ISO 17090-1:2013 pdf free
ISO 17090-1:2013 pdf free.Health informatics一Public key infrastructure
Major security threats that need to be addressed in healthcare information and communication systems are unauthorised access gained through stealing the private key of a legitimate certificate holder and then masquerading as that certificate holder. Such unauthorised access can lead to the healthcare information itself being altered, lost, or replicated. Digital certificates used in combination with a security standard, such as ISO/IEC 27002, can significantly reduce the risk of unauthorised access.
Digital certificates provide the only combination of policy, procedures, and technology that offer all the services of authentication, integrity, confidentiality, and digital signature. Within the healthcare context, the use of digital certificates enables healthcare providers and consumers who may not know each other to communicate securely and with confidence, by electronic means, through a chain of trust. Digital certificates can offer security services for which the health industry has a particular need. These services and their application to healthcare are described in more detail below.
Healthcare is a multi-disciplinary endeavour and health professionals routinely rely upon the judgment of other healthcare providers when reviewing patient records, consultation reports and other documents containing personal health information. When these documents and records are accessed and updated electronically, it is essential that the information contained within be reliably attributable to its authors.
It is of paramount importance that health professionals be able to access sensitive personal health information from a variety of clinical settings and, at the same time, protect this information from access or alteration by unauthorised persons. Authentication is discussed further in 7.4.
Maintaining the integrity of personal health information can literally become a life-or-death issue when such information is relied upon in the course of providing emergency healthcare. Moreover, strong incentives exist to corrupt the integrity of some forms of personal health information (for example,
narcotics prescriptions).ISO 17090-1 pdf download.