1、BSI Standards PublicationPD CEN ISO/TS 14441:2013Health informatics Securityand privacy requirementsof EHR systems for use inconformity assessmentIncorporating corrigendum February 2014PD CEN ISO/TS 14441:2013National forewordThis Published Document is the UK implementation of CEN ISO/TS 14441:2013.
2、The UK participation in its preparation was entrusted to Technical Committee IST/35, Health informatics.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are
3、 responsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014ISBN 978 0 580 85785 0ICS 35.240.80Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under the authority of the
4、 Standards Policy and Strategy Committee on 31 December 2013.Amendments/corrigenda issued since publicationDate Text affected28 February 2014 Implementation of CEN correction notice 18 December 2013: CEN Endorsement Notice insertedPUBLISHED DOCUMENTTECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECH
5、NISCHE SPEZIFIKATION CEN ISO/TS 14441 December 2013 ICS 35.240.80 English Version Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment (ISO/TS 14441:2013)Informatique de sant - Scurit et exigences dintimit des systmes de EHR pour lvaluation de la con
6、formit (ISO/TS 14441:2013) Medizinische Informatik - Sicherheits- und Datenschutzanforderungen fr die Konformittsprfung von EGA-Systemen (ISO/TS 14441:2013) This Technical Specification (CEN/TS) was approved by CEN on 7 April 2013 for provisional application. The period of validity of this CEN/TS is
7、 limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN
8、and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national s
9、tandards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia,
10、 Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means res
11、erved worldwide for CEN national Members. Ref. No. CEN ISO/TS 14441:2013 EPD CEN ISO/TS 14441:2013CEN ISO/TS 14441:2013 (E) 3 Foreword This document (CEN ISO/TS 14441:2013) has been prepared by Technical Committee ISO/TC 215 “Health informatics” in collaboration with Technical Committee CEN/TC 251 “
12、Health informatics” the secretariat of which is held by NEN. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENE
13、LEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungar
14、y, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/TS 14441:2013 has been approved by CEN as CEN ISO/TS 14441:2013 without
15、any modification. PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E) ISO 2013 All rights reserved iiiContents PageForeword ivIntroduction v1 Scope . 12 Normative references 13 Terms and definitions . 14 Abbreviations. 95 Security and privacy requirements 95.1 General . 95.2 Theoretical foundation 95.3 Pri
16、vacy and security requirements 125.4 Common Criteria 286 Best practice and guidance for establishing and maintaining conformity assessment programs .306.1 Concepts 316.2 Conformity assessment processes 33Annex A (informative) Conformity assessment programs Design considerations and illustrative exam
17、ples from member countries as of 2010 36Annex B (informative) Comparison of jurisdictional requirements 54Bibliography . 112PD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member
18、bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental
19、and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives
20、, Part 2.The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies cas
21、ting a vote.In other circumstances, particularly when there is an urgent market requirement for such documents, a technical committee may decide to publish other types of document: an ISO Publicly Available Specification (ISO/PAS) represents an agreement between technical experts in an ISO working g
22、roup and is accepted for publication if it is approved by more than 50 % of the members of the parent committee casting a vote; an ISO Technical Specification (ISO/TS) represents an agreement between the members of a technical committee and is accepted for publication if it is approved by 2/3 of the
23、 members of the committee casting a vote.An ISO/PAS or ISO/TS is reviewed after three years in order to decide whether it will be confirmed for a further three years, revised to become an International Standard, or withdrawn. If the ISO/PAS or ISO/TS is confirmed, it is reviewed again after a furthe
24、r three years, at which time it must either be transformed into an International Standard or be withdrawn.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rig
25、hts.ISO/TS 14441 was prepared by Technical Committee ISO/TC 215, Health informatics.iv ISO 2013 All rights reservedPD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)IntroductionAs local, regional and national EHR infostructures develop, electronic patient record systems are being implemented at the many p
26、oints of care where patients are seen point-of-service (POS) clinical systems. In addition to institutional settings like hospitals, where the systems in various departments (e.g. nursing units) are typically integrated into a single patient record, smaller single purpose systems such as electronic
27、medical records (EMRs) are also being implemented in physician offices and other non-institutional settings such as public health where the sophistication of the systems and the local IT support infrastructure is much less. As countries begin to connect these POS clinical systems to EHR infostructur
28、es (or directly exchange clinical information with other POS clinical systems through system-to-system communications), the security and privacy of these systems becomes much more critical and complex than when the systems operated in a disconnected or stand-alone state. To ensure the required stand
29、ards are implemented correctly into these systems, so that they will securely interact with EHR infostructures and maintain the privacy of patient information, many countries are implementing certification and conformance testing programs to provide objective evidence of conformity with these requir
30、ements.This Technical Specification identifies the security and privacy requirements, harvested from the above mentioned standards and international experiences, which should be in place for conformance testing for interoperable POS clinical (electronic patient record) systems interfacing with EHRs.
31、The POS clinical systems profiled receive, store, process, display and communicate clinical data and administrative actions, as well as information related to system users (demographics, personal).The systems are always accessed by authorized and authenticated users. These users are: health professi
32、onals that input, access and use patient data, clinical procedures, and statistics; administrative users that input and read patients personal and demographics data, administrative and statistical information; administrators that control users power, perform backups, provide system configuration, in
33、cluding security ones; auditors that read audit trails; other EHR systems that input and receive data; subjects of care and their substitute decision makers, who may have restricted access to input and retrieve authorized data.Key assumptions that apply for compliant POS clinical systems are as foll
34、ows: the Target of Evaluation (TOE) comprises commercial off the shelf (COTS), governmental, proprietary and free and open source software; authenticated users recognize the need for a secure IT environment; authenticated users can be trusted to comply with the organizations security policy; busines
35、s security processes are implemented with due regard for what can (and cannot) be reasonably accomplished in a clinical setting; competent security administration is carried out in relation to the systems installation and ongoing operations.This Technical Specification draws from international stand
36、ards, which have been developed by ISO/TC 215 for EHRs, as well as other ISO standards such as such as ISO/IEC 27001 and the ISO/IEC 17000 series of standards developed by the ISO Committee on conformity assessment (CASCO). This Technical Specification also reflects the experience that various count
37、ries have had to date in implementing certification and conformance testing programs in addressing privacy and security requirements in the ISO 2013 All rights reserved vPD CEN ISO/TS 14441:2013ISO/TS 14441:2013(E)context where electronic patient record (clinical) systems at the point of care are in
38、teroperable with regional and national EHRs.This Technical Specification includes: security and privacy requirements that should be met to ensure that information is protected as well as the main categories of attack; discussion of the theoretical foundations underpinning the requirements; guidance
39、on best practice for establishing and maintaining conformity assessment programs; description of the conformity assessment process, including the key concepts and processes.Annex A provides more detailed information on conformity assessment models and processes, plus examples of conformity assessmen
40、t programs in four example countries at a point in time (2010).Annex B provides a detailed examination of the privacy and security requirements in place in five jurisdictions at the time that this Technical Specification was written. This analysis was used to derive the security and privacy requirem
41、ents in Clause 5.This Technical Specification is to be used by agencies which accredit or operate programs for certifying health software products through conformity assessment against privacy and security standards, software suppliers demonstrating their compliance with those requirements, and purc
42、hasers of those systems who want assurance that the requirements have been met.vi ISO 2013 All rights reservedPD CEN ISO/TS 14441:2013TECHNICAL SPECIFICATION ISO/TS 14441:2013(E)Health informatics Security and privacy requirements of EHR systems for use in conformity assessment1 ScopeThis Technical
43、Specification examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. Hardware and process controls are out of the scope. This Technical Specification addresses their security and privacy protections by providing a set of security and privacy r
44、equirements, along with guidelines and best practice for conformity assessment.ISO/IEC 15408 (all parts) defines “targets of evaluation” for security evaluation of IT products. This Technical Specification includes a cross-mapping of 82 security and privacy requirements against the Common Criteria c
45、ategories in ISO/IEC 15408 (all parts). The point-of-service (POS) clinical software is typically part of a larger system, for example, running on top of an operating system, so it must work in concert with other components to provide proper security and privacy. While a Protection Profile (PP) incl
46、udes requirements for component security functions to support system security services, it does not specify protocols or standards for conformity assessment, and does not address privacy requirements.This Technical Specification focuses on two main topics:a) Security and privacy requirements (Clause
47、 5). Clause 5 is technical and provides a comprehensive set of 82 requirements necessary to protect (information, patients) against the main categories of risks, addressing the broad scope of security and privacy concerns for point of care, interoperable clinical (electronic patient record) systems.
48、 These requirements are suitable for conformity assessment purposes.b) Best practice and guidance for establishing and maintaining conformity assessment programs (Clause 6). Clause 6 provides an overview of conformity assessment concepts and processes that can be used by governments, local authoriti
49、es, professional associations, software developers, health informatics societies, patients representatives and others, to improve conformity with health software security and privacy requirements. Annex A provides complementary information useful to countries in designing conformity assessment programs such as further material on conformity assessment business models, processes and other considerations, along with illustrative examples of conformity assessment activities in four countries.Policies that apply to a local, region