ISO 17090-1:2021 Health informatics — Public key infrastructure —Part 1: Overview of digital certificate services

标准简介

Health informatics — Public key infrastructure —Part 1: Overview of digital certificate services是国际标准化组织(International Organization for Standardization，简称ISO)发布的ISO标准，适用于国际范围。

标准截图

 

标准文档说明

标准文档类型为Health informatics — Public key infrastructure —Part 1: Overview of digital certificate services高清PDF版本（文字版），标准文档内可进行搜索，可以复制原文，可粘贴。

标准部分原文

INTERNATIONAL STANDARD ISO 17090-1:2021

Health informatics — Public key infrastructure —

Part 1: Overview of digital certificate services

1 Scope

This document defines the basic concepts underlying the use of digital certificates in healthcare and provides a scheme of interoperability requirements to establish a digital certificate-enabled secure communication of health information. It also identifies the major stakeholders who are communicating health-related information, as well as the main security services required for health communication where digital certificates can be required.

This document gives a brief introduction to public key cryptography and the basic components needed to deploy digital certificates in healthcare. It further introduces different types of digital certificates — identity certificates and associated attribute certificates for relying parties, self-signed certification authority (CA) certificates, and CA hierarchies and bridging structures.

2 Normative references

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 17090‑2 , Health informatics — Public key infrastructure — Part 2: Certificate profile

ISO 17090‑3 , Health informatics — Public key infrastructure — Part 3: Policy management of certification authority

3 Terms and definitions

For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https://www.iso.org/obp

— IEC Electropedia: available at http://www.electropedia.org/

3.1 Healthcare context terms

3.1.1

application

identifiable computer running software process that is the holder of a private encipherment key

Note 1 to entry: Application, in this context, can be any software process used in healthcare information systems, including those without any direct role in treatment or diagnosis.

Note 2 to entry: In some jurisdictions, including software, processes can be regulated medical devices.

ISO 17090-1:2021

3.1.2

device

identifiable computer-controlled apparatus or instrument that is the holder of a private encipherment key

Note 1 to entry: This includes the class of regulated medical devices that meet the above definition.

Note 2 to entry: Device, in this context, is any device used in healthcare information systems, including those without any direct role in treatment or diagnosis.

3.1.3

healthcare actor

actor

regulated health professional, non-regulated health professional, sponsored healthcare provider, supporting organization employee, patient/consumer, healthcare organization, device, or application that acts in a health-related communication and requires a certificate for a digital certificate-enabled security service

3.1.4

healthcare organization

officially registered organization that has a main activity related to healthcare services or health promotion

EXAMPLE Hospitals, Internet healthcare website providers, and healthcare research institutions.

Note 1 to entry: The organization is recognized to be legally liable for its activities but need not be registered for its specific role in health.

Note 2 to entry: An internal part of an organization is called here an organizational unit, as in X.501.

3.1.5

non-regulated health professional

person employed by a healthcare organization who is not a regulated health professional

EXAMPLE Medical receptionist who organizes appointments or nurses aid who assists with patient care.

Note 1 to entry: The fact that the employee is not authorized by a body independent of the employer in his/her professional capacity does, of course, not imply that the employee is not professional in conducting his/her services.

3.1.6

organization employee

person employed by a healthcare organization or a supporting organization

EXAMPLE Medical records transcriptionists, healthcare insurance claims adjudicators, and pharmaceutical order entry clerks.

3.1.7

patient

consumer

person who is the receiver of health-related services and who is an actor in a health information system

3.1.8

privacy

freedom from intrusion into the private life or affairs of an individual when that intrusion results from undue or illegal gathering and use of data about that individual

[SOURCE: ISO/IEC 2382:2015, 2126263]

网盘链接

百度网盘：https://pan.baidu.com/s/1XJwCoN7pAglo4CczmL48-g
提取码：pape