This Technical Specification examines systems for electronic patient registration at clinical care sites that are also interoperable with EGAs (electronic health records). Hardware and process controls are outside the scope. This Technical Specification ensures their security and data protection by establishing security and data protection requirements and provides guidelines and best practices for conformity assessment. ISO/IEC 15408 (all parts) specifies "evaluation items" for assessing the security of IT products. This Technical Specification contains a comparison of the 82 core requirements relating to security and data protection and the Common Criteria categories from ISO/IEC 15408 (all parts). The clinical software of point-of-service systems (POS) is usually part of a larger system and is used e.g. B. executed on an operating system. Therefore, it must work together with other components to ensure security and data protection. While a Protection Profile (PP) includes requirements for security features of components to support system security services, it does not specify protocols or standards for conformity assessment or data protection requirements. This Technical Specification focuses on two main topics: a) Security and privacy requirements (Section 5). Section 5 is technically oriented and provides a comprehensive compilation of 19 requirements necessary to protect information (patients) from the main categories of risks; The broad scope of security and data protection aspects for care centers and interoperable clinical systems (for electronic patient recording) are taken into account. These core requirements are then presented in the form of requirement groups/profiles that are suitable for Ko
CEN ISO/TS 14441:2013 Referenced Document
ISO 27799:2008 Health informatics - Information security management in health using ISO/IEC 27002
ISO/IEC 17000:2004 Conformity assessment - Vocabulary and general principles
CEN ISO/TS 14441:2013 history
2013CEN ISO/TS 14441:2013 Health informatics - Security and privacy requirements of EHR systems for use in conformity assessment