iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ASTM

ASTM E1985-98

(Guide)

Standard Guide for User Authentication and Authorization

Standard Guide for User Authentication and Authorization

SCOPE
1.1 This guide covers mechanisms that may be used to authenticate healthcare information (both administrative and clinical) users to computer systems, as well as mechanisms to authorize particular actions by users. These actions may include access to healthcare information documents, as well as, specific operations on those documents (for example, review by a physician).  
1.2 This guide addresses both centralized and distributed environments, by defining the requirements that a single system shall meet and the kinds of information which shall be transmitted between systems to provide distributed authentication and authorization services.  
1.3 This guide addresses the technical specifications for how to perform user authentication and authorization. The actual definition of who can access what is based on organizational policy.

General Information

Status
Historical
Publication Date
09-Oct-1998
ICS
35.240.80 - IT applications in health care technology
Technical Committee
E31 - Healthcare Informatics
Drafting Committee
E31.25 - Healthcare Data Management, Security, Confidentiality, and Privacy
Current Stage
Ref Project

Relations

Replaced By
ASTM E1985-98(2005) - Standard Guide for User Authentication and Authorization
Effective Date
01-Nov-2005

Buy Standard

ASTM E1985-98 - Standard Guide for User Authentication and AuthorizationASTM E1985-98 - Standard Guide for User Authentication and Authorization
PreviousNext
Guide
ASTM E1985-98 - Standard Guide for User Authentication and Authorization
English language
4 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


NOTICE: This standard has either been superseded and replaced by a new version or withdrawn.
Contact ASTM International (www.astm.org) for the latest information
An American National Standard
Designation:E1985–98
Standard Guide for
User Authentication and Authorization
This standard is issued under the fixed designation E 1985; the number immediately following the designation indicates the year of
original adoption or, in the case of revision, the year of last revision. A number in parentheses indicates the year of last reapproval. A
superscript epsilon (e) indicates an editorial change since the last revision or reapproval.
1. Scope FIPS PUB 112 Password Usage
FIPS PUB 181 Automated Password Generator
1.1 This guide covers mechanisms that may be used to
FIPS PUB 190 Guideline for Use of Advanced Authentica-
authenticate healthcare information (both administrative and
tion Technology Alternatives
clinical) users to computer systems, as well as mechanisms to
authorize particular actions by users. These actions may
3. Terminology
include access to healthcare information documents, as well as
3.1 Definitions:
specific operations on those documents (for example, review
3.1.1 access control list—a piece of access control informa-
by a physician).
tion, associated with a target, that specifies the initiators who
1.2 This guide addresses both centralized and distributed
may access the target.
environments, by defining the requirements that a single
3.1.2 capability—a piece of access control information,
system shall meet and the kinds of information which shall be
associated with an initiator, which authorizes the holder to
transmitted between systems to provide distributed authentica-
access some target.
tion and authorization services.
3.1.3 claimant—party requesting authentication; may be a
1.3 This guide addresses the technical specifications for
person or a device.
how to perform user authentication and authorization. The
3.1.4 initiator—an entity (for example, a user) who requests
actual definition of who can access what is based on organi-
access to some object.
zational policy.
3.1.5 principal—legitimate owner of an identity.
2. Referenced Documents 3.1.6 security label—access control information bound to
initiators and targets. The initiator and target labels are com-
2.1 ASTM Standards:
pared to determine if access is allowed.
E 1762 Guide for Electronic Authentication of Healthcare
3.1.7 target—an entity (for example, a file or document)
Information
that may be accessed by an initiator.
PS 100 Provisional Specification for Authentication of
2 3.1.8 verifier—another party seeking to authenticate princi-
Healthcare Information Using Digital Signatures
pal.
2.2 ANSI Standard:
3.2 Acronyms:
X9.45 Enhanced Management Controls Using Digital Sig-
3.2.1 ACI—Access Control Information
natures and Attribute Certificates
3.2.2 ACL—Access Control List
2.3 ISO Standard:
3.2.3 ADF—Access Control Decision Function
ISO 10181-3 1994: Security Frameworks in Open
4 3.2.4 ADI—Access Control Decision Information
Systems—Access Control Framework
3.2.5 AEF—Access Control Enforcement Function
2.4 Other Standards:
3.2.6 PIN—Personal Identification Number
ECMA1-219 Authentication and Privilege Attribute Secu-
rity Applications with Related Key Distribution Func-
4. Significance and Use
tions
4.1 This guide has three purposes:
4.1.1 To serve as a guide for developers of computer
software that provides or makes use of authentication and
This guide is under the jurisdiction of ASTM Committee E-31 on Healthcare
authorization processes,
Informatics and is the direct responsibility of Subcommittee E31.20 on Data System
4.1.2 To serve as a guide to healthcare providers who are
Security for Health Information.
implementing authentication and authorization mechanisms,
Current edition approved Oct. 10, 1998. Published November 1998.
and
Annual Book of ASTM Standards, Vol 14.01.
Available from American National Standards Institute, 11 W. 42nd St., 13th
Floor, New York, NY 10036.
Available from ISO, 1 Rue de Varembe, Case Postale 56, CH 1211, Geneve,
Switzerland. Available from National Technical Information Service, U.S. Department of
Available from ECMA. Commerce, Springfield, VA. http://csrc.nist.gov or www.ntis.gov.
Copyright © ASTM International, 100 Barr Harbor Drive, PO Box C700, West Conshohocken, PA 19428-2959, United States.
E1985–98
4.1.3 To be a consensus standard on the design, implemen- proof of identity. A password or PIN may be used to access
tation, and use of authentication and authorization mecha- informationontoken.Theverifiershallthenverifythetokenof
nisms. the claimant.
4.2 Additional standards will define interoperable protocols 5.4.2 The information shall be protected against duplication
and message formats that can be used to implement these
or theft.
mechanisms in a distributed environment, using specific com-
5.4.3 Determination of which type of form factor may be
mercial technologies such as digital signatures.
used is based on risk assessment and organizational policy.
5.4.4 Theformfactorsmayincludebutarenotlimitedtothe
5. User Authentication
following:
5.1 Authentication ensures the identity of a user. The
5.4.4.1 Smart Card,
legitimate owner of an identity is known as a principal.
5.4.4.2 PCMCIA,
Authentication occurs when a claimant has presented a prin-
5.4.4.3 Diskettes, and
cipal’s identity and claims to be that principal. Authentication
5.4.4.4 Hand held password or challenge response genera-
allows the other party (verifier) to verify that the claim is
tors.
legitimate.
5.4.5 The form factors may also be used for cryptographic
5.2 Requirements:
techniques.
5.2.1 Users shall be authenticated for access to health
5.5 Physical Characteristic:
information.
5.5.1 Certain physical features of the human body are
5.2.2 Users may be authenticated at the system, subsystem,
relatively unique to an individual. These features are called
application, or medical record level.
biometrics. Biometric authentication is the measurement of a
5.2.3 Users shall be authenticated by one or more of the
uniquebiologicalfeaturesusedtoverifytheclaimedidentityof
following methods based on organizational policy:
aprincipal.Theclaimantshallpresentthebiometricasproofof
5.2.3.1 Claimant demonstrates knowledge of a password, or
identity. The biometric may be stored on a token. A password
the like,
or PIN may be used to access the biometric. The verifier shall
5.2.3.2 Claimant demonstrates possession of a token, or
then verify the biometric of the claimant.
something similar,
5.5.2 Thebiometricshallbeprotectedagainstduplicationor
5.2.3.3 Claimant exhibits some physical characteristic, like
theft.
a fingerprint, and
5.5.3 Determinationofwhichtypeofbiometricmaybeused
5.2.3.4 Cryptographic techniques.
is based on risk assessment and organizational policy.
5.2.4 Remote access to health information shall be mutually
5.5.4 These biometrics include but are not limited to the
authenticated.
following:
5.2.5 Determination of which method or methods to use for
5.5.4.1 Fingerprints,
authentication shall be based on a risk assessment and organi-
5.5.4.2 Voice recognition,
zational policy.
5.5.4.3 Retinal scan,
5.2.6 For accountability purposes, authentication shall be
5.5.4.4 Hand geometry,
based upon an individual principal rather than upon a role.
5.5.4.5 Signature dynamics or recognition, and
5.3 Knowledge:
5.5.4.6 Facial characteristics.
5.3.1 Password or Personal Identification Number:
5.6 Cryptographic Techniques:
5.3.1.1 In any environment, a user can be authenticated
5.6.1 Authentication using cryptographic techniques are
using a password or a personal identification number (PIN).
based on the principle of convincing a verifier that because a
The claimant shall enter a password or PIN for authentication
claimant possesses some secret key, the claimant is the
purposes. The verifier shall then verify the password or PIN of
principal claimed. Symmetric or public key techniques may be
the claimant.
used.
5.3.1.2 The password or PIN shall be protected against
5.6.2 Symmetric Key— The principal and the verifier shall
disclosure. For guidelines on password generation and usage
shareasymmetrickey.Theclaimantshalleitherencryptorseal
see FIPS PUB 112.
the information using that key. If the verifier can successfully
5.3.1.3 In a multiple system environment, a single password
decryptorverifythatthesealiscorrect,thentheclaimantisthe
or PIN may be used for authentication.
principal claimed to be. A non-repeating value may also be
5.3.2 Challenge-Response—Password or PIN-based
used as part of the information encrypted.
schemes may be augmented by the challenge-response mecha-
nism. In challenge-response, as part of the authentication 5.6.3 Public Key—The principal shall have a public/private
key pair. The claimant digitally signs a challenge using his
protocol, the verifier sends the claimant a non-repeating value
(challenge) in advance. The claimant sends a response to the private key. The verifier checks the digital signature, using the
public key of the principal. If the signature checks correctly,
verifier based on the challenge.
5.4 Possession: then the claimant is the principal that he claimed to be. A
non-repeatingvaluemayalsobeusedaspartoftheinformation
5.4.1 The user or claimant shows possession by presenting
a physical object or token that is unique to the principal or signed. See also 5.3.2.
claimant. The token shall contain information unique to the 5.6.4 A trusted on-line server may be used for authentica-
principal or claimant. The claimant shall present the token as tion. One of the following methods may be used:
E1985–98
5.6.4.1 The claimant shall encrypt or seal the health infor- possible to make use of existing operating system access
mation with his or her key. A separate exchange with the control mechanisms if the AEF and ADF reside on the same
authentication server shall be used for verification.The verifier system as the target.
and the authentication server shall use a shared key.
6.2.2 A variety of access control mechanisms have been
5.6.4.2 The claimant shall first conduct an exchange with defined, each of which is appropriate for particular environ-
the authentication server to obtain a ticket which is then passed
ments. These include:
to the verifier. The exchange between the claimant and authen-
6.2.2.1 Access control lists (ACLs) are associated with a
tication server shall be protected using a shared key. The ticket
target and list the initiators which may access the target.ACLs
shall be constructed in such a way that will be acceptable only
might list individual user identities, as well as names of groups
to an entity knowing the shared key between the verifier and
of users, and roles. Using groups and roles can minimize the
the authentication server. An example of this is the Kerberos
size of the ACL. Many operating systems support ACLs. In a
system.
distributed environment, some method for verifying the iden-
5.6.5 When using the public key cryptography, an off-line
tity of a remote initiator (for example, a public key certificate)
server may be used for authentication. Verifiers shall need to
is needed in order to provide remote access. ACLs are
obtain the certified public keys of principals and certificate
particularly appropriate when the number of targets is very
revocation lists.
large compared to the number of initiators.
6.2.2.2 Capabilities are associated with an initiator and
6. Authorization
specify the targets that may be accessed. Targets might be
combined into groups in order to minimize the size of
6.1 Requirements:
capabilities. In some cases (for example, a patient record),
6.1.1 Three types of authorization are required based on
targets are hierarchically structured so that a capability might
organizational policy:
grant access to the “root” object and all subordinates. In other
6.1.1.1 Users shall be authorized to access (read or write)
cases, independent targets (for example, all patients on a ward)
healthcare information documents;
can be combined into a group, as discussed below. Few
6.1.1.2 Users shall be authorized to perform application-
operating systems implement capabilities. However, in a dis-
specific actions on a document (for example, physician re-
tributed environment, there is a great deal of work using
view); and
certificates to bind access control and other information to a
6.1.1.3 Users shall be able to determine whether all neces-
user’s identity (see, for example, ANSI X9.45). Such certifi-
sary actions have been performed on the document, and
cates can be used to specify such capabilities.
whether the users performing these actions were allowed to do
6.2.2.3 Security labels are associated with both the initiator
so, according to any rules and limits agreed to by the parties
and the target and are compared by the ADF to determine if
involved.Forexample,itmaybearequirementthatdocuments
access is allowed. Labels were developed for the military
shall be reviewed by a physician prior to inclusion in the
environment and typically contain a security classification.An
medical record.
initiator may, then, read a target if the initiator’s classification
6.1.2 A user’s application-specific action on a document
dominates (is greater than) that of the target. Labels are useful
will be indicated using an electronic signature, as defined in
if there are many initiators and targets, but only a coarse
Guide E 1762. Particular actions are indicated using signature
granularity of access (that is, a classification) is needed.
purposes. Thus, signatures are applied in 6.1.1.2, and verified
6.2.2.4 The mechanisms in 6.2.2.1-6.2.2.3 may, of course,
in 6.1.1.3. Generic access as described in 6.1.1.1 may be
be combined, so that, for example, a user shall have an
indicated using signatures, but this is not a requirement. This
appropriate classification, and be on anACL, in order to access
type of access may be needed to perform the specific actions of
a file.
6.1.1.2.
6.2.3 Access control policies may be rule-based, in which
6.2 Access Control:
case the policy is specified and enforced by the authority
6.2.1 In a distributed environment, the following entities
responsible for a security domain, or identity-based, in which
canbeidentified:theinitiatorwishestoaccesssomeobject:the
case individual users control access to their own information.
target. Access is mediated by an access control enforcement
Rule-based policies may be automatically enforced; one ex-
function (AEF), that uses an access control decision function
ample is a multi-level security policy using classifications.
(ADF) to determine whether access is to be granted. This
Non-hierarchical policies may be constructed by assigning
decision is based on access control decision information (ADI)
initiators and targets to compartments. Note that in either case,
associate
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ASTM
ASTM E2147-18(Specification)
Standard Specification for Audit and Disclosure Logs for Use in Health Information Systems

ABSTRACT
This specification describes the security requirements involved in the development and implementation of audit and disclosure logs used in health information systems. It specifies how to design an access audit log to record all access to patient identifiable information maintained in computer systems, and includes principles for developing policies, procedures, and functions of health information logs to document all disclosure of confidential health care information to external users for use in manual and computer systems. This specification provides for two main purposes, namely: to define the nature, role, and function of system access audit logs and their use in health information systems as a technical and procedural tool to help provide security oversight; and to identify principles for establishing a permanent record of disclosure of health information to external users and the data to be recorded in maintaining it.
SIGNIFICANCE AND USE
4.1 Data that document health services in health care organizations are business records and shall be archived to a secondary but retrievable medium, and readily accessible, such as data that would be archived in a server or cloud storage. Audit data shall be retained for as long as the medical record is maintained, and may not be destroyed before the medical record may legally be destroyed, and in any event, for at least 10 years or for two years after the legal age of majority, unless a longer period of record retention is prescribed by state, federal or other law or regulation.  
4.2 The purpose of audit data and disclosure logs is to document and maintain a permanent, trustworthy, and immutable record of all authorized and unauthorized activities of any nature whatsoever and disclosure of confidential health information {except exclusions per federal and state law [21 CFR 11 Subpart B(e)]}. This further facilitates the purpose that patients, healthcare providers, organizations, and others can obtain a verifiable, self-authenticating record documenting all activities with respect to that record. The process of information disclosure and auditing shall also conform, where relevant, with the Privacy Act of 1974 (3).  
4.3 Audit reports designed for system access provide a precise capability for healthcare providers, organizations, patients, patient representatives, and advocates to see who has accessed and/or manipulated patient information. Because of the significant risk of medical information manipulation in computing environments by authorized and unauthorized users, the audit report is an important management tool to monitor access and any such manipulation retrospectively. In addition, the access and disclosure logs become powerful support documents for disciplinary and legal actions. Moreover, audit reports are essential components to comprehensive security programs in healthcare and vital for the privacy rights of the individual. A patient has a right to ...
SCOPE
1.1 This specification is for the development and implementation of secure audit data and logs for electronically stored health information. It specifies how to design the audit log to record all activities impacting a medical record, for example, creating a new record, entering data into a record, changing or deleting an existing record, and all additional user access data (for example, identification, location, and date and time) to patient-identifiable information maintained in computer systems. Such audit logs shall track not only data entry and modifications, but also simple access and viewing of the patient record, and whether any modifications are made during that access. This specification also includes principles for developing policies, procedures, and functions of health information logs to document all actions regarding identifiable health information for use in both manually entered (paper record) and computer systems.  
1.2 The first purpose of this specification is to defin...

  • Technical specification
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2767-24(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for X-ray Computed Tomography (CT) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of X-ray tomographic NDE data will use this standard. This practice defines a set of information modules that along with Practice E2339 and the DICOM standard provide a standard means to organize X-ray tomography test parameters and results. The X-ray CT test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any tomographic inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice facilitates the interoperability of X-ray computed tomography (CT) imaging equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of the NEMA Standards Publication titled Digital Imaging and Communications in Medicine (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE test results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to X-ray CT test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from tomographic test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the X-ray CT technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    11 pages
    English language
    sale 15% off
ASTM
ASTM E3398-23(Guide)
Standard Guide for Digital Neutron Radiography

SIGNIFICANCE AND USE
4.1 Purpose—Practices to be employed for the radiographic examination of materials and components with neutrons using digital neutron detectors are outlined herein. They are intended as a guide for the assessment of a digital neutron radiograph’s characteristics. For information on neutron beam lines for imaging and film neutron radiography, refer to Guide E748.  
4.2 Limitations—Acceptance standards have not been established for any material or production process. Neutron radiography, whether performed by means of a reactor, an accelerator, subcritical assembly, or radioactive source, will be consistent in sensitivity and spatial resolution only if the consistency of all details of the technique, such as neutron source, collimation, geometry, imaging system, etc., are maintained. This guide is limited to the use of digital neutron detectors in combination with neutron conversion materials for image recording. This guide is intended for use with thermal and cold neutron spectrums. The production of thermal neutron radiographs by employing the use of film and appropriate conversion screens is covered in Guide E748.  
4.3 Interpretation and Acceptance Standards—Interpretat- ion and acceptance standards are not covered by this guide. Designation of accept-reject standards is recognized to be within the cognizance of product specifications.  
4.4 Other Aspects of the Neutron Radiographic Process—For many important aspects of neutron radiography such as technique, files, viewing of radiographs, storage of radiographs, film processing, and record keeping, refer to Guide E94, which covers these aspects for X-ray radiography. (See Section 2.)
SCOPE
1.1 This guide covers the evaluation, qualification, and quantification of digital neutron images. These images can be acquired by many methods, including: neutron sensitive imaging plates (Computed Radiography – CR), Digital Detector Arrays – DDA’s (amorphous silicon, CMOS, CCD, etc.), micro-channel plates, neutron sensitive fluoroscopes, neutron sensitive scintillators coupled to optical cameras, digitized radiographic films, and linear diode arrays.  
1.2 This guide does not purport to establish what is considered an acceptable image but is intended to only give guidance on digital neutron imaging, as well as image quality metrics of importance, and how they can be measured and reported.  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E2738-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Computed Radiography (CR) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of computed radiography NDE data will use this practice. This practice will define a set of information modules that along with the Practice E2339 and the DICOM standard will provide a standard means to organize CR inspection data. The CR inspection data may be displayed and analyzed on any device that conforms to the standard. Personnel wishing to view any CR inspection data stored in accordance with Practice E2339 may use this practice to help them decode and display the data contained in the DICONDE compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of computed radiography (CR) imaging and data acquisition equipment by specifying image data transfer and archival storage methods in commonly accepted terms. This practice is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules and a data dictionary that are specific to computed radiography test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from CR test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all standard CR technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this practice.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM E2699-23(Practice)
Standard Practice for Digital Imaging and Communication in Nondestructive Evaluation (DICONDE) for Digital X-ray (DX) Test Methods

SIGNIFICANCE AND USE
5.1 Personnel that are responsible for the creation, transfer, and storage of digital X-ray test results will use this standard. This practice defines a set of information modules that, along with Practice E2339 and the DICOM standard, provides a standard means to organize digital X-ray test parameters and results. The digital X-ray test results may be displayed and analyzed on any device that conforms to this standard. Personnel wishing to view any digital X-ray inspection data stored according to Practice E2339 may use this document to help them decode and display the data contained in the DICONDE-compliant inspection record.
SCOPE
1.1 This practice covers the interoperability of digital X-ray imaging equipment using Digital Detector Arrays (DDA) as described in Practice E2698 by specifying image data transfer and archival methods in commonly accepted terms. A separate practice, Practice E2738, addresses this topic for digital X-ray imaging equipment using Computed Radiography (CR). This document is intended to be used in conjunction with Practice E2339 on Digital Imaging and Communication in Nondestructive Evaluation (DICONDE). Practice E2339 defines an industrial adaptation of DICOM NEMA PS3 / ISO 12052 (DICOM, see http://medical.nema.org), an international standard for image data acquisition, review, storage, and archival storage. The goal of Practice E2339, commonly referred to as DICONDE, is to provide a standard that facilitates the display and analysis of NDE results on any system conforming to the DICONDE standard. Toward that end, Practice E2339 provides a data dictionary and a set of information modules that are applicable to all NDE modalities. This practice supplements Practice E2339 by providing information object definitions, information modules, and a data dictionary that are specific to digital X-ray test methods.  
1.2 This practice has been developed to overcome the issues that arise when analyzing or archiving data from digital X-ray test equipment using proprietary data transfer and storage methods. As digital technologies evolve, data must remain decipherable through the use of open, industry-wide methods for data transfer and archival storage. This practice defines a method where all the digital X-ray technique parameters and test results are communicated and stored in a standard manner regardless of changes in digital technology.  
1.3 This practice does not specify:  
1.3.1 A testing or validation procedure to assess an implementation's conformance to the standard.  
1.3.2 The implementation details of any features of the standard on a device claiming conformance.  
1.3.3 The overall set of features and functions to be expected from a system implemented by integrating a group of devices each claiming DICONDE conformance.  
1.4 Units—Although this practice contains no values that require units, it does describe methods to store and communicate data that do require units to be properly interpreted. The SI units required by this practice are to be regarded as standard. No other units of measurement are included in this standard.  
1.5 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.6 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    6 pages
    English language
    sale 15% off
  • Standard
    6 pages
    English language
    sale 15% off
ASTM
ASTM E1475-13(2023)(Guide)
Standard Guide for Data Fields for Computerized Transfer of Digital Radiological Examination Data

SIGNIFICANCE AND USE
3.1 The primary use of this guide is to provide a standardized approach for the data file to be used for the transfer of digital radiological data from one user to another where the two users are working with dissimilar systems. This guide describes the contents, both required and optional for an intermediate data file that can be created from the native format of the radiological system on which the data was collected and that can be converted into the native format of the receiving radiological data analysis system. This guide will also be useful in the archival storage and retrieval of radiological data as either a data format specifier or as a guide to the data elements which should be included in the archival file.  
3.2 Although the recommended field listing includes more than 100 field numbers, only about half of those are regarded as essential and are marked Footnote C in Table 1. Fields so marked must be included in the data base. The other fields recommended provide additional information that a user will find helpful in understanding the radiological image and examination result. These header field items will, in most cases, make up only a very small part of a radiological examination file. The actual stream of radiological data that make up the image will take up the largest part of the data base. Since a radiological image file will normally be large, the concept of data compression will be considered in many cases. Compressed data should be noted, along with a description of the compression method, as indicated in Field No. 92 (see Table 1). (A) Field numbers are for reference only. They do not imply a necessity to include all these fields in any specific data base nor imply a requirement that fields used be in this particular order.(B) Units listed first are SI; those in parentheses are inch-pound (English).(C) Denotes essential field for computerization of examination results, regardless of examination method.(D) Denotes essential field for radiogra...
SCOPE
1.1 This guide provides a listing and description of the fields that are recommended for inclusion in a digital radiological examination data base to facilitate the transfer of such data. This guide sets guidelines for the format of data fields for computerized transfer of digital image files obtained from radiographic, radioscopic, computed radiographic, or other radiological examination systems. The field listing includes those fields regarded as necessary for inclusion in the data base: (1) regardless of the radiological examination method (as indicated by Footnote C in Table 1), (2) for radioscopic examination (as indicated by Footnote F in Table 1), and (3) for radiographic examination (as indicated by Footnote D in Table 1). In addition, other optional fields are listed as a reminder of the types of information that may be useful for additional understanding of the data or applicable to a limited number of applications.  
1.2 It is recognized that organizations may have in place an internal format for the storage and retrieval of radiological examination data. This guide should not impede the use of such formats since it is probable that the necessary fields are already included in such internal data bases, or that the few additions can easily be made. The numerical listing and its order indicated in this guide is only for convenience; the specific numbers and their order carry no inherent significance and are not part of the data file.  
1.3 Current users of Guide E1475 do not have to change their software. First time users should use the XML structure of Table A1.1 for their data.  
1.4 The types of radiological examination systems that appear useful in relation to this guide include radioscopic systems as described in Guide E1000, Practices E1255, E1411, E2597, E2698 and E2737, and radiographic systems as described in Guide E94 and Practices E748, E1742, E2033, E2445, and E2446. Many of the terms used are def...

  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM F3107-14(2023)(Test Method)
Standard Test Method for Measuring Accuracy After Mechanical Disturbances on Reference Frames of Computer Assisted Surgery Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for comparison and evaluation of the accuracy of different CAS systems.  
5.2 The use of CAS systems and robotic tracking systems is becoming increasingly common and requires a degree of trust by the user that the data provided by the system meets necessary accuracy requirements. In order to evaluate the potential use of these systems, and to make informed decisions about suitability of a system for a given procedure, objective performance data of such systems are necessary. While the end user will ultimately want to know the accuracy parameters of a system under clinical application, the first step must be to characterize the digitization accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting point accuracy is needed. Parameters such as coordinate system, units of measure, terminology, and operational conditions must be standardized.
SCOPE
1.1 This standard will measure the effects on the accuracy of computer assisted surgery (CAS) systems of the environmental influences caused by equipment utilized for bone preparation during the intended clinical application for the system. The environmental vibration effect covered in this standard will include mechanical vibration from: cutting saw (sagittal or reciprocating), burrs, drills, and impact loading. The change in accuracy from detaching and re-attaching or disturbing a restrained connection that does not by design require repeating the registration process of a reference base will also be measured.  
1.2 It should be noted that one system may need to undergo multiple iterations (one for each clinical application) of this standard to document its accuracy during different clinical applications since each procedure may have different exposure to outside forces given the surgical procedure variability from one procedure to the next.  
1.3 All units of measure will be reported as millimeters for this standard.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off
ASTM
ASTM F2554-22(Practice)
Standard Practice for Measurement of Positional Accuracy of Computer-Assisted Surgical Systems

SIGNIFICANCE AND USE
5.1 The purpose of this practice is to provide data that can be used for evaluation of the accuracy of different CAS systems.  
5.2 The use of surgical navigation and robotic positioning systems is becoming increasingly common. In order to make informed decisions about the suitability of such systems for a given procedure, their accuracy capability needs to be evaluated under clinical application and compared to the requirements. As the performance of a whole system is constrained by those of its subparts, a preliminary step must be to objectively characterize the accuracy of the tracking subsystem in a controlled environment under controlled conditions.  
5.3 In order to make comparisons within and between systems, a standardized way of measuring and reporting accuracy is needed. Parameters such as coordinate system, units of measurement, terminology, and operational conditions must be standardized.
SCOPE
1.1 This document provides procedures for measurement and reporting of basic static performance of surgical navigation and/or robotic positioning devices under defined conditions. They can be performed on a subsystem (for example, tracking only) or a full computer-aided surgery system as would be used clinically. Testing a subsystem does not mean that the whole system has been tested. The functionality to be tested based on this practice is limited to the performance (accuracy in terms of bias and precision) of the system regarding point localization in space by means of a pointer. A point in space has no orientation; only multidimensional objects have orientation. Therefore, orientation of objects is not within the scope of this practice. However, in localizing a point the different orientations of the pointer can produce errors. These errors and the pointer orientation are within the scope of this practice. The aim is to provide a standardized measurement of performance variables by which end users can compare within a system (for example, with different reference elements or pointers) and between different systems (for example, from different manufacturers). Parameters to be evaluated include (based upon the features of the system being evaluated):
(1) Accuracy of a single point relative to a coordinate system.
(2) Sensitivity of tracking accuracy due to changes in pointer orientation.
(3) Relative point-to-point accuracy.  
1.1.1 This method covers all configurations of the evaluated system as well as extreme placements across the measurement volume.  
1.2 This practice defines a standardized reporting format, which includes definition of the coordinate systems to be used for reporting the measurements, and statistical measures (for example, mean, RMS, and maximum error).  
1.3 The values stated in SI units are to be regarded as standard. No other units of measurement are included in this standard, except for angular measurements, which may be reported in terms of radians or degrees.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    9 pages
    English language
    sale 15% off
  • Standard
    9 pages
    English language
    sale 15% off
ASTM
ASTM E2891-20(Guide)
Standard Guide for Multivariate Data Analysis in Pharmaceutical Development and Manufacturing Applications

SIGNIFICANCE AND USE
4.1 A significant amount of data is generated during pharmaceutical development and manufacturing activities. The interpretation of such data is becoming increasingly difficult. Individual examination of the univariate process variables is relevant but can be significantly complemented by multivariate data analysis (MVDA). MVDA may be particularly appropriate for exploring and handling large sets of heterogenous data, mapping data of high dimensionality onto lower dimensional representations, exposing significant correlations among multivariate variables within a single data set or significant correlations among multivariate variables across data sets. MVDA may extract statistically significant information which may enhance process understanding, decision making in process development, process monitoring and control (including product release), product life-cycle management, and continuous improvement.  
4.2 MVDA is widely used in various industries including the pharmaceutical industry. To achieve a valid outcome, an MVDA model/application should incorporate the following:  
4.2.1 A predefined risk-based objective incorporating one or more relevant scientific hypotheses specific to the application;  
4.2.2 Sufficient relevant data of requisite quality covering the variance space encountered during intended use, that is, pharmaceutical development, or pharmaceutical manufacturing, or both;  
4.2.3 Appropriate data analysis and model utilization practices including considerations on testing, validation, and qualification of all new data prior to using a model to analyze it;  
4.2.4 Appropriately trained staff;  
4.2.5 Appropriate standard operating procedures; and  
4.2.6 Life-cycle management.  
4.3 This guide can be used to support data analysis activities associated with pharmaceutical development and manufacturing, process performance and product quality monitoring in manufacturing, as well as for troubleshooting and investigation events. Technical detai...
SCOPE
1.1 This guide covers the applications of multivariate data analysis (MVDA) to support pharmaceutical development and manufacturing activities. MVDA is one of the key enablers for process understanding and decision making in pharmaceutical development, and for the release of intermediate and final products after being validated appropriately using a science and risk-based approach.  
1.2 The scope of this guide is to provide general guidelines on the application of MVDA in the pharmaceutical industry. While MVDA refers to typical empirical data analysis, the scope is limited to providing a high level guidance and not intended to provide application-specific data analysis procedures. This guide provides considerations on the following aspects:  
1.2.1 Use of a risk-based approach (understanding the objective requirements and assessing the fit-for-use status);  
1.2.2 Considerations on the data collection and diagnostics used for MVDA (including data preprocessing and outliers);  
1.2.3 Considerations on the different types of data analysis, model testing, and validation;  
1.2.4 Qualified and competent personnel; and  
1.2.5 Life-cycle management of MVDA model.  
1.3 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.4 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Guide
    7 pages
    English language
    sale 15% off
  • Guide
    7 pages
    English language
    sale 15% off
ASTM
ASTM E1935-97(2019)(Test Method)
Standard Test Method for Calibrating and Measuring CT Density

SIGNIFICANCE AND USE
5.1 This test method allows specification of the density calibration procedures to be used to calibrate and perform material density measurements using CT image data. Such measurements can be used to evaluate parts, characterize a particular system, or compare different systems, provided that observed variations are dominated by true changes in object density rather than by image artifacts. The specified procedure may also be used to determine the effective X-ray energy of a CT system.  
5.2 The recommended test method is more accurate and less susceptible to errors than alternative CT-based approaches, because it takes into account the effective energy of the CT system and the energy-dependent effects of the X-ray attenuation process.
FIG. 1 Density Calibration Phantom  
5.3 This (or any) test method for measuring density is valid only to the extent that observed CT-number variations are reflective of true changes in object density rather than image artifacts. Artifacts are always present at some level and can masquerade as density variations. Beam hardening artifacts are particularly detrimental. It is the responsibility of the user to determine or establish, or both, the validity of the density measurements; that is, they are performed in regions of the image which are not overly influenced by artifacts.  
5.4 Linear attenuation and mass attenuation may be measured in various ways. For a discussion of attenuation and attenuation measurement, see Guide E1441 and Practice E1570.
SCOPE
1.1 This test method covers instruction for determining the density calibration of X- and γ-ray computed tomography (CT) systems and for using this information to measure material densities from CT images. The calibration is based on an examination of the CT image of a disk of material with embedded specimens of known composition and density. The measured mean CT values of the known standards are determined from an analysis of the image, and their linear attenuation coefficients are determined by multiplying their measured physical density by their published mass attenuation coefficient. The density calibration is performed by applying a linear regression to the data. Once calibrated, the linear attenuation coefficient of an unknown feature in an image can be measured from a determination of its mean CT value. Its density can then be extracted from a knowledge of its mass attenuation coefficient, or one representative of the feature.  
1.2 CT provides an excellent method of nondestructively measuring density variations, which would be very difficult to quantify otherwise. Density is inherently a volumetric property of matter. As the measurement volume shrinks, local material inhomogeneities become more important; and measured values will begin to vary about the bulk density value of the material.  
1.3 All values are stated in SI units.  
1.4 This standard does not purport to address all of the safety concerns, if any, associated with its use. It is the responsibility of the user of this standard to establish appropriate safety, health, and environmental practices and determine the applicability of regulatory limitations prior to use.  
1.5 This international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for the Development of International Standards, Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade (TBT) Committee.

  • Standard
    5 pages
    English language
    sale 15% off