Health informatics -- Public key infrastructure

This document defines the basic concepts underlying the use of digital certificates in healthcare and provides a scheme of interoperability requirements to establish a digital certificate-enabled secure communication of health information. It also identifies the major stakeholders who are communicating health-related information, as well as the main security services required for health communication where digital certificates can be required. This document gives a brief introduction to public key cryptography and the basic components needed to deploy digital certificates in healthcare. It further introduces different types of digital certificates — identity certificates and associated attribute certificates for relying parties, self-signed certification authority (CA) certificates, and CA hierarchies and bridging structures.

Informatique de santé -- Infrastructure de clé publique

General Information

Status
Published
Publication Date
07-Mar-2021
Current Stage
5060 - Close of voting Proof returned by Secretariat
Start Date
26-Jan-2021
Completion Date
25-Jan-2021
Ref Project

Buy Standard

Standard
ISO 17090-1:2021 - Health informatics -- Public key infrastructure
English language
41 pages
sale 15% off
Preview
sale 15% off
Preview
Draft
ISO/FDIS 17090-1:Version 21-nov-2020 - Health informatics -- Public key infrastructure
English language
41 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 17090-1
Third edition
2021-02
Health informatics — Public key
infrastructure —
Part 1:
Overview of digital certificate services
Informatique de santé — Infrastructure de clé publique —
Partie 1: Vue d'ensemble des services de certificat numérique
Reference number
ISO 17090-1:2021(E)
ISO 2021
---------------------- Page: 1 ----------------------
ISO 17090-1:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2021

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 17090-1:2021(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 Healthcare context terms ............................................................................................................................................................... 1

3.2 Security services terms .................................................................................................................................................................... 3

3.3 Public key infrastructure related terms ............................................................................................................................ 6

4 Abbreviations........................................................................................................................................................................................................... 9

5 Healthcare context .............................................................................................................................................................................................. 9

5.1 Certificate holders and relying parties in healthcare ............................................................................................ 9

5.2 Examples of actors ............................................................................................................................................................................10

5.2.1 Regulated health professional ...........................................................................................................................10

5.2.2 Non-regulated health professional................................................................................................................10

5.2.3 Patient/consumer ........................................................................................................................................................10

5.2.4 Sponsored healthcare provider........................................................................................................................10

5.2.5 Supporting organization employee ..............................................................................................................10

5.2.6 Healthcare organization .........................................................................................................................................10

5.2.7 Supporting organization ........................................................................................................................................11

5.2.8 Devices ...................................................................................................................................................................................11

5.2.9 Applications ......................................................................................................................................................................11

5.3 Applicability of digital certificates to healthcare ....................................................................................................11

6 Requirements for security services in healthcare applications ......................................................................12

6.1 Healthcare characteristics ..........................................................................................................................................................12

6.2 Digital certificate technical requirements in healthcare..................................................................................12

6.2.1 General...................................................................................................................................................................................12

6.2.2 Authentication ................................................................................................................................................................13

6.2.3 Integrity ................................................................................................................................................................................13

6.2.4 Confidentiality ................................................................................................................................................................13

6.2.5 Digital signature ............................................................................................................................................................13

6.2.6 Authorization ...................................................................................................................................................................13

6.2.7 Access control ..................................................................................................................................................................13

6.3 Healthcare-specific needs and the separation of authentication from data

encipherment ........................................................................................................................................................................................14

6.4 Health industry security management framework for digital certificates .......................................14

6.5 Policy requirements for digital certificate issuance and use in healthcare .....................................14

7 Public key cryptography ............................................................................................................................................................................14

7.1 Symmetric vs. asymmetric cryptography .....................................................................................................................14

7.2 Digital certificates..............................................................................................................................................................................15

7.3 Digital signatures ...............................................................................................................................................................................15

7.4 Protecting the private key ..........................................................................................................................................................16

8 Deploying digital certificates ................................................................................................................................................................17

8.1 Necessary components .................................................................................................................................................................17

8.1.1 General...................................................................................................................................................................................17

8.1.2 CP ...............................................................................................................................................................................................17

8.1.3 CPS.............................................................................................................................................................................................17

8.1.4 CA ...............................................................................................................................................................................................17

8.1.5 RA ...............................................................................................................................................................................................17

8.2 Establishing identity using qualified certificates ...................................................................................................18

8.3 Establishing speciality and roles using identity certificates ........................................................................18

8.4 Using attribute certificates for authorization and access control ............................................................19

© ISO 2021 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 17090-1:2021(E)

9 Interoperability requirements ...........................................................................................................................................................20

9.1 Overview ...................................................................................................................................................................................................20

9.2 Options for deploying healthcare digital certificates across jurisdictions .......................................20

9.2.1 General...................................................................................................................................................................................20

9.2.2 Option 1 — Single hierarchy of CAs .............................................................................................................20

9.2.3 Option 2 — Relying party management of trust ...............................................................................20

9.2.4 Option 3 — Cross-recognition ..........................................................................................................................21

9.2.5 Option 4 — Cross-certification .........................................................................................................................21

9.2.6 Option 5 — Bridge CA ..............................................................................................................................................22

9.3 Option usage ..........................................................................................................................................................................................22

Annex A (informative) Scenarios for the use of digital certificates in healthcare ..............................................23

Bibliography .............................................................................................................................................................................................................................40

iv © ISO 2021 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 17090-1:2021(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 215, Health informatics.

This third edition cancels and replaces the second edition (ISO 17090-1:2013), of which it constitutes a

minor revision. The changes compared to the previous edition are as follows:
— update to references;
— editorial update.
A list of all parts in the ISO 17090 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2021 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 17090-1:2021(E)
Introduction

The healthcare industry is faced with the challenge of reducing costs by moving from paper-based

processes to automated electronic processes. New models of healthcare delivery are emphasizing the

need for patient information to be shared among a growing number of specialist healthcare providers

and across traditional organizational boundaries.

Healthcare information concerning individual citizens is commonly interchanged by means of

electronic mail, remote database access, electronic data interchange, and other applications. The

Internet provides a highly cost-effective and accessible means of interchanging information, but it

is also an insecure vehicle that demands additional measures be taken to maintain the privacy and

confidentiality of information. Threats to the security of health information through unauthorized

access (either inadvertent or deliberate) are increasing. It is essential to have available to the healthcare

system reliable information security services that minimize the risk of unauthorized access.

How does the healthcare industry provide appropriate protection for the data conveyed across the

Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate

technology seek to address this challenge.

The proper deployment of digital certificates requires a blend of technology, policy, and administrative

processes that enable the exchange of sensitive data in an unsecured environment by the use of

“public key cryptography” to protect information in transit and “certificates” to confirm the identity

of a person or entity. In healthcare environments, this technology uses authentication, encipherment,

and digital signatures to facilitate confidential access to, and movement of, individual health records

to meet both clinical and administrative needs. The services offered by the deployment of digital

certificates (including encipherment, information integrity, and digital signatures) are able to address

many of these security issues. This is especially the case if digital certificates are used in conjunction

with an accredited information security standard. Many individual organizations around the world

have started to use digital certificates for this purpose.

Interoperability of digital certificate technology and supporting policies, procedures, and practices

is of fundamental importance if information is to be exchanged between organizations and between

jurisdictions in support of healthcare applications (for example between a hospital and a community

physician working with the same patient).

Achieving interoperability between different digital certificate implementations requires the

establishment of a framework of trust, under which parties responsible for protecting an individual’s

information rights may rely on the policies and practices and, by extension, the validity of digital

certificates issued by other established authorities.

Many countries are deploying digital certificates to support secure communications within their

national boundaries. Inconsistencies will arise in policies and procedures between the certification

authorities (CAs) and the registration authorities (RAs) of different countries if standards development

activity is restricted to within national boundaries.

Digital certificate technology is still evolving in certain aspects that are not specific to healthcare.

Important standardization efforts and, in some cases, supporting legislation are ongoing. On the other

hand, healthcare providers in many countries are already using or planning to use digital certificates.

This document seeks to address the need for guidance of these rapid international developments.

This document describes the common technical, operational, and policy requirements that need to be

addressed to enable digital certificates to be used in protecting the exchange of healthcare information

within a single domain, between domains, and across jurisdictional boundaries. Its purpose is to create

a platform for global interoperability. It specifically supports digital certificate-enabled communication

across borders, but could also provide guidance for the national or regional deployment of digital

certificates in healthcare. The Internet is increasingly used as the vehicle of choice to support the

movement of healthcare data between healthcare organizations and is the only realistic choice for

cross-border communication in this sector.
vi © ISO 2021 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 17090-1:2021(E)

This document should be approached as a whole, with the three parts all making a contribution

to defining how digital certificates can be used to provide security services in the health industry,

including authentication, confidentiality, data integrity, and the technical capacity to support the

quality of digital signature.

This document defines the basic concepts underlying the use of digital certificates in healthcare and

provides a scheme of interoperability requirements to establish digital certificate-enabled secure

communication of health information.

ISO 17090-2 provides healthcare specific profiles of digital certificates based on the International

[14]

Standard X.509 and the profile of this specified in IETF/RFC 3280 for different types of certificates.

ISO 17090-3 deals with management issues involved in implementing and using digital certificates

in healthcare. It defines a structure and minimum requirements for certificate policies (CPs) and a

structure for associated certification practice statements. ISO 17090-3 is based on the recommendations

of the informational IETF/RFC 3647 and identifies the principles needed in a healthcare security policy

for cross border communication. It also defines the minimum levels of security required, concentrating

on the aspects unique to healthcare.
© ISO 2021 – All rights reserved vii
---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 17090-1:2021(E)
Health informatics — Public key infrastructure —
Part 1:
Overview of digital certificate services
1 Scope

This document defines the basic concepts underlying the use of digital certificates in healthcare and

provides a scheme of interoperability requirements to establish a digital certificate-enabled secure

communication of health information. It also identifies the major stakeholders who are communicating

health-related information, as well as the main security services required for health communication

where digital certificates can be required.

This document gives a brief introduction to public key cryptography and the basic components needed

to deploy digital certificates in healthcare. It further introduces different types of digital certificates

— identity certificates and associated attribute certificates for relying parties, self-signed certification

authority (CA) certificates, and CA hierarchies and bridging structures.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 17090-2, Health informatics — Public key infrastructure — Part 2: Certificate profile

ISO 17090-3, Health informatics — Public key infrastructure — Part 3: Policy management of certification

authority
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1 Healthcare context terms
3.1.1
application

identifiable computer running software process that is the holder of a private encipherment key

Note 1 to entry: Application, in this context, can be any software process used in healthcare information systems,

including those without any direct role in treatment or diagnosis.

Note 2 to entry: In some jurisdictions, including software, processes can be regulated medical devices.

© ISO 2021 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO 17090-1:2021(E)
3.1.2
device

identifiable computer-controlled apparatus or instrument that is the holder of a private encipherment key

Note 1 to entry: This includes the class of regulated medical devices that meet the above definition.

Note 2 to entry: Device, in this context, is any device used in healthcare information systems, including those

without any direct role in treatment or diagnosis.
3.1.3
healthcare actor
actor

regulated health professional, non-regulated health professional, sponsored healthcare provider,

supporting organization employee, patient/consumer, healthcare organization, device, or application

that acts in a health-related communication and requires a certificate for a digital certificate-enabled

security service
3.1.4
healthcare organization

officially registered organization that has a main activity related to healthcare services or health

promotion

EXAMPLE Hospitals, Internet healthcare website providers, and healthcare research institutions.

Note 1 to entry: The organization is recognized to be legally liable for its activities but need not be registered for

its specific role in health.

Note 2 to entry: An internal part of an organization is called here an organizational unit, as in X.501.

3.1.5
non-regulated health professional

person employed by a healthcare organization who is not a regulated health professional

EXAMPLE Medical receptionist who organizes appointments or nurses aid who assists with patient care.

Note 1 to entry: The fact that the employee is not authorized by a body independent of the employer in his/

her professional capacity does, of course, not imply that the employee is not professional in conducting his/her

services.
3.1.6
organization employee
person employed by a healthcare organization or a supporting organization

EXAMPLE Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical

order entry clerks.
3.1.7
patient
consumer

person who is the receiver of health-related services and who is an actor in a health information system

3.1.8
privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from

undue or illegal gathering and use of data about that individual
[SOURCE: ISO/IEC 2382:2015, 2126263]
2 © ISO 2021 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 17090-1:2021(E)
3.1.9
regulated health professional

person who is authorized by a nationally recognized body to be qualified to perform certain health

services
EXAMPLE Physicians, registered nurses, and pharmacists.

Note 1 to entry: The types of registering or accrediting bodies differ in different countries and for different

professions. Nationally recognized bodies include local or regional governmental agencies, independent

professional associations, and other formally and nationally recognized organizations. They may be exclusive or

non-exclusive in their territory.

Note 2 to entry: A nationally recognized body in this definition does not imply one nationally controlled system

of professional registration but, in order to facilitate international communication, it would be preferable for one

nationwide directory of recognized health professional registration bodies to exist.

3.1.10
sponsored healthcare provider

health services provider who is not a regulated professional in the jurisdiction of his/her practice, but

who is active in his/her healthcare community and sponsored by a regulated healthcare organization

EXAMPLE A drug and alcohol education officer who is working with a particular ethnic group, or a healthcare

aid worker in a developing country.
3.1.11
supporting organization

officially registered organization which is providing services to a healthcare organization, but which is

not providing healthcare services
EXAMPLE 1 EXAMPLE

EXAMPLE 2 Healthcare financing bodies such as insurance institutions, suppliers of pharmaceuticals and

other goods.
3.2 Security services terms
3.2.1
access control

means of ensuring that the resources of a data processing system can be accessed only by authorized

entities in authorized ways
[SOURCE: ISO/IEC 2382:2015, 2126294, modified — Notes to entry removed.]
3.2.2
accountability

property that ensures that the actions of an entity may be traced uniquely to the entity

[SOURCE: ISO 7498-2:1989, 3.3.3]
3.2.3
asymmetric cryptographic algorithm

algorithm for performing encipherment or the corresponding decipherment in which the keys used for

encipherment and decipherment differ
[SOURCE: ISO/IEC 10181-1:1996, 3.3.1, modified — Note to entry removed.]
© ISO 2021 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO 17090-1:2021(E)
3.2.4
authentication

process of reliably identifying security subjects by securely associating an identifier and its

authenticator
[SOURCE: ISO 7498-2:1989]

Note 1 to entry: See also data origin authentication and peer entity authentication.

3.2.5
authorization
granting of rights, which includes the granting of access based on access rights
[SOURCE: ISO 7498-2:1989, 3.3.10]
3.2.6
availability
property of being accessible and useable upon demand by an authorized entity
[SOURCE: ISO 7498-2:1989, 3.3.11]
3.2.7
ciphertext

data produced through the use of encipherment, the semantic content of which is not available

[SOURCE: ISO 7498-2:1989, 3.3.14, modified — Note to entry removed.]
3.2.8
confidentiality

property that information is not made available or disclosed to unauthorized individuals, entities, or

processes
[SOURCE: ISO 7498-2:1989, 3.3.16]
3.2.9
cryptography

discipline which embodies principles, means, and methods for the transformation of data in order to

hide its information content, prevent its undetected modification, and/or prevent its unauthorized use

[SOURCE: ISO 7498-2:1989, 3.3.20, modified — Note to entry removed.]
3.2.10
cryptographic algorithm
cipher

method for the transformation of data in order to hide its information content, prevent its undetected

modification, and/or prevent its unauthorized use
[SOURCE: ISO 7498-2:1989]
3.2.11
data integrity
property that data have not been altered or destroyed in an unauthorized manner
[SOURCE: ISO 7498-2:1989, 3.3.21]
...

FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 17090-1
ISO/TC 215
Health informatics — Public key
Secretariat: ANSI
infrastructure —
Voting begins on:
2020-11-30
Part 1:
Voting terminates on:
Overview of digital certificate services
2021-01-25
Informatique de santé — Infrastructure de clé publique —
Partie 1: Vue d'ensemble des services de certificat numérique
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO-
ISO/FDIS 17090-1:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN-
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. ISO 2020
---------------------- Page: 1 ----------------------
ISO/FDIS 17090-1:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/FDIS 17090-1:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 Healthcare context terms ............................................................................................................................................................... 1

3.2 Security services terms .................................................................................................................................................................... 3

3.3 Public key infrastructure related terms ............................................................................................................................ 6

4 Abbreviations........................................................................................................................................................................................................... 9

5 Healthcare context .............................................................................................................................................................................................. 9

5.1 Certificate holders and relying parties in healthcare ............................................................................................ 9

5.2 Examples of actors ............................................................................................................................................................................10

5.2.1 Regulated health professional ...........................................................................................................................10

5.2.2 Non-regulated health professional................................................................................................................10

5.2.3 Patient/consumer ........................................................................................................................................................10

5.2.4 Sponsored healthcare provider........................................................................................................................10

5.2.5 Supporting organization employee ..............................................................................................................10

5.2.6 Healthcare organization .........................................................................................................................................10

5.2.7 Supporting organization ........................................................................................................................................11

5.2.8 Devices ...................................................................................................................................................................................11

5.2.9 Applications ......................................................................................................................................................................11

5.3 Applicability of digital certificates to healthcare ....................................................................................................11

6 Requirements for security services in healthcare applications ......................................................................12

6.1 Healthcare characteristics ..........................................................................................................................................................12

6.2 Digital certificate technical requirements in healthcare..................................................................................12

6.2.1 General...................................................................................................................................................................................12

6.2.2 Authentication ................................................................................................................................................................13

6.2.3 Integrity ................................................................................................................................................................................13

6.2.4 Confidentiality ................................................................................................................................................................13

6.2.5 Digital signature ............................................................................................................................................................13

6.2.6 Authorization ...................................................................................................................................................................13

6.2.7 Access control ..................................................................................................................................................................13

6.3 Healthcare-specific needs and the separation of authentication from data

encipherment ........................................................................................................................................................................................14

6.4 Health industry security management framework for digital certificates .......................................14

6.5 Policy requirements for digital certificate issuance and use in healthcare .....................................14

7 Public key cryptography ............................................................................................................................................................................14

7.1 Symmetric vs. asymmetric cryptography .....................................................................................................................14

7.2 Digital certificates..............................................................................................................................................................................15

7.3 Digital signatures ...............................................................................................................................................................................15

7.4 Protecting the private key ..........................................................................................................................................................16

8 Deploying digital certificates ................................................................................................................................................................17

8.1 Necessary components .................................................................................................................................................................17

8.1.1 General...................................................................................................................................................................................17

8.1.2 CP ...............................................................................................................................................................................................17

8.1.3 CPS.............................................................................................................................................................................................17

8.1.4 CA ...............................................................................................................................................................................................17

8.1.5 RA ...............................................................................................................................................................................................17

8.2 Establishing identity using qualified certificates ...................................................................................................18

8.3 Establishing speciality and roles using identity certificates ........................................................................18

8.4 Using attribute certificates for authorization and access control ............................................................19

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/FDIS 17090-1:2020(E)

9 Interoperability requirements ...........................................................................................................................................................20

9.1 Overview ...................................................................................................................................................................................................20

9.2 Options for deploying healthcare digital certificates across jurisdictions .......................................20

9.2.1 General...................................................................................................................................................................................20

9.2.2 Option 1 — Single hierarchy of CAs .............................................................................................................20

9.2.3 Option 2 — Relying party management of trust ...............................................................................20

9.2.4 Option 3 — Cross-recognition ..........................................................................................................................21

9.2.5 Option 4 — Cross-certification .........................................................................................................................21

9.2.6 Option 5 — Bridge CA ..............................................................................................................................................22

9.3 Option usage ..........................................................................................................................................................................................22

Annex A (informative) Scenarios for the use of digital certificates in healthcare ..............................................23

Bibliography .............................................................................................................................................................................................................................40

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/FDIS 17090-1:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 215, Health informatics.

This third edition cancels and replaces the second edition (ISO 17090-1:2013), of which it constitutes a

minor revision. The changes compared to the previous edition are as follows:
— update to references;
— editorial update.
A list of all parts in the ISO 17090 series can be found on the ISO website.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/FDIS 17090-1:2020(E)
Introduction

The healthcare industry is faced with the challenge of reducing costs by moving from paper-based

processes to automated electronic processes. New models of healthcare delivery are emphasizing the

need for patient information to be shared among a growing number of specialist healthcare providers

and across traditional organizational boundaries.

Healthcare information concerning individual citizens is commonly interchanged by means of

electronic mail, remote database access, electronic data interchange, and other applications. The

Internet provides a highly cost-effective and accessible means of interchanging information, but it

is also an insecure vehicle that demands additional measures be taken to maintain the privacy and

confidentiality of information. Threats to the security of health information through unauthorized

access (either inadvertent or deliberate) are increasing. It is essential to have available to the healthcare

system reliable information security services that minimize the risk of unauthorized access.

How does the healthcare industry provide appropriate protection for the data conveyed across the

Internet in a practical, cost-effective way? Public key infrastructure (PKI) and digital certificate

technology seek to address this challenge.

The proper deployment of digital certificates requires a blend of technology, policy, and administrative

processes that enable the exchange of sensitive data in an unsecured environment by the use of

“public key cryptography” to protect information in transit and “certificates” to confirm the identity

of a person or entity. In healthcare environments, this technology uses authentication, encipherment,

and digital signatures to facilitate confidential access to, and movement of, individual health records

to meet both clinical and administrative needs. The services offered by the deployment of digital

certificates (including encipherment, information integrity, and digital signatures) are able to address

many of these security issues. This is especially the case if digital certificates are used in conjunction

with an accredited information security standard. Many individual organizations around the world

have started to use digital certificates for this purpose.

Interoperability of digital certificate technology and supporting policies, procedures, and practices

is of fundamental importance if information is to be exchanged between organizations and between

jurisdictions in support of healthcare applications (for example between a hospital and a community

physician working with the same patient).

Achieving interoperability between different digital certificate implementations requires the

establishment of a framework of trust, under which parties responsible for protecting an individual’s

information rights may rely on the policies and practices and, by extension, the validity of digital

certificates issued by other established authorities.

Many countries are deploying digital certificates to support secure communications within their

national boundaries. Inconsistencies will arise in policies and procedures between the certification

authorities (CAs) and the registration authorities (RAs) of different countries if standards development

activity is restricted to within national boundaries.

Digital certificate technology is still evolving in certain aspects that are not specific to healthcare.

Important standardization efforts and, in some cases, supporting legislation are ongoing. On the other

hand, healthcare providers in many countries are already using or planning to use digital certificates.

This document seeks to address the need for guidance of these rapid international developments.

This document describes the common technical, operational, and policy requirements that need to be

addressed to enable digital certificates to be used in protecting the exchange of healthcare information

within a single domain, between domains, and across jurisdictional boundaries. Its purpose is to create

a platform for global interoperability. It specifically supports digital certificate-enabled communication

across borders, but could also provide guidance for the national or regional deployment of digital

certificates in healthcare. The Internet is increasingly used as the vehicle of choice to support the

movement of healthcare data between healthcare organizations and is the only realistic choice for

cross-border communication in this sector.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/FDIS 17090-1:2020(E)

This document should be approached as a whole, with the three parts all making a contribution

to defining how digital certificates can be used to provide security services in the health industry,

including authentication, confidentiality, data integrity, and the technical capacity to support the

quality of digital signature.

This document defines the basic concepts underlying the use of digital certificates in healthcare and

provides a scheme of interoperability requirements to establish digital certificate-enabled secure

communication of health information.

ISO 17090-2 provides healthcare specific profiles of digital certificates based on the International

[15]

Standard X.509 and the profile of this specified in IETF/RFC 3280 for different types of certificates.

ISO 17090-3 deals with management issues involved in implementing and using digital certificates

in healthcare. It defines a structure and minimum requirements for certificate policies (CPs) and a

structure for associated certification practice statements. ISO 17090-3 is based on the recommendations

of the informational IETF/RFC 3647 and identifies the principles needed in a healthcare security policy

for cross border communication. It also defines the minimum levels of security required, concentrating

on the aspects unique to healthcare.
© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 17090-1:2020(E)
Health informatics — Public key infrastructure —
Part 1:
Overview of digital certificate services
1 Scope

This document defines the basic concepts underlying the use of digital certificates in healthcare and

provides a scheme of interoperability requirements to establish a digital certificate-enabled secure

communication of health information. It also identifies the major stakeholders who are communicating

health-related information, as well as the main security services required for health communication

where digital certificates can be required.

This document gives a brief introduction to public key cryptography and the basic components needed

to deploy digital certificates in healthcare. It further introduces different types of digital certificates

— identity certificates and associated attribute certificates for relying parties, self-signed certification

authority (CA) certificates, and CA hierarchies and bridging structures.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 17090-2, Health informatics — Public key infrastructure — Part 2: Certificate profile

ISO 17090-3, Health informatics — Public key infrastructure — Part 3: Policy management of certification

authority
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1 Healthcare context terms
3.1.1
application

identifiable computer running software process that is the holder of a private encipherment key

Note 1 to entry: Application, in this context, can be any software process used in healthcare information systems,

including those without any direct role in treatment or diagnosis.

Note 2 to entry: In some jurisdictions, including software, processes can be regulated medical devices.

© ISO 2020 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/FDIS 17090-1:2020(E)
3.1.2
device

identifiable computer-controlled apparatus or instrument that is the holder of a private encipherment key

Note 1 to entry: This includes the class of regulated medical devices that meet the above definition.

Note 2 to entry: Device, in this context, is any device used in healthcare information systems, including those

without any direct role in treatment or diagnosis.
3.1.3
healthcare actor
actor

regulated health professional, non-regulated health professional, sponsored healthcare provider,

supporting organization employee, patient/consumer, healthcare organization, device, or application

that acts in a health-related communication and requires a certificate for a digital certificate-enabled

security service
3.1.4
healthcare organization

officially registered organization that has a main activity related to healthcare services or health

promotion

EXAMPLE Hospitals, Internet healthcare website providers, and healthcare research institutions.

Note 1 to entry: The organization is recognized to be legally liable for its activities but need not be registered for

its specific role in health.

Note 2 to entry: An internal part of an organization is called here an organizational unit, as in X.501.

3.1.5
non-regulated health professional

person employed by a healthcare organization who is not a regulated health professional

EXAMPLE Medical receptionist who organizes appointments or nurses aid who assists with patient care.

Note 1 to entry: The fact that the employee is not authorized by a body independent of the employer in his/

her professional capacity does, of course, not imply that the employee is not professional in conducting his/her

services.
3.1.6
organization employee
person employed by a healthcare organization or a supporting organization

EXAMPLE Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical

order entry clerks.
3.1.7
patient
consumer

person who is the receiver of health-related services and who is an actor in a health information system

3.1.8
privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from

undue or illegal gathering and use of data about that individual
[SOURCE: ISO/IEC 2382:2015, 2126263]
2 © ISO 2020 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/FDIS 17090-1:2020(E)
3.1.9
regulated health professional

person who is authorized by a nationally recognized body to be qualified to perform certain health

services
EXAMPLE Physicians, registered nurses, and pharmacists.

Note 1 to entry: The types of registering or accrediting bodies differ in different countries and for different

professions. Nationally recognized bodies include local or regional governmental agencies, independent

professional associations, and other formally and nationally recognized organizations. They may be exclusive or

non-exclusive in their territory.

Note 2 to entry: A nationally recognized body in this definition does not imply one nationally controlled system

of professional registration but, in order to facilitate international communication, it would be preferable for one

nationwide directory of recognized health professional registration bodies to exist.

3.1.10
sponsored healthcare provider

health services provider who is not a regulated professional in the jurisdiction of his/her practice, but

who is active in his/her healthcare community and sponsored by a regulated healthcare organization

EXAMPLE A drug and alcohol education officer who is working with a particular ethnic group, or a healthcare

aid worker in a developing country.
3.1.11
supporting organization

officially registered organization which is providing services to a healthcare organization, but which is

not providing healthcare services
EXAMPLE 1 EXAMPLE

EXAMPLE 2 Healthcare financing bodies such as insurance institutions, suppliers of pharmaceuticals and

other goods.
3.2 Security services terms
3.2.1
access control

means of ensuring that the resources of a data processing system can be accessed only by authorized

entities in authorized ways
[SOURCE: ISO/IEC 2382:2015, 2126294, modified — Notes to entry removed.]
3.2.2
accountability

property that ensures that the actions of an entity may be traced uniquely to the entity

[SOURCE: ISO 7498-2:1989, 3.3.3]
3.2.3
asymmetric cryptographic algorithm

algorithm for performing encipherment or the corresponding decipherment in which the keys used for

encipherment and decipherment differ
[SOURCE: ISO/IEC 10181-1:1996, 3.3.1, modified — Note to entry removed.]
© ISO 2020 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/FDIS 17090-1:2020(E)
3.2.4
authentication

process of reliably identifying security subjects by securely associating an identifier and its

authenticator
[SOURCE: ISO 7498-2:1989]

Note 1 to entry: See also data origin authentication and peer entity authentication.

3.2.5
authorization
granting of rights, which includes the granting of access based on access rights
[SOURCE: ISO 7498-2:1989, 3.3.10]
3.2.6
availability
property of being accessible and useable upon demand by an authorized entity
[SOURCE: ISO 7498-2:1989, 3.3.11]
3.2.7
ciphertext

data produced through the use of encipherment, the semantic content of which is not available

[SOURCE: ISO 7498-2:1989, 3.3.14, modified — Note to entry removed.]
3.2.8
confidentiality

property that information is not made available or disclosed to unauthorized individuals, entities, or

processes
[SOURCE: ISO 7498-2:1989, 3.3.16]
3.2.9
crypto
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.