iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ASTM

ASTM E2086-00

(Guide)

Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009)

Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009)

SIGNIFICANCE AND USE
This guide recommends security mechanisms for protection of healthcare information transmitted using the IPS. The IPS consists of multiple protocol layers.
The lowest layer which can provide end–to–end security is the Internet Protocol (IP). IP may run over a variety of subnetwork technologies, such as Ethernet, X.25, ATM, and even asynchronous dial–up lines. While it is possible to provide security services directly over those technologies, such approaches only protect a single subnetwork and are not discussed further.
A variety of protocols may be run on top of IP. These include the Transmission Control Protocol (TCP), which provides reliable, sequenced data delivery (sessions), and the User Datagram Protocol (UDP), which provides unsequenced data delivery (datagrams). Other protocols at this layer include various routing and configuration protocols used by the network itself.
Application protocols typically make use of either TCP or UDP. A variety of standard application protocols have been defined for such applications as file transfer (FTP), electronic mail (SMTP), and the World Wide Web (HTTP). Some applications have their own security requirements, dictated by the structure of the application or its protocols.
The remainder of this guide is organized as follows: Section 5 discusses security threats and the countermeasures which can be used to protect against these threats. Section 6 presents a brief overview of cryptography, as most network security mechanisms rely on its use. Section 7 distinguishes between network and application security and discusses when each level of security might be useful. The remaining sections recommend specific security protocols and mechanisms for both network and application security needs.
SCOPE
1.1 This guide covers mechanisms that can be used to protect healthcare information which is being transmitted over networks using the Internet Protocol Suite (IPS). This includes the actual Internet itself, as well as corporate intranets constructed from off-the-shelf components implementing these protocols. An organization's security policy will determine when these mechanisms are used, based on risk analysis.
1.2 The Internet Engineering Task Force (IETF) is defining security standards for use with the IPS. This guide covers the relevant standards and recommends, where needed, particular options (such as cryptographic transformations) to be used with the standards. Most standards referenced here are proposed standards issues as Request for Comments (RFC's). Some are in the draft stage, but are stable enough (and widely enough implemented) to be recommended for use at this time.
WITHDRAWN RATIONALE
This guide covers mechanisms that can be used to protect healthcare information which is being transmitted over networks using the Internet Protocol Suite (IPS). This includes the actual Internet itself, as well as corporate intranets constructed from off–the–shelf components implementing these protocols. An organization's security policy will determine when these mechanisms are used, based on risk analysis.
Formerly under the jurisdiction of Committee E31 on Healthcare Informatics, this guide was withdrawn in February 2009 in accordance with section 10.5.3.1 of the Regulations Governing ASTM Technical Committees, which requires that standards shall be updated by the end of the eighth year since the last approval date.

General Information

Status
Withdrawn
Publication Date
09-Apr-2000
Withdrawal Date
28-Jan-2009
ICS
35.240.80 - IT applications in health care technology
Technical Committee
E31 - Healthcare Informatics
Drafting Committee
E31.25 - Healthcare Data Management, Security, Confidentiality, and Privacy
Current Stage
Ref Project

Buy Standard

ASTM E2086-00 - Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009)ASTM E2086-00 - Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009)
PreviousNext
Guide
ASTM E2086-00 - Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009)
English language
6 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


NOTICE: This standard has either been superseded and replaced by a new version or withdrawn.
Contact ASTM International (www.astm.org) for the latest information
An American National Standard
Designation:E2086–00
Standard Guide for
Internet and Intranet Healthcare Security
This standard is issued under the fixed designation E 2086; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (e) indicates an editorial change since the last revision or reapproval.
1. Scope RFC 2440 OpenPGP Message Format
RFC 2451 The ESP CBC-Mode Cipher Algorithms
1.1 This guide covers mechanisms that can be used to
RFC 2560 Internet X.509 Public Key Infrastructure Online
protect healthcare information which is being transmitted over
Certificate Status Protocol
networks using the Internet Protocol Suite (IPS). This includes
RFC 2630 Cryptographic Message Syntax
the actual Internet itself, as well as corporate intranets con-
RFC 2631 Diffie-Hellman Key Agreement Method
structed from off–the–shelf components implementing these
RFC 2632 S/MIME Version 3 Certificate Handling
protocols. An organization’s security policy will determine
RFC 2633 S/MIME Version 3 Message Specification
when these mechanisms are used, based on risk analysis.
RFC 2634 Enhanced Security Services for S/MIME
1.2 The Internet Engineering Task Force (IETF) is defining
security standards for use with the IPS. This guide covers the
2.2 Other Standards:
relevant standards and recommends, where needed, particular
FIPS PUB 180–1 Secure Hash Algorithm
options(suchascryptographictransformations)tobeusedwith
the standards. Most standards referenced here are proposed
3. Terminology
standards issued as Requests for Comments (RFCs). Some are
3.1 Definitions:
in the draft stage, but are stable enough (and widely enough
3.1.1 algorithm—a clearly specified mathematical process
implemented) to be recommended for use at this time.
for computation; a set of rules which, if followed, will give a
2. Referenced Documents prescribed result.
3.1.2 asymmetric cryptography—cryptographic algorithm
2.1 IETF Standards:
that uses two related keys, a public key and a private key; the
RFC 1510 Kerberos Authentication Service
two algorithm keys have the property that, given the public
RFC 1777 Lightweight Directory Access Protocol (v2)
key, it is computationally infeasible to derive the private key.
RFC 2251 Lightweight Directory Access Protocol (v3)
3.1.3 authentication—the corroboration that the source of
RFCs 1901–1910 Simple Network Management Protocol
data received is as claimed.
RFC 1945 Hypertext Transfer Protocol
3.1.4 authorization—the granting of rights.
RFC 1964 Kerberos v5 GSS-API Mechanism
3.1.5 cipher text—data in its enciphered form.
RFC 2246 The TLS Protocol Version 1.0
3.1.6 clear text—data in its original, unencrypted form.
RFC 2401 Security Architecture for the Internet Protocol
3.1.7 confidentiality—the property that information is not
RFC 2402 IP Authentication Header
made available to or disclosed to unauthorized individuals,
RFC 2403 The Use of HMAC-MD5–96 within ESPandAH
entities, and processes.
RFC 2404 The Use of HMAC-SHA-196 within ESP and
3.1.8 cryptographic checkvalue—a value computed using a
AH
shared secret key and a data unit, which can be used to provide
RFC 2406 IP Encapsulating Security Payload (ESP)
data integrity and authentication services.
RFC 2407 The Internet IP Security Domain of Interpreta-
3.1.9 cryptography—the discipline which embodies prin-
tion for ISAKMP
ciples, means, and methods for the transformation of data in
RFC 2408 Internet Security Association and Key Manage-
order to hide its information content, prevent its undetected
ment Protocol (ISAKMP)
modification, prevent its unauthorized use or a combination
RFC 2409 The Internet Key Exchange (IKE)
thereof.
RFC 2411 IP Security Document Roadmap
3.1.10 datagram—a data unit that is delivered indepen-
dently of other data units transmitted over a network.
This guide is under the jurisdiction of ASTM Committee E31 on Healthcare
3.1.11 data integrity—a property whereby data has not been
Informatics , and is the direct responsibility of Subcommittee E31.25 on Healthcare
altered or destroyed.
Management, Security, Confidentiality, and Privacy.
Current edition approved April 10, 2000. Published June 2000.
Available on line at ftp://ds.internic.net.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.
E2086–00
3.1.12 decryption—a process of transforming ciphertext 3.2.12 HMAC—Hashed Message Authentication Code
into plaintext. 3.2.13 HTTP—HyperText Transfer Protocol
3.2.14 IDUP—Independent Data Unit Protection
3.1.13 digital signature—a cryptographic transformation of
data which, when associated with a data unit, provides the 3.2.15 IETF—Internet Engineering Task Force
3.2.16 IP—Internet Protocol
services of origin authentication, data integrity, and signer
non–repudiation. 3.2.17 IPS—Internet Protocol Suite
3.2.18 IPSEC—Internet Protocol Security
3.1.14 encryption—a process of transforming plain text
(readable) into cipher text (unreadable) for the purpose of 3.2.19 ISAKMP—Internet Security Association and Key
Management Protocol
security or privacy.
3.2.20 LAN—Local Area Network
3.1.15 encryption key—a binary number used to transform
3.2.21 MD—Message Digest
plain text into ciphertext.
3.2.22 MIME—Multipurpose Internet Mail Extension
3.1.16 gateway—a computer system or other device that
3.2.23 PCT—Private Communications Technology
acts as a translator between two systems that do not use the
3.2.24 PIN—Personal Identification Number
same communications protocols, data formatting, structures,
3.2.25 PKCS—Public–Key Cryptography Standards
languages, or architecture, or a combination thereof.
3.2.26 RFC—Requests for Comment
3.1.17 intranet—an internal corporate network which uses
3.2.27 RSA—Rivest, Shamir, and Adelman
the Internet protocol suite (TCP, IP, etc.)
3.2.28 SHA-1—Secure Hash Algorithm
3.1.18 non–repudiation—this service provides proof of the
3.2.29 S–HTTP—Secure HyperText Transfer Protocol
integrityandoriginofdata,bothinanunforgeablerelationship,
3.2.30 S/MIME—Secure/Multipurpose Internet Mail Exten-
which can be verified by any party.
sions
3.1.19 plain text—data in its original, unencrypted form.
3.2.31 SMTP—Simple Mail Transfer Protocol
3.1.20 repudiation—the denial by a user of having partici-
3.2.32 SSL—Secure Socket Layer
pated in part or all of a communication. (See non–repudiation,
3.2.33 TCP—Transmission Control Protocol
which has the opposite meaning.)
3.2.34 TLSP—Transport Layer Security Protocol
3.1.21 replay—the process of sending a previously sent
3.2.35 UDP—User Datagram Protocol
message as a method of perpetrating a fraud.
3.2.36 VPN—Virtual Private Network
3.1.22 security association—the relationship between two
3.2.37 WAN—Wide Area Network
entities which allows the protection of information communi-
3.2.38 WWW—World Wide Web
cated between the entities.
3.1.22.1 Discussion—This relationship includes a shared
4. Significance and Use
symmetric key, and security attributes describing the relation-
4.1 This guide recommends security mechanisms for pro-
ship. The security association is used to negotiate the charac-
tection of healthcare information transmitted using the IPS.
teristics of these protection mechanisms, but does not include
The IPS consists of multiple protocol layers.
the protection mechanisms themselves.
4.2 Thelowestlayerwhichcanprovideend–to–endsecurity
3.1.23 session—logical relationship between two network
is the Internet Protocol (IP). IP may run over a variety of
endpoints that supports a user or network application.
subnetwork technologies, such as Ethernet, X.25, ATM, and
3.1.24 subnetwork—a network segment, usually with its
even asynchronous dial–up lines. While it is possible to
own address.
provide security services directly over those technologies, such
3.1.25 symmetric encryption—encryptionusingasinglekey
approaches only protect a single subnetwork and are not
to encrypt and decrypt which both the sender and receiver hold
discussed further.
privately.
4.3 A variety of protocols may be run on top of IP. These
3.1.26 virtual private network—a network which uses the
include the Transmission Control Protocol (TCP), which pro-
Internet as a carrier, but is operated as a dedicated point-to-
vides reliable, sequenced data delivery (sessions), and the User
point network.
Datagram Protocol (UDP), which provides unsequenced data
3.1.26.1 Discussion—Encryption is used to segregate and
delivery (datagrams). Other protocols at this layer include
protect the VPN’s data when it is conveyed over the Internet.
various routing and configuration protocols used by the net-
3.2 Acronyms:Acronyms:
work itself.
3.2.1 AH—Authentication Header
4.4 Application protocols typically make use of either TCP
3.2.2 API—Application Programming Interface
or UDP. A variety of standard application protocols have been
3.2.3 ASTM—American Society for Testing and Materials
defined for such applications as file transfer (FTP), electronic
3.2.4 ATM—Asynchronous Transfer Mode
mail (SMTP), and the World Wide Web (HTTP). Some
3.2.5 DEC—Digital Equipment Corporation
applications have their own security requirements, dictated by
3.2.6 DES—Data Encryption Standard
the structure of the application or its protocols.
3.2.7 DSA—Digital Signature Algorithm
4.5 The remainder of this guide is organized as follows:
3.2.8 EDI—Electronic Data Interchange
Section 5 discusses security threats and the countermeasures
3.2.9 ESP—Encapsulating Security Payload
which can be used to protect against these threats. Section 6
3.2.10 FTP—File Transfer Protocol
presents a brief overview of cryptography, as most network
3.2.11 GSS—Generic Security Services security mechanisms rely on its use. Section 7 distinguishes
E2086–00
between network and application security and discusses when integrity, in which the integrity service is applied to a sequence
each level of security might be useful. The remaining sections number or other sequencing information.
recommend specific security protocols and mechanisms for 5.2.6 Non–repudiationoforiginanddeliveryprotectagainst
both network and application security needs. an originator or recipient falsely denying originating or receiv-
ing a message. This service provides proof (to a third party) of
5. Threats and Countermeasures origin or receipt, and is provided using digital signatures.
5.1 This section covers the principal threats to a system. In
6. Cryptography Overview
some cases, security services can prevent an attack; in other
cases, they merely detect an attack. 6.1 Cryptographyistheartorscienceofkeepingdatasecure
from disclosure, modification, and forgery. It is particularly
5.1.1 Masquerade occurs when an entity successfully pre-
appropriate in today’s computing environment, given the
tends to be another entity.This includes impersonation of users
increasing use of networks to connect systems (implying more,
or system components, as well as falsely claiming origination
or acknowledging receipt of a message or transaction. possibly unknown users may access data), the increasing
amount of sensitive data being conveyed on these networks,
5.1.2 Modification of information can include modification
legal requirements for protection of data, and the ease and low
of message or data content, as well as destruction of messages,
cost of network attack.
data, or management information. This includes message
6.2 Encryption can be used to provide confidentiality and
sequencing threats, which occur when the order of messages is
integrity services. Following are two types of encryption
altered.
systems:
5.1.3 Unauthorized disclosure threats include revealing
6.2.1 In symmetric (conventional) cryptography, the sender
message contents or other data, as well as information derived
and recipient share a secret key. This key is used by the
from observing traffic flow, as well as revealing information
originator to encrypt a message and by the recipient to decrypt
held in storage on an open system.
a message.The Data Encryption Standard (DES) is an example
5.1.4 Repudiation occurs when a user or the system denies
of a symmetric cryptosystem. Confidentiality is provided by
having performed some action, such as origination or reception
encrypting the message under a shared key. Integrity and
of a message.
authentication are supported by computing a cryptographic
5.1.5 Denial of service threats prevent the system from
checkvalue, or authenticator, over the message, using a key
performing its functions. This may be accomplished by attacks
shared by the originator and recipient.
on the underlying communications infrastructure, attacks on
6.2.2 In asymmetric (public key) cryptography, different
the underlying applications, or by flooding the system with
keys are used to encrypt and decrypt a message. Each user is
extra traffic.
associated with a pair of keys. One key (the public key)is
5.2 The following services protect against the threats de-
publicly known and is used to encrypt messages destined for
scribed in 5.1.1-5.1.5.
that user. The private key is known only to the user and is used
5.2.1 Peer entity authentication provides proof of the iden-
to decrypt incoming messages. RSA (named after the inven-
tity of communicating parties. Various types of authentication
tors’ initials) is the most well-known asymmetric algorithm.
exchangeshavebeendiscussedintheliterature;mostarebased
6.3 Some asymmetric algorithms, such as RSA, can also
on digital signatures or other cryptographic mechanisms.
provide authentication, integrity, and non-repudiation when
5.2.2 Data origin authentication counters the threat of
used as follows:
masquerade and is provided using digital signatures or other
6.3.1 To sign a data unit, the user encrypts it under his
cryptographic integrity mechanisms.
private key.
5.2.3 Access control counters the threat of unauthorized
6.3.2 To verify the data unit, the recipient decrypts it with
disclosure or modification of data. This is particularly appro-
the originator’s public key.
priate on an end system. A variety of access control strategies
6.3.3 If the message is successfully decrypted, it must have
canbefoundinthestandards,includingaccesscontrollistsand
been encrypted by the originator, who is the only entity that
security labels. Since access control is typically provided on an
knows the corresponding private key.
end system, it is not discussed further in this guide.
6.3.4 A digital signature is, then, a piece of data appended
5.2.4 Confidentiality counters the threat of unauthorized
to a message, generated from the message and the signer’s
disclosure, par
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ASTM
ASTM E2147-18(Specification)
Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

ABSTRACT
This specification describes the security requirements involved in the development and implementation of audit and disclosure logs used in health information systems. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems, and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of confidential health care information to external users for use in manual and computer systems. This specification provides for two main purposes, namely: to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight; and to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it.
SIGNIFICANCE AND USE
4.1 Data that document health services in health care organizations are business records and shall be archived to a secondary but retrievable medium, and readily accessible, such as data that would be archived in a server or cloud storage. Audit data shall be retained for as long as the medical record is maintained, and may not be destroyed before the medical record may legally be destroyed, and in any event, for at least 10 years or for two years after the legal age of majority, unless a longer period of record retention is prescribed by state, federal or other law or regulation.  
4.2 The purpose of audit data and disclosure logs is to document and maintain a permanent, trustworthy, and immutable record of all authorized and unauthorized activities of any nature whatsoever and disclosure of confidential health information {except exclusions per federal and state law [21 CFR 11 Subpart B(e)]}. This further facilitates the purpose that patients, healthcare providers, organizations, and others can obtain a verifiable, self-authenticating record documenting all activities with respect to that record. The process of information disclosure and auditing shall also conform, where relevant, with the Privacy Act of 1974 (3).  
4.3 Audit reports designed for system access provide a precise capability for healthcare providers, organizations, patients, patient representatives, and advocates to see who has accessed and/or manipulated patient information. Because of the significant risk of medical information manipulation in computing environments by authorized and unauthorized users, the audit report is an important management tool to monitor access and any such manipulation retrospectively. In addition, the access and disclosure logs become powerful support documents for disciplinary and legal actions. Moreover, audit reports are essential components to comprehensive security programs in healthcare and vital for the privacy rights of the individual. A patient has a right to ...
SCOPE
1.1 This specification is for the development and implementation of secure audit data and logs for electronically stored health information. It specifies how to design the audit log to record all activities impacting a medical record, for example, creating a new record, entering data into a record, changing or deleting an existing record, and all additional user access data (for example, identification, location, and date and time) to patient-identifiable information maintained in computer systems. Such audit logs shall track not only data entry and modifications, but also simple access and viewing of the patient record, and whether any modifications are made during that access. This specification also includes principles for developing policies, procedures, and functions of health information logs to document all actions regarding identifiable health information for use in both manually entered (paper record) and computer systems.  
1.2 The first purpose of this specification is to defin...

  • Technical specification
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2767-24(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for X-ray Computed Tomography (CT) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of X-ray tomographic NDE data will use this standard. This practice defines a set of information modules that along with Practice E2339 and the DICOM standard provide a standard means to organize X-ray tomography test parameters and results. The X-ray CT test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any tomographic inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice facilitates the interoperability of X-ray computed tomography (CT) imaging equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of the NEMA Standards Publication titled Digital Imaging and Communications in Medicine (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE test results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to X-ray CT test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from tomographic test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the X-ray CT technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    11 pages
    English language
    sale 15% off
ASTM
ASTM E3398-23(Guide)
Standard Guide for Digital Neutron Radiography

SIGNIFICANCE AND USE
4.1 Purpose—Practices to be employed for the radiographic examination of materials and components with neutrons using digital neutron detectors are outlined herein. They are intended as a guide for the assessment of a digital neutron radiograph’s characteristics. For information on neutron beam lines for imaging and film neutron radiography, refer to Guide E748.  
4.2 Limitations—Acceptance standards have not been established for any material or production process. Neutron radiography, whether performed by means of a reactor, an accelerator, subcritical assembly, or radioactive source, will be consistent in sensitivity and spatial resolution only if the consistency of all details of the technique, such as neutron source, collimation, geometry, imaging system, etc., are maintained. This guide is limited to the use of digital neutron detectors in combination with neutron conversion materials for image recording. This guide is intended for use with thermal and cold neutron spectrums. The production of thermal neutron radiographs by employing the use of film and appropriate conversion screens is covered in Guide E748.  
4.3 Interpretation and Acceptance Standards—Interpretat- ion and acceptance standards are not covered by this guide. Designation of accept-reject standards is recognized to be within the cognizance of product specifications.  
4.4 Other Aspects of the Neutron Radiographic Process—For many important aspects of neutron radiography such as technique, files, viewing of radiographs, storage of radiographs, film processing, and record keeping, refer to Guide E94, which covers these aspects for X-ray radiography. (See Section 2.)
SCOPE
1.1 This guide covers the evaluation, qualification, and quantification of digital neutron images. These images can be acquired by many methods, including: neutron sensitive imaging plates (Computed Radiography – CR), Digital Detector Arrays – DDA’s (amorphous silicon, CMOS, CCD, etc.), micro-channel plates, neutron sensitive fluoroscopes, neutron sensitive scintillators coupled to optical cameras, digitized radiographic films, and linear diode arrays.  
1.2 This guide does not purport to establish what is considered an acceptable image but is intended to only give guidance on digital neutron imaging, as well as image quality metrics of importance, and how they can be measured and reported.  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2738-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Computed Radiography (CR) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of computed radiography NDE data will use this practice. This practice will define a set of information modules that along with the Practice E2339 and the DICOM standard will provide a standard means to organize CR inspection data. The CR inspection data may be displayed and analyzed on any device that conforms to the standard. Personnel wishing to view any CR inspection data stored in accordance with Practice E2339 may use this practice to help them decode and display the data contained in the DICONDE compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of computed radiography (CR) imaging and data acquisition equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This practice is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to computed radiography test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from CR test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all standard CR technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this practice.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM E2699-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Digital X-ray (DX) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of digital X-ray test results will use this standard. This practice defines a set of information modules that, along with Practice E2339 and the DICOM standard, provides a standard means to organize digital X-ray test parameters and results. The digital X-ray test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any digital X-ray inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of digital X-ray imaging equipment using Digital Detector Arrays (DDA) as described in Practice E2698 by specifying image data transfer and archival methods in commonly accepted terms. A separate practice, Practice E2738, addresses this topic for digital X-ray imaging equipment using Computed Radiography (CR). This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of DICOM NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules, and a data dictionary that are specific to digital X-ray test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from digital X-ray test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the digital X-ray technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    6 pages
    English language
    sale 15% off
ASTM
ASTM E1475-13(2023)(Guide)
Standard Guide for Data Fields for Computerized Transfer of Digital Radiological Examination Data

SIGNIFICANCE AND USE
3.1 The primary use of this guide is to provide a standardized approach for the data file to be used for the transfer of digital radiological data from one user to another where the two users are working with dissimilar systems. This guide describes the contents, both required and optional for an intermediate data file that can be created from the native format of the radiological system on which the data was collected and that can be converted into the native format of the receiving radiological data analysis system. This guide will also be useful in the archival storage and retrieval of radiological data as either a data format specifier or as a guide to the data elements which should be included in the archival file.  
3.2 Although the recommended field listing includes more than 100 field numbers, only about half of those are regarded as essential and are marked Footnote C in Table 1. Fields so marked must be included in the data base. The other fields recommended provide additional information that a user will find helpful in understanding the radiological image and examination result. These header field items will, in most cases, make up only a very small part of a radiological examination file. The actual stream of radiological data that make up the image will take up the largest part of the data base. Since a radiological image file will normally be large, the concept of data compression will be considered in many cases. Compressed data should be noted, along with a description of the compression method, as indicated in Field No. 92 (see Table 1). (A) Field numbers are for reference only. They do not imply a necessity to include all these fields in any specific data base nor imply a requirement that fields used be in this particular order.(B) Units listed first are SI; those in parentheses are inch-pound (English).(C) Denotes essential field for computerization of examination results, regardless of examination method.(D) Denotes essential field for radiogra...
SCOPE
1.1 This guide provides a listing and description of the fields that are recommended for inclusion in a digital radiological examination data base to facilitate the transfer of such data. This guide sets guidelines for the format of data fields for computerized transfer of digital image files obtained from radiographic, radioscopic, computed radiographic, or other radiological examination systems. The field listing includes those fields regarded as necessary for inclusion in the data base: (1) regardless of the radiological examination method (as indicated by Footnote C in Table 1), (2) for radioscopic examination (as indicated by Footnote F in Table 1), and (3) for radiographic examination (as indicated by Footnote D in Table 1). In addition, other optional fields are listed as a reminder of the types of information that may be useful for additional understanding of the data or applicable to a limited number of applications.  
1.2 It is recognized that organizations may have in place an internal format for the storage and retrieval of radiological examination data. This guide should not impede the use of such formats since it is probable that the necessary fields are already included in such internal data bases, or that the few additions can easily be made. The numerical listing and its order indicated in this guide is only for convenience; the specific numbers and their order carry no inherent significance and are not part of the data file.  
1.3 Current users of Guide E1475 do not have to change their software. First time users should use the XML structure of Table A1.1 for their data.  
1.4 The types of radiological examination systems that appear useful in relation to this guide include radioscopic systems as described in Guide E1000, Practices E1255, E1411, E2597, E2698 and E2737, and radiographic systems as described in Guide E94 and Practices E748, E1742, E2033, E2445, and E2446. Many of the terms used are def...

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM F3107-14(2023)(Test Method)
Standard Test Method for Measuring Accuracy After Mechanical Disturbances on Reference Frames of Computer Assisted Surgery Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for comparison and evaluation of the accuracy of different CAS systems.  
5.2 The use of CAS systems and robotic tracking systems is becoming increasingly common and requires a degree of trust by the user that the data provided by the system meets necessary accuracy requirements. In order to evaluate the potential use of these systems, and to make informed decisions about suitability of a system for a given procedure, objective performance data of such systems are necessary. While the end user will ultimately want to know the accuracy parameters of a system under clinical application, the first step must be to characterize the digitization accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting point accuracy is needed. Parameters such as coordinate system, units of measure, terminology, and operational conditions must be standardized.
SCOPE
1.1 This standard will measure the effects on the accuracy of computer assisted surgery (CAS) systems of the environmental influences caused by equipment utilized for bone preparation during the intended clinical application for the system. The environmental vibration effect covered in this standard will include mechanical vibration from: cutting saw (sagittal or reciprocating), burrs, drills, and impact loading. The change in accuracy from detaching and re-attaching or disturbing a restrained connection that does not by design require repeating the registration process of a reference base will also be measured.  
1.2 It should be noted that one system may need to undergo multiple iterations (one for each clinical application) of this standard to document its accuracy during different clinical applications since each procedure may have different exposure to outside forces given the surgical procedure variability from one procedure to the next.  
1.3 All units of measure will be reported as millimeters for this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM F2554-22(Practice)
Standard Practice for Measurement of Positional Accuracy of Computer-Assisted Surgical Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for evaluation of the accuracy of different CAS systems.  
5.2 The use of surgical navigation and robotic positioning systems is becoming increasingly common. In order to make informed decisions about the suitability of such systems for a given procedure, their accuracy capability needs to be evaluated under clinical application and compared to the requirements. As the performance of a whole system is constrained by those of its subparts, a preliminary step must be to objectively characterize the accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting accuracy is needed. Parameters such as coordinate system, units of measurement, terminology, and operational conditions must be standardized.
SCOPE
1.1 This document provides procedures for measurement and reporting of basic static performance of surgical navigation and/or robotic positioning devices under defined conditions. They can be performed on a subsystem (for example, tracking only) or a full computer-aided surgery system as would be used clinically. Testing a subsystem does not mean that the whole system has been tested. The functionality to be tested based on this practice is limited to the performance (accuracy in terms of bias and precision) of the system regarding point localization in space by means of a pointer. A point in space has no orientation; only multidimensional objects have orientation. Therefore, orientation of objects is not within the scope of this practice. However, in localizing a point the different orientations of the pointer can produce errors. These errors and the pointer orientation are within the scope of this practice. The aim is to provide a standardized measurement of performance variables by which end users can compare within a system (for example, with different reference elements or pointers) and between different systems (for example, from different manufacturers). Parameters to be evaluated include (based upon the features of the system being evaluated):
(1) Accuracy of a single point relative to a coordinate system.
(2) Sensitivity of tracking accuracy due to changes in pointer orientation.
(3) Relative point-to-point accuracy.  
1.1.1 This method covers all configurations of the evaluated system as well as extreme placements across the measurement volume.  
1.2 This practice defines a standardized reporting format, which includes definition of the coordinate systems to be used for reporting the measurements, and statistical measures (for example, mean, RMS, and maximum error).  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard, except for angular measurements, which may be reported in terms of radians or degrees.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 15% off
ASTM
ASTM E2891-20(Guide)
Standard Guide for Multivariate Data Analysis in Pharmaceutical Development and Manufacturing Applications

SIGNIFICANCE AND USE
4.1 A significant amount of data is generated during pharmaceutical development and manufacturing activities. The interpretation of such data is becoming increasingly difficult. Individual examination of the univariate process variables is relevant but can be significantly complemented by multivariate data analysis (MVDA). MVDA may be particularly appropriate for exploring and handling large sets of heterogenous data, mapping data of high dimensionality onto lower dimensional representations, exposing significant correlations among multivariate variables within a single data set or significant correlations among multivariate variables across data sets. MVDA may extract statistically significant information which may enhance process understanding, decision making in process development, process monitoring and control (including product release), product life-cycle management, and continuous improvement.  
4.2 MVDA is widely used in various industries including the pharmaceutical industry. To achieve a valid outcome, an MVDA model/application should incorporate the following:  
4.2.1 A predefined risk-based objective incorporating one or more relevant scientific hypotheses specific to the application;  
4.2.2 Sufficient relevant data of requisite quality covering the variance space encountered during intended use, that is, pharmaceutical development, or pharmaceutical manufacturing, or both;  
4.2.3 Appropriate data analysis and model utilization practices including considerations on testing, validation, and qualification of all new data prior to using a model to analyze it;  
4.2.4 Appropriately trained staff;  
4.2.5 Appropriate standard operating procedures; and  
4.2.6 Life-cycle management.  
4.3 This guide can be used to support data analysis activities associated with pharmaceutical development and manufacturing, process performance and product quality monitoring in manufacturing, as well as for troubleshooting and investigation events. Technical detai...
SCOPE
1.1 This guide covers the applications of multivariate data analysis (MVDA) to support pharmaceutical development and manufacturing activities. MVDA is one of the key enablers for process understanding and decision making in pharmaceutical development, and for the release of intermediate and final products after being validated appropriately using a science and risk-based approach.  
1.2 The scope of this guide is to provide general guidelines on the application of MVDA in the pharmaceutical industry. While MVDA refers to typical empirical data analysis, the scope is limited to providing a high level guidance and not intended to provide application-specific data analysis procedures. This guide provides considerations on the following aspects:  
1.2.1 Use of a risk-based approach (understanding the objective requirements and assessing the fit-for-use status);  
1.2.2 Considerations on the data collection and diagnostics used for MVDA (including data preprocessing and outliers);  
1.2.3 Considerations on the different types of data analysis, model testing, and validation;  
1.2.4 Qualified and competent personnel; and  
1.2.5 Life-cycle management of MVDA model.  
1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E1935-97(2019)(Test Method)
Standard Test Method for Calibrating and Measuring CT Density

SIGNIFICANCE AND USE
5.1 This test method allows specification of the density calibration procedures to be used to calibrate and perform material density measurements using CT image data. Such measurements can be used to evaluate parts, characterize a particular system, or compare different systems, provided that observed variations are dominated by true changes in object density rather than by image artifacts. The specified procedure may also be used to determine the effective X-ray energy of a CT system.  
5.2 The recommended test method is more accurate and less susceptible to errors than alternative CT-based approaches, because it takes into account the effective energy of the CT system and the energy-dependent effects of the X-ray attenuation process.
FIG. 1 Density Calibration Phantom  
5.3 This (or any) test method for measuring density is valid only to the extent that observed CT-number variations are reflective of true changes in object density rather than image artifacts. Artifacts are always present at some level and can masquerade as density variations. Beam hardening artifacts are particularly detrimental. It is the responsibility of the user to determine or establish, or both, the validity of the density measurements; that is, they are performed in regions of the image which are not overly influenced by artifacts.  
5.4 Linear attenuation and mass attenuation may be measured in various ways. For a discussion of attenuation and attenuation measurement, see Guide E1441 and Practice E1570.
SCOPE
1.1 This test method covers instruction for determining the density calibration of X- and γ-ray computed tomography (CT) systems and for using this information to measure material densities from CT images. The calibration is based on an examination of the CT image of a disk of material with embedded specimens of known composition and density. The measured mean CT values of the known standards are determined from an analysis of the image, and their linear attenuation coefficients are determined by multiplying their measured physical density by their published mass attenuation coefficient. The density calibration is performed by applying a linear regression to the data. Once calibrated, the linear attenuation coefficient of an unknown feature in an image can be measured from a determination of its mean CT value. Its density can then be extracted from a knowledge of its mass attenuation coefficient, or one representative of the feature.  
1.2 CT provides an excellent method of nondestructively measuring density variations, which would be very difficult to quantify otherwise. Density is inherently a volumetric property of matter. As the measurement volume shrinks, local material inhomogeneities become more important; and measured values will begin to vary about the bulk density value of the material.  
1.3 All values are stated in SI units.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off