ASTM E 2085 : 2000 : REV A
Withdrawn
A Withdrawn Standard is one, which is removed from sale, and its unique number can no longer be used. The Standard can be withdrawn and not replaced, or it can be withdrawn and replaced by a Standard with a different number.
Standard Guide on Security Framework for Healthcare Information (Withdrawn 2009)
Hardcopy , PDF
01-02-2009
English
10-10-2000
Important note : Users cannot be edited or removed once added to your Multi user PDF.CONTAINED IN VOL. 14.01, 2005 Covers a framework for the protection of healthcare information. It addresses both storage and transmission of information. It describes existing standards used for information security, which can be used in many cases, and describes which (healthcare-specific) standards are needed to complete the framework.
| Committee |
E 31
|
| DevelopmentNote |
Supersedes ASTM PS 101 (12/2001)
|
| DocumentType |
Guide
|
| Pages |
11
|
| PublisherName |
American Society for Testing and Materials
|
| Status |
Withdrawn
|
1.1 This guide covers a framework for the protection of healthcare information. It addresses both storage and transmission of information. It describes existing standards used for information security which can be used in many cases, and describes which (healthcare-specific) standards are needed to complete the framework. Appropriate background information on security (and particularly cryptography) is included. The framework is designed to accommodate a very large (national or international), distributed user base, spread across many organizations, and it therefore recommends the use of certain (scaleable) technologies over others.
1.2 Electronic information exchange and sharing of data in has been the backbone of industries such as financial institutions for several years. Cost cutting measures and a real need for sharing of information are driving healthcare services toward increased use of computer-based information systems. One of the requirements for the ability to share and exchange healthcare information is that the information be protected.
1.3 Selection of standards was performed using the following criteria, which are described in more detail in 4.2.
1.3.1 Security requirements are defined in this framework, and (in some cases) in additional ASTM guidelines.
1.3.2 ASTM standard specifications are used to define protocols and message formats in support of interoperability.
1.3.3 Existing standards will be reused or extended whenever possible.
1.3.4 This framework does not address policy issues. ASTM Subcommittee E31.17 is writing standards that address these issues.
| DIN EN ISO 22600-3:2015-02 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014) |
| UNI EN ISO 22600-3 : 2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS |
| ASTM E 2369 : 2012 : REDLINE | Standard Specification for Continuity of Care Record (CCR) |
| ASTM E 2538 : 2006 : R2011 | Standard Practice for Defining and Implementing Pharmacotherapy Information Services within the Electronic Health Record (EHR) Environment and Networked Architectures (Withdrawn 2020) |
| ASTM E 2369 : 2012 | Standard Specification for Continuity of Care Record (CCR) (Withdrawn 2021) |
| ASTM E 2473 : 2005 : R2011 | Standard Practice for the Occupational/Environmental Health View of the Electronic Health Record (Withdrawn 2020) |
| 12/30271007 DC : 0 | BS ISO 22600-3 - HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS |
| ASTM E 2473 : 2005 | Standard Practice for the Occupational/Environmental Health View of the Electronic Health Record |
| ASTM E 2538 : 2006 | Standard Practice for Defining and Implementing Pharmacotherapy Information Services within the Electronic Health Record (EHR) Environment and Networked Architectures |
| DD ISO/TS 22600-3:2009 | Health informatics. Privilege management and access control Implementations |
| EN ISO 22600-3:2014 | Health informatics - Privilege management and access control - Part 3: Implementations (ISO 22600-3:2014) |
| ISO/TS 22600-3:2009 | Health informatics Privilege management and access control Part 3: Implementations |
| ASTM E 2184 : 2002 | Standard Specification for Healthcare Document Formats (Withdrawn 2011) |
| ASTM E 1902 : 2002 | Standard Specification for Management of the Confidentiality and Security of Dictation, Transcription, and Transcribed Health Records (Withdrawn 2011) |
| ISO 22600-3:2014 | Health informatics Privilege management and access control Part 3: Implementations |
| BS EN ISO 22600-3:2014 | Health informatics. Privilege management and access control Implementations |
| I.S. EN ISO 22600-3:2014 | HEALTH INFORMATICS - PRIVILEGE MANAGEMENT AND ACCESS CONTROL - PART 3: IMPLEMENTATIONS (ISO 22600-3:2014) |
| ANSI X9.30.1 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - PART 1: THE DIGITAL SIGNATURE ALGORITHM (DSA) |
| ANSI X9.57 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: CERTIFICATE MANAGEMENT |
| FIPS PUB 140 : 0001 | SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES |
| ANSI X9.55 : 1997 | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY: EXTENSIONS TO PUBLIC KEY CERTIFICATES AND CERTIFICATE REVOCATION LISTS |
| ISO/IEC 8825-1:2015 | Information technology ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) Part 1: |
| ISO/IEC 10736:1995 | Information technology Telecommunications and information exchange between systems Transport layer security protocol |
| ISO/IEC 9595:1998 | Information technology Open Systems Interconnection Common management information service |
| ANSI X9.52 : 1998 | TRIPLE DATA ENCRYPTION ALGORITHM MODES OF OPERATION |
| ANSI X12.58 : 1997 | SECURITY STRUCTURES |
| FIPS PUB 81 : 0 | DES MODES OF OPERATION |
| ISO/IEC 10164-7:1992 | Information technology Open Systems Interconnection Systems Management: Security alarm reporting function |
| FIPS PUB 74 : 0 | GUIDELINES FOR IMPLEMENTING AND USING THE NBS DATA ENCRYPTION STANDARD |
| ISO/IEC 10164-8:1993 | Information technology Open Systems Interconnection Systems Management: Security audit trail function |
| ASTM E 2086 : 2000 | Standard Guide for Internet and Intranet Healthcare Security (Withdrawn 2009) |
| FIPS PUB 46 : 0002 | DATA ENCRYPTION STANDARD (DES) |
| ANSI X9.44:2007 | FINANCIAL SERVICES - PUBLIC-KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY - KEY ESTABLISHMENT USING INTEGER FACTORIZATION CRYPTOGRAPHY |
| ISO/IEC 11577:1995 | Information technology Open Systems Interconnection Network layer security protocol |
| FIPS PUB 186 : 0 | DIGITAL SIGNATURE STANDARD (DSS) |
| ISO/IEC 8824-1:2015 | Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation Part 1: |
| ANSI INCITS 92 : 1981 | DATA ENCRYPTION ALGORITHM |
| ASTM E 2084 : 2000 | Standard Specification for Authentication of Healthcare Information Using Digital Signatures (Withdrawn 2009) |
| ANSI X9.30.2 : 1997 | PUBLIC KEY CRYPTOGRAPHY USING IRREVERSIBLE ALGORITHMS - PART 2: THE SECURE HASH ALGORITHM (SHA-1) |
| FIPS PUB 180 : 2002 | SECURE HASH STANDARD |
| ANSI X9.42 : 2003(R2013) | PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY |
| ANSI X9.31 : 1998 | DIGITAL SIGNATURES USING REVERSIBLE PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES INDUSTRY (RDSA) |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.