ASTM E2212-2002a(2010) 健康管理证书政策的实施规程
作者:标准资料网 时间:2024-05-03 15:53:02 浏览:8240
来源:标准资料网
下载地址: 点击此处下载
【英文标准名称】:StandardPracticeforHealthcareCertificatePolicy
【原文标准名称】:健康管理证书政策的实施规程
【标准号】:ASTME2212-2002a(2010)
【标准状态】:现行
【国别】:美国
【发布日期】:2002
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E31.25
【标准类型】:(Practice)
【标准水平】:()
【中文主题词】:
【英文主题词】:Certification/registration;Healthcaredocumentation/delivery/training
【摘要】:Thepolicydefinedbythispracticeiswrittenfromtheperspectiveofhealthcarerelyingparties.Itdefinesasetofrequirementstoensurethatcertificates,usedforauthentication,authorization,confidentiality,integrity,andnonrepudiationofhealthinformationbyhealthcareorganizationsandpersons,haveaminimallysufficientassurancelevel.ThispolicydefinesahealthcarepublickeyinfrastructurethatcanbeusedtoimplementotherASTMstandardsincludingSpecificationE2084andGuideE2086.CAthatimplementproceduressatisfyingeachrequirementofthepolicyshouldreferencethepolicy''sOIDintheappropriatefieldswithinitscertificates.Relyingpartiescanrecognizetheinclusionofthepolicy''sOIDasanindicationthattheissuingCAhasconformedtotherequirementsofthepolicyandthatthecertificatesreferencingthepolicy''sOIDmaybeusedforhealthcarepurposes.CAthatdonotcomplywithallprovisionsofthepolicymustnotassertthepolicy''sOIDinitscertificates.ACAthatcomplieswithallbutalimitednumberofprovisionsmayreferencethepolicyinitsownpolicy,providedthatitclearlystatesthespecificdeviations.Forexample,ahealthcareorganizationmightoperateaninternalCAthatcomplieswithalloftheprovisionsofthebasicindividualcertificateclassexceptthatitusesanoncomplyingcryptographicmodulefortheCAsignerkeys.Theorganizationmightwanttousethepolicyasthebasisforestablishingtrustwithexternalrelyingparties.WhileitmaynotdirectlyassertthispolicyusingtheOID,itmayreferencethepolicyinadocumentthatincludesstatementsexplainingmeasuresithastakentoprotecttheintegrityoftheCAsigningkey.RelyingpartiesorCAwishingtofacilitatecross-trustrelationshipsmustthenmaketheirownriskanalysistodetermineifthemodifiedpolicyisadequatefortheproposedusage.Thisassessment,whilenotaseasyasthatbaseduponfullcompliance,shouldbesignificantlyfacilitatedbytreatingthepolicyasareferencestandardfromwhichtojudgethemodifications.Certificatesandthecertificateissuanceprocesscanvaryinatleastthreedistinctways.Themostfrequentlycitedvariationisaboutassurance.Assurancelevelsvarydependinguponthedegreeofdiligenceappliedintheregistration,keygeneration,certificateissuance,certificaterevocation,andprivatekeyprotection.Therequiredassuranceleveldependsontherisksassociatedwithapotentialcompromise.ThefederalPKI,amongothers,dividesassuranceintothreeclasses.Rudimentaryassuranceinvolvesverylittlecontrolofeithertheregistrationprocessorkeysecurity.ThefederalPKIdoesnotconsiderrudimentaryassuranceappropriateforhealthcareuse.MediumassuranceinvolvesahigherdegreeofdiligenceintheregistrationprocessandrequiresanumbercontrolsoverCAkeys.Mediumassuranceisdesignedformoderateriskapplications.HighassuranceaddsadditionalcontrolsontheCAandsubscriberkeysaswellascarefuldivisionofrolesintheissuanceprocess.Theseadditionsmakehighassurancecertificatesmoreappropriateforhigherriskapplications.Certificatesmayalsovarydependinguponthetypeofentitywhoseidentityisboundtothecertificate.Finally,certificatesareoftendescribedintermsofappropriateandinappropriateuses.Thepolicydoesnotdefinecertificatesintermsofassurancelevels.Instead,itdefinesthreeclassesofcertificates(entity,basicindividual,andclinicalindividual)thatdifferintermsoftheirprimaryintendeduseorpurposeandintermsoftheirintendedsubscribertype.Thethreecertificateclassesareorderedsothattheclinicalindividualcertif......
【中国标准分类号】:C50
【国际标准分类号】:11_020
【页数】:20P.;A4
【正文语种】:英语
【原文标准名称】:健康管理证书政策的实施规程
【标准号】:ASTME2212-2002a(2010)
【标准状态】:现行
【国别】:美国
【发布日期】:2002
【实施或试行日期】:
【发布单位】:美国材料与试验协会(US-ASTM)
【起草单位】:E31.25
【标准类型】:(Practice)
【标准水平】:()
【中文主题词】:
【英文主题词】:Certification/registration;Healthcaredocumentation/delivery/training
【摘要】:Thepolicydefinedbythispracticeiswrittenfromtheperspectiveofhealthcarerelyingparties.Itdefinesasetofrequirementstoensurethatcertificates,usedforauthentication,authorization,confidentiality,integrity,andnonrepudiationofhealthinformationbyhealthcareorganizationsandpersons,haveaminimallysufficientassurancelevel.ThispolicydefinesahealthcarepublickeyinfrastructurethatcanbeusedtoimplementotherASTMstandardsincludingSpecificationE2084andGuideE2086.CAthatimplementproceduressatisfyingeachrequirementofthepolicyshouldreferencethepolicy''sOIDintheappropriatefieldswithinitscertificates.Relyingpartiescanrecognizetheinclusionofthepolicy''sOIDasanindicationthattheissuingCAhasconformedtotherequirementsofthepolicyandthatthecertificatesreferencingthepolicy''sOIDmaybeusedforhealthcarepurposes.CAthatdonotcomplywithallprovisionsofthepolicymustnotassertthepolicy''sOIDinitscertificates.ACAthatcomplieswithallbutalimitednumberofprovisionsmayreferencethepolicyinitsownpolicy,providedthatitclearlystatesthespecificdeviations.Forexample,ahealthcareorganizationmightoperateaninternalCAthatcomplieswithalloftheprovisionsofthebasicindividualcertificateclassexceptthatitusesanoncomplyingcryptographicmodulefortheCAsignerkeys.Theorganizationmightwanttousethepolicyasthebasisforestablishingtrustwithexternalrelyingparties.WhileitmaynotdirectlyassertthispolicyusingtheOID,itmayreferencethepolicyinadocumentthatincludesstatementsexplainingmeasuresithastakentoprotecttheintegrityoftheCAsigningkey.RelyingpartiesorCAwishingtofacilitatecross-trustrelationshipsmustthenmaketheirownriskanalysistodetermineifthemodifiedpolicyisadequatefortheproposedusage.Thisassessment,whilenotaseasyasthatbaseduponfullcompliance,shouldbesignificantlyfacilitatedbytreatingthepolicyasareferencestandardfromwhichtojudgethemodifications.Certificatesandthecertificateissuanceprocesscanvaryinatleastthreedistinctways.Themostfrequentlycitedvariationisaboutassurance.Assurancelevelsvarydependinguponthedegreeofdiligenceappliedintheregistration,keygeneration,certificateissuance,certificaterevocation,andprivatekeyprotection.Therequiredassuranceleveldependsontherisksassociatedwithapotentialcompromise.ThefederalPKI,amongothers,dividesassuranceintothreeclasses.Rudimentaryassuranceinvolvesverylittlecontrolofeithertheregistrationprocessorkeysecurity.ThefederalPKIdoesnotconsiderrudimentaryassuranceappropriateforhealthcareuse.MediumassuranceinvolvesahigherdegreeofdiligenceintheregistrationprocessandrequiresanumbercontrolsoverCAkeys.Mediumassuranceisdesignedformoderateriskapplications.HighassuranceaddsadditionalcontrolsontheCAandsubscriberkeysaswellascarefuldivisionofrolesintheissuanceprocess.Theseadditionsmakehighassurancecertificatesmoreappropriateforhigherriskapplications.Certificatesmayalsovarydependinguponthetypeofentitywhoseidentityisboundtothecertificate.Finally,certificatesareoftendescribedintermsofappropriateandinappropriateuses.Thepolicydoesnotdefinecertificatesintermsofassurancelevels.Instead,itdefinesthreeclassesofcertificates(entity,basicindividual,andclinicalindividual)thatdifferintermsoftheirprimaryintendeduseorpurposeandintermsoftheirintendedsubscribertype.Thethreecertificateclassesareorderedsothattheclinicalindividualcertif......
【中国标准分类号】:C50
【国际标准分类号】:11_020
【页数】:20P.;A4
【正文语种】:英语
下载地址: 点击此处下载