Data Protection Directive, 95/46/EC (EU 95/46), 1995. Act on the Protection of Personal Information (Act No. 57 of 2003, Japan). HN 1-2013 Page

47、 2 Copyright 2013 by the National Electrical Manufacturers Association and the Healthcare Information and Management Systems Society. Personal Information Protection and Electronic Documents Act (PIPEDA), Statutes of Canada, 2000. Guide for Information Security for Biomedical Technology: A HIPAA Com

48、pliance Guide, May 2004, American College of Clinical Engineering (ACCE)/ECRI. 1.3 DEFINITIONS administrative safeguards: Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect private data and to manage

49、the conduct of an organizations workforce in relation to the protection of that information. anti-malware: See anti-virus software. anti-virus software: A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. See also virus scanner. audit trail: Data collected and potentially used to facilitate a security audit. biometric data: Identifies a human via a measurement of a physical feature or repeatable action of the individual (e.g., hand geometry, retinal scan, iris scan