CR 14302:2002

FOREWORD
INTRODUCTION
1 SCOPE
2 NORMATIVE REFERENCES
3 DEFINITIONS
4 THE VARIETY OF SYSTEMS FOR INTERMITTENTLY CONNECTED DEVICES
5 THE MAJOR ACTORS INVOLVED AND THEIR INTERESTS
6 INTERACTING WITH CARDS
7 ETHICAL AND LEGAL CONSIDERATIONS
   7.1 ETHICAL STATEMENTS
   7.2 LEGISLATION ON HEALTH CARE DATA AND CARDS
   7.3 SOME BASIC PRINCIPLES FOR MEDICAL RECORDS
   7.4 RECOMMENDATIONS FOR CARD USE
8 THE SECURITY SERVICES AND THE MEANS TO IMPLEMENT THEM
   8.1 CONFIDENTIALITY
   8.2 INTEGRITY AND QUALITY OF THE DATA
   8.3 AVAILABILITY
9 THE PATIENT CARD AND TELEMATICS
   9.1 PATIENT CARDS AND ENCRYPTED TRANSFER OF RECORDS
   9.2 PATIENT CARDS AND REMOTE PROOF OF CONSENT
10 HEALTHCARE PROFESSIONAL CARDS
11 ISSUES OF INTERNATIONAL FUNCTION OF SECURITY MECHANISMS
   11.1 TRUSTED THIRD PARTY SERVICES
   11.2 RESTRICTIONS ON THE USE OF ENCRYPTION
GLOSSARY

This CEN Report is aimed at providing a basis for a planned European Standard on the same subject, work item Security Requirements for Intermittently Connected Devices. The reason for processing this document as a formal CEN Report is that it has been requested as immediate guidance to the current work of CEN TC224/WG12 in its preparation of standards specifying the mechanisms for implementing security requirements in systems using machine readable cards in health care. The scope of this report is also to serve as guidance, without being normative, to the many large projects using cards in health care for both patients, professionals and other persons working in the health care sector, presently under development in Europe. This report defines a framework of security requirements in systems with intermittently connected devices and discusses requirements for the following security services for ICD-systems:Data Integrity protectionData Origin and Entity AuthenticationAccess ControlConfidentiality protectionThe report defines security requirements on the ICD-interchange interface between an application system and an ICD-System. However, the overall security requirements can only be met if certain requirements on the devices themselves are also followed. Requirements for establishment of secure sessions with various types of ICDs as well as object related security services are defined. The report particularly defines how access to different types of data on intermittently connected devices could be restricted to different classes of health care persons (professionals and other types of personnel) or to the patients, especially when multinational access should be allowed. The rights to read, add, change and delete must be defined separately.The security policies proposed should also guarantee the authenticity of identification, administrative and clinical information that may have important implications.