• Shopping Cart
    There are no items in your cart

EN 12251:2004

Current

Current

The latest, up-to-date edition.

Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords

Published date

18-08-2004

Sorry this product is not available in your region.

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Requirements
  4.1 Unique identification and authentication
  4.2 Identification and authentication prior to all other
       interactions
  4.3 Associating unique identity with users
  4.4 Maintaining the identity of active users
  4.5 Log-on message
  4.6 Number of log-on trials
  4.7 Incorrectly performed log-on procedure
  4.8 Display of log-on statistics
  4.9 Password sharing
  4.10 Password storage
  4.11 Logging of passwords
  4.12 Password display suppression
  4.13 User-changeability of passwords
  4.14 Default passwords
  4.15 Initialised passwords
  4.16 Temporary passwords
  4.17 Password expiration
  4.18 Password expiration notification
  4.19 Password reuse
  4.20 Password complexity
Annex A (informative) Potential password complexity
                      requirements
Annex B (informative) User responsibilities
Annex C (informative) Password communication
Bibliography

This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information.This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.

Committee
CEN/TC 251
DevelopmentNote
Supersedes ENV 12251. (09/2004)
DocumentType
Standard
PublisherName
Comite Europeen de Normalisation
Status
Current

Standards Relationship
PN EN 12251 : NOV 2005 Identical
SN EN 12251 : 2005 Identical
NF EN 12251 : 2004 Identical
UNI EN 12251 : 2004 Identical
BS EN 12251:2004 Identical
NEN EN 12251 : 2004 Identical
NS EN 12251 : 1ED 2004 Identical
I.S. EN 12251:2004 Identical
DIN EN 12251:2005-07 Identical
NBN EN 12251 : 2004 Identical
UNE-EN 12251:2004 Identical

ECMA 205 : 1ED 93 COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (COFC)
ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.