This document defines the basic concepts underlying the use of digital certificates in healthcare and provides a scheme of interoperability requirements to establish a digital certificate-enabled secure communication of health information. It also identifies the major stakeholders who are communicating health-related information, as well as the main security services required for health communication where digital certificates can be required.<\/p>\n
This document gives a brief introduction to public key cryptography and the basic components needed to deploy digital certificates in healthcare. It further introduces different types of digital certificates \u2014 identity certificates and associated attribute certificates for relying parties, self-signed certification authority (CA) certificates, and CA hierarchies and bridging structures.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | National foreword <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 11<\/td>\n | 1 Scope 2 Normative references 3 Terms and definitions 3.1 Healthcare context terms <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 3.2 Security services terms <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 3.3 Public key infrastructure related terms <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 4 Abbreviations 5 Healthcare context 5.1 Certificate holders and relying parties in healthcare <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 5.2 Examples of actors 5.2.1 Regulated health professional 5.2.2 Non-regulated health professional 5.2.3 Patient\/consumer 5.2.4 Sponsored healthcare provider 5.2.5 Supporting organization employee 5.2.6 Healthcare organization <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 5.2.7 Supporting organization 5.2.8 Devices 5.2.9 Applications 5.3 Applicability of digital certificates to healthcare <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 6 Requirements for security services in healthcare applications 6.1 Healthcare characteristics 6.2 Digital certificate technical requirements in healthcare 6.2.1 General <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 6.2.2 Authentication 6.2.3 Integrity 6.2.4 Confidentiality 6.2.5 Digital signature 6.2.6 Authorization 6.2.7 Access control <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 6.3 Healthcare-specific needs and the separation of authentication from data encipherment 6.4 Health industry security management framework for digital certificates 6.5 Policy requirements for digital certificate issuance and use in healthcare 7 Public key cryptography 7.1 Symmetric vs. asymmetric cryptography <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 7.2 Digital certificates 7.3 Digital signatures <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 7.4 Protecting the private key <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 8 Deploying digital certificates 8.1 Necessary components 8.1.1 General 8.1.2 CP 8.1.3 CPS 8.1.4 CA 8.1.5 RA <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 8.2 Establishing identity using qualified certificates 8.3 Establishing speciality and roles using identity certificates <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 8.4 Using attribute certificates for authorization and access control <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 9 Interoperability requirements 9.1 Overview 9.2 Options for deploying healthcare digital certificates across jurisdictions 9.2.1 General 9.2.2 Option 1 \u2014 Single hierarchy of CAs 9.2.3 Option 2 \u2014 Relying party management of trust <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 9.2.4 Option 3 \u2014 Cross-recognition 9.2.5 Option 4 \u2014 Cross-certification <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 9.2.6 Option 5 \u2014 Bridge CA 9.3 Option usage <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | Annex A (informative) Scenarios for the use of digital certificates in healthcare <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Health informatics. Public key infrastructure – Overview of digital certificate services<\/b><\/p>\n |