• There are no items in your cart

EN 14484:2003

Current

Current

The latest, up-to-date edition.

Health informatics - International transfer of personal health data covered by the EU data protection directive - High level security policy

Published date

12-17-2003

Sorry this product is not available in your region.

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms
5 The European Data Protection Directive (see annex A)
   5.1 General
   5.2 General aims: (Article 1)
   5.3 Scope: electronic and non-electronic (Article 3)
   5.4 Principles relating to data quality (Article 6)
   5.5 Criteria for legitimacy (Article 7)
   5.6 Special categories of processing, including personal
         health data (Article 8)
   5.7 Information to be given to the data subject (Article 10)
   5.8 Right of access to data (Article 12)
   5.9 Right to object (Article 14)
   5.10 Security of processing (Article 17)
   5.11 Judicial remedies, liability and sanctions (Articles 22,
         23 and 24)
   5.12 Supervisory Authorities (Articles 28 and 18)
   5.13 Working party on the protection of Individuals with
         regard to the Processing of Personal Data
   5.14 Transfer of personal data to Third Countries
6 Requirements for the transfer of personal data to third
   Countries
   6.1 General
   6.2 Principles (Article 25)
   6.3 Ensuring transfers are permissible
   6.4 Grounds by which transfers to third countries are
         permissible
   7 A Security Policy for third countries
   7.1 The requirement
   7.2 The purpose of the security policy
   7.3 The 'level' of the security policy
8 High Level Security Policy: general aspects
   8.1 Levels of abstraction in ensuring security
   8.2 Generic principles
   8.3 Non-generic
   8.4 Guidelines
   8.5 Measures
   8.6 Elements of a High Level Security Policy
9 High Level Security Policy: the content
   9.1 Principle One: overriding generic principle
   9.2 Principle Two: chief executive support
   9.3 Principle Three: documentation of Measures and review
   9.4 Principle Four: Data Protection Security Officer
   9.5 Principle Five: permission to process
   9.6 Principle Six: information about processing
   9.7 Principle Seven: information for the data subject
   9.8 Principle Eight: prohibition of onward data transfer
         without consent
   9.9 Principle Nine: remedies and compensation
   9.10 Principle Ten: security of processing
   9.11 Principle Eleven: responsibilities of staff and other
         contractors
   9.12 Principle Twelve: adequacy of third country data
         protection
   9.13 Principle Thirteen: additional EU Member State
         particular requirements
10 Rationale and Observations on Measures to support Principle
   Ten concerning security of processing
   10.1 General
   10.2 Encryption and digital signatures for transmission to
         the third country
   10.3 Access controls and user authentication
   10.4 Audit Trails
   10.5 Physical and environmental security
   10.6 Application management and network management
   10.7 Viruses
   10.8 Breaches of security
   10.9 Business Continuity Plan
   10.10 Handling particularly sensitive data
   10.11 Standards
11 Personal health data in non-electronic form
Annex A (normative) EU Data Protection Directive
Annex B (informative) Useful sources of advice
        B.1 EU Security projects
        B.2 CEN/ISSS
        B.3 Non-CEN Standards
        B.4 Selected web sites
Annex C (informative) Model declaration
Bibliography

This item will provide guidance on the data protection policy which should be implemented by organisations which are participants in international applications which involve transfer of person identifiable data across national borders and which require compliance with the EU Data Protection Directive.

Committee
CEN/TC 251
DocumentType
Standard
PublisherName
Comite Europeen de Normalisation
Status
Current

Standards Relationship
UNE-EN 14484:2004 Identical
DIN EN 14484:2004-03 Identical
NEN EN 14484 : 2004 Identical
UNI EN 14484 : 2004 Identical
BS EN 14484:2003 Identical
PN EN 14484 : 2005 Identical
NF EN 14484 : 2004 Identical
I.S. EN 14484:2004 Identical
NBN EN 14484 : 2004 Identical
SN EN 14484 : 2004 Identical
NS EN 14484 : 1ED 2004 Identical

BS EN 14485:2003 Health informatics. Guidance for handling personal health data in international applications in the context of the EU data protection directive
CEN/TR 15872:2014 Health informatics - Guidance on patient identification and cross-referencing of identities
I.S. EN 13606-4:2007 HEALTH INFORMATICS - ELECTRONIC HEALTH RECORD COMMUNICATION - PART 4: SECURITY
BS EN 13606-4:2007 Health informatics. Electronic health record communication Security
S.R. CEN/TR 15872:2014 HEALTH INFORMATICS - GUIDANCE ON PATIENT IDENTIFICATION AND CROSS-REFERENCING OF IDENTITIES
ISO/TS 13606-4:2009 Health informatics Electronic health record communication Part 4: Security
EN 14485:2003 Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive
EN 13606-4:2007 Health informatics - Electronic health record communication - Part 4: Security
PD CEN/TR 15872:2014 Health informatics. Guidance on patient identification and cross-referencing of identities
CSA Z22857 : 2006 HEALTH INFORMATICS - GUIDELINES ON DATA PROTECTION TO FACILITATE TRANS-BORDER FLOWS OF PERSONAL HEALTH INFORMATION

ENV 13608-2:2000 Health informatics - Security for healthcare communication - Part 2: Secure data objects
ENV 13608-3:2000 Health informatics - Security for healthcare communication - Part 3: Secure data channels
ENV 12388 : DRAFT 1996 MEDICAL INFORMATICS - ALGORITHM FOR DIGITAL SIGNATURE SERVICES IN HEALTH CARE
EN 14485:2003 Health informatics - Guidance for handling personal health data in international applications in the context of the EU data protection directive
ENV 12924 : DRAFT 1997 MEDICAL INFORMATICS - SECURITY CATEGORISATION AND PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
ENV 13608-1:2000 Health informatics - Security for healthcare communication - Part 1: Concepts and terminology
ENV 13729 : DRAFT 2000 HEALTH INFORMATICS - SECURE USER IDENTIFICATION - STRONG AUTHENTICATION USING MICROPROCESSOR CARDS

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.