This guidance provides the security requirements for gateways when they are used in personal healthcare system and services. When the collected data by Personal healthcare devices(PHDs) including implantable PHDs are transmitted to the care takers (medical staffs) or remotely located healthcare system, some public gateways are used to forward these healthcare data. These gateways perform data collection, transformation, and transmission in between the PHDs and the final recipients of the data. However, these gateways are vulnerable to security attacks, and these attacks can cause much more serious and critical results when they are used to deliver critical information from PHDs. In order to secure the healthcare data passing through these gateways, it is recommended to set up security requirements for the gateways when they are used in personal healthcare system.
The gateway services reflect the characteristics of the business area in which the gateways are used. Gateway services must comply with the legal, cultural and environmental requirements of the purpose and location for which the services are provided. Therefore, this document focuses on the security requirements of gateway services in personal healthcare environments.
Network security requirements such as general security protocols or specific security requirements for particular application services using server platforms and/or Hospital Information System(HIS) are not included in this document.
This document does not have legal effect as it only outlines and describes gateway security requirements to provide secure services in a personal healthcare environment.
IN_DEVELOPMENT
ISO/NP TS 24306.3
10.60
Close of voting
Dec 29, 2022
Only informative sections of projects are publicly available. To view the full content, you will need to members of the committee. If you are a member, please log in to your account by clicking on the "Log in" button.