Tagasi

CEN ISO/TS 14441:2013

Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment (ISO/TS 14441:2013)

Üldinfo

Kehtiv alates 04.02.2014
Alusdokumendid
ISO/TS 14441:2013; CEN ISO/TS 14441:2013
Tegevusala (ICS grupid)
35.240.80 IT rakendused tervishoiutehnoloogias
Direktiivid või määrused
puuduvad

Standardi ajalugu

Staatus
Kuupäev
Tüüp
Nimetus
04.02.2014
Põhitekst
CEN ISO/TS 14441:2013
This Technical Specification examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. Hardware and process controls are out of the scope. This Technical Specification addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.
ISO/IEC 15408 (all parts) defines “targets of evaluation” for security evaluation of IT products. This Technical Specification includes a cross-mapping of 82 security and privacy requirements against the Common Criteria categories in ISO/IEC 15408 (all parts). The point-of-service (POS) clinical software is typically part of a larger system, for example, running on top of an operating system, so it must work in concert with other components to provide proper security and privacy. While a Protection Profile (PP) includes requirements for component security functions to support system security services, it does not specify protocols or standards for conformity assessment, and does not address privacy requirements.
This Technical Specification focuses on two main topics:
a)  Security and privacy requirements (Clause 5). Clause 5 is technical and provides a comprehensive set of 82 requirements necessary to protect (information, patients) against the main categories of risks, addressing the broad scope of security and privacy concerns for point of care, interoperable clinical (electronic patient record) systems. These requirements are suitable for conformity assessment purposes.
b)  Best practice and guidance for establishing and maintaining conformity assessment programs (Clause 6). Clause 6 provides an overview of conformity assessment concepts and processes that can be used by governments, local authorities, professional associations, software developers, health informatics societies, patients’ representatives and others, to improve conformity with health software security and privacy requirements. Annex A provides complementary information useful to countries in designing conformity assessment programs such as further material on conformity assessment business models, processes and other considerations, along with illustrative examples of conformity assessment activities in four countries.
Policies that apply to a local, regional or national implementation environment, and procedural, administrative or physical (including hardware) aspects of privacy and security management are outside the scope of this Technical Specification.  Security management is included in the scope of ISO 27799.

Nõutud väljad on tähistatud *

*
*
*
PDF
39,04 € koos KM-ga
Paber
39,04 € koos KM-ga
Sirvi standardit alates 2,44 € koos KM-ga
Standardi monitooring
Inglise (PDF 331 KB)

Seotud tooted

Põhitekst

EVS-EN 82304-1:2017

Meditsiinitarkvara. Osa 1: Põhinõuded toote ohutusele
Uusim versioon Kehtiv alates 18.09.2017
Põhitekst

EVS-EN IEC 81001-5-1:2022

Health software and health IT systems safety, effectiveness and security - Part 5-1: Security - Activities in the product life cycle
Uusim versioon Kehtiv alates 01.03.2022
Põhitekst

EVS-EN IEC 80001-1:2021

Application of risk management for IT-networks incorporating medical devices - Part 1: Safety, effectiveness and security in the implementation and use of connected medical devices or connected health software
Uusim versioon Kehtiv alates 15.11.2021
Põhitekst

CEN ISO/TS 82304-2:2021

Health software - Part 2: Health and wellness apps - Quality and reliability (ISO/TS 82304-2:2021)
Uusim versioon Kehtiv alates 01.09.2021

Teised on ostnud veel

Põhitekst

ISO 22857:2013

Health informatics -- Guidelines on data protection to facilitate trans-border flows of personal health data
Uusim versioon Kehtiv alates 10.12.2013
Põhitekst

EVS-EN ISO 27789:2013

Health informatics - Audit trails for electronic health records (ISO 27789:2013)
Kehtetu alates 01.11.2021
Põhitekst

EVS-EN ISO 27799:2016

Health informatics - Information security management in health using ISO/IEC 27002 (ISO 27799:2016)
Uusim versioon Kehtiv alates 05.09.2016
Põhitekst

ISO/TS 21547:2010

Health informatics -- Security requirements for archiving of electronic health records -- Principles
Uusim versioon Kehtiv alates 02.02.2010

Standardite lühendid

EVS Eesti standard
EN Euroopa standard (avaldatud Euroopa standardimisorganisatsioonide CEN või CENELEC poolt)
EN ISO Euroopa standardina avaldatud Rahvusvahelise Standardimisorganisatsiooni standard
ISO Rahvusvahelise Standardimisorganisatsiooni standard
IEC Rahvusvahelise Elektrotehnika Komisjoni standard
HD Euroopa Elektrotehnika Standardimiskomitee harmoneerimisdokument
   
EVS-EN Euroopa standard avaldatud Eesti standardina
EVS-EN ISO Euroopa standardina ülevõetud Rahvusvahelise Standardimisorganisatsiooni standard ja avaldatud Eesti standardina
EVS-EN ISO/IEC Euroopa standardina ülevõetud Rahvusvahelise Standardimisorganisatsiooni standard/Rahvusvahelise Elektrotehnika Komisjoni standard avaldatud Eesti standardina
EVS-IEC Rahvusvahelise Elektrotehnika Komisjoni standard avaldatud Eesti standardina
EVS-ISO Rahvusvaheline standard avaldatud Eesti standardina
   
A, AMD muudatus
+A standardi tekst ja muudatus
/A ainult muudatus
COR, AC parandus
+COR Standardi tekst ja parandus
NA rahvuslik lisa
+NA standardi tekst ja rahvuslik lisa
/NA ainult rahvuslik lisa
TS tehniline spetsifikatsioon
TR tehniline aruanne
CWA CENi või CENELECi töörühma kokkulepe
prEVS-EN (jne) standardi kavand
   
et standard on eesti keeles
en standard on inglise keeles
et-en standard on paralleeltekstina eesti-inglise keeles