EN 13606-4:2007
(Main)Health informatics - Electronic health record communication - Part 4: Security
Health informatics - Electronic health record communication - Part 4: Security
This part of this multipart standard on Electronic Health Record Communication describes a methodology for specifying the privileges necessary to access EHR data. This methodology forms part of the overall EHR communications architecture defined in Part 1 of this standard.
This standard seeks to address those requirements uniquely pertaining to EHR communications and to represent and communicate EHR-specific information that will inform an access decision. It also refers to general security requirements that apply to EHR communications and points at technical solutions and standards that specify details on services meeting these security needs.
NOTE Security requirements for EHR systems not related to the communication of EHRs are outside the scope of this standard.
Medizinische Informatik - Kommunikation von Patientendaten in elektronischer Form - Teil 4: Sicherheit
Informatique de la santé - Communication des dossiers de santé informatisés - Partie 4 : Sécurité
Cette partie de la présente norme en plusieurs parties relative à la Communication des Dossiers Informatisés de Santé décrit une méthodologie permettant de spécifier les privilèges que nécessite un accès aux données de DIS. Cette méthodologie forme une partie de l’architecture globale relative aux communications de DIS définie dans la Partie 1 de la présente norme.
La présente norme tente d’aborder les exigences se rapportant uniquement aux communications de DIS, de représenter et de communiquer les informations spécifiques aux DIS qui permettront d’instruire une décision d’accès. Elle fait également référence aux exigences générales en matière de sécurité s’appliquant aux communications de DIS et indique des normes et des solutions techniques spécifiant des détails relatifs aux services répondant à ces besoins en matière de sécurité.
NOTE Les exigences en matière de sécurité concernant les systèmes de DIS non relatives à la communication de DIS ne relèvent pas du domaine d’application de la présente norme.
Zdravstvena informatika - Komunikacija z elektronskimi zapisi na področju zdravstva - 4. del: Varnost
General Information
Relations
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Health Informatics - Electronic health record communication - Part 4: SecuritySRGURþMXInformatique de la santé - Communication des dossiers informatisés de santé - Partie 4 : SécuritéMedizinische Informatik - Kommunikation von Patientendaten in elektronischer Form - Teil 4: SicherheitTa slovenski standard je istoveten z:EN 13606-4:2007SIST EN 13606-4:2008en35.240.80ICS:SIST ENV 13606-4:20031DGRPHãþDSLOVENSKI
STANDARDSIST EN 13606-4:200801-maj-2008
EUROPEAN STANDARDNORME EUROPÉENNEEUROPÄISCHE NORMEN 13606-4March 2007ICS 35.240.80Supersedes ENV 13606-4:2000
English VersionHealth informatics - Electronic health record communication -Part 4: SecurityInformatique de santé - Dossiers de santé informatiséscommunicants - Partie 4 : Exigences de sécurité et règlesde distributionMedizinische Informatik - Kommunikation vonPatientendaten in elektronischer Form - Teil 4: SicherheitThis European Standard was approved by CEN on 10 February 2007.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMITÉ EUROPÉEN DE NORMALISATIONEUROPÄISCHES KOMITEE FÜR NORMUNGManagement Centre: rue de Stassart, 36
B-1050 Brussels© 2007 CENAll rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 13606-4:2007: E
Illustrative access control example.38 Annex B (informative)
Relationship of this part standard to the Distribution Rules: ENV 13606-3:2000.42 Bibliography.47
Some of the kinds of agreement necessary for the security of EHR communication are inevitably outside the scope of this standard. The complete protection of EHR communication requires attention to a large number of issues, many of which are not specific to health information. CEN/TC 251/WG III has been developing a series of standards related to health care security services and management, which should be applied when building EHR systems. Much of this work is now being done in co-operation between CEN and ISO/TC 215/WG 4 Health informatics/Security. There are a number of ongoing work items that have not been published at the time of writing this draft version of standard but which should become available before this standard is published, and will prove useful for the implementers of EHR systems. Some of these are: • Joint CEN-ISO Work Item: ISO/TS 22600 Privilege Management and Access Control (PMAC), • ISO Work Item: ISO/TS 21298 on Functional and Structural roles.
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.