Security and Privacy

Below are approved tutorials and recommendations from the Joint Security and Privacy Committee on security and privacy issues and best practices.

1. Remote Services in Healthcare – Use Cases and Obligations For Customer and Service Organizations
This White Paper describes a set of use cases that include associated data security and data privacy requirements. The use cases illustrate how manufacturers are addressing critical security and patient privacy issues.

2. Information Security Risk Management for Healthcare Systems
This document helps device manufacturers manage IT security risks in healthcare systems by detailing the steps in security risk assessment in the context of security risk management.

3. Management of Machine Authentication Certificates
This paper helps healthcare providers and medical device engineering organizations decide how to use digital certificates to secure machine to machine communications.

4. Break-Glass – An Approach to Granting Emergency Access to Healthcare Systems
This white paper discusses a simple yet effective emergency-access solution, sometimes called “break-glass”. The purpose of break-glass is to allow operators emergency access to the system in cases where the normal authentication cannot be successfully completed or is not working properly.

5. Patching Off-the-Shelf Software Used in Medical Information Systems
The purpose of this white paper is to make healthcare providers aware of the special requirements imposed on MedIS vendors and the practical constraints involved in patching COTS software.

6. Defending Medical Information Systems Against Malicious Software
This white paper informs both vendors (manufacturers and integrators of MedIS) and users (for example, hospitals and medical practices) about possible malware attacks and suggests ways to protect against them.

7. Introduction to the NEMA HIPAA Business Associate Contract Sample Language
Background and description of the NEMA HIPPA Business Associate Contract.

8. Identification and Allocation of Basic Security Rules In Healthcare Imaging Systems
This paper identifies a set of security and privacy rules that, if properly enforced by healthcare providers or their medical imaging Information Technology (IT), can help them meet their legal obligations.

9. Remote Service Interface–Solution (A): IPSec over the Internet Using Digital Certificates
This document describes in detail how to configure IPSec over the Internet using cryptographic certificates, and how to distribute the certificates out-of-band. With this document vendors and health care facilities can configure a single access point using off-the-shelf-equipment.

10. Security and Privacy Requirements for Remote Servicing
This paper describes how to reduce the risks possibly related to remote servicing that might compromise the confidentiality of individually identifiable patient.

11. Security and Privacy Auditing In Health Care Information Technology
This paper describes how auditing in a medical IT environment, including
electronic medical devices, can effectively meet legal mandates and provide the individual accountability and anomaly detection called for in privacy and security regulations.

12. An Introduction to HIPAA
Introduction to the Health Insurance Portability and Accountability Act, which aims to guarantee health insurance coverage of employees, reduce health care fraud and abuse, introduce/implement administrative simplifications in order to augment effectiveness and efficiency of the health care system in the United States and protect the health information of individuals against access without consent or authorization.