FORMAT
BOOKS
PACKAGES
EDITION
PUBLISHER
CONTENT TYPE
Act
Admin Code
Announcements
Bill
Book
CADD File
CAN
CEU
Charter
Checklist
City Code
Code
Commentary
Comprehensive Plan
Conference Paper
County Code
Course
DHS Documents
Document
Errata
Executive Regulation
Federal Guideline
Firm Content
Guideline
Handbook
Interpretation
Journal
Land Use and Development
Law
Legislative Rule
Local Amendment
Local Code
Local Document
Local Regulation
Local Standards
Manual
Model Code
Model Standard
Notice
Ordinance
Other
Paperback
PASS
Periodicals
PIN
Plan
Policy
Product
Program
Provisions
Requirements
Revisions
Rules & Regulations
Standards
State Amendment
State Code
State Manual
State Plan
State Standards
Statute
Study Guide
Supplement
Technical Bulletin
All
|
Description of ASTM-E2212 2010ASTM E2212 - 02a(2010)Standard Practice for Healthcare Certificate PolicyActive Standard ASTM E2212 | Developed by Subcommittee: E31.25 Book of Standards Volume: 14.01 ASTM E2212Significance and Use
The policy defined by this practice is written from the perspective of healthcare relying parties. It defines a set of requirements to ensure that certificates, used for authentication, authorization, confidentiality, integrity, and nonrepudiation of health information by healthcare organizations and persons, have a minimally sufficient assurance level. This policy defines a healthcare public key infrastructure that can be used to implement other ASTM standards including Specification E2084 and Guide E2086 . CA that implement procedures satisfying each requirement of the policy should reference the policy's OID in the appropriate fields within its certificates. Relying parties can recognize the inclusion of the policy's OID as an indication that the issuing CA has conformed to the requirements of the policy and that the certificates referencing the policy's OID may be used for healthcare purposes. CA that do not comply with all provisions of the policy must not assert the policy's OID in its certificates. A CA that complies with all but a limited number of provisions may reference the policy in its own policy, provided that it clearly states the specific deviations. For example, a healthcare organization might operate an internal CA that complies with all of the provisions of the basic individual certificate class except that it uses a noncomplying cryptographic module for the CA signer keys. The organization might want to use the policy as the basis for establishing trust with external relying parties. While it may not directly assert this policy using the OID, it may reference the policy in a document that includes statements explaining measures it has taken to protect the integrity of the CA signing key. Relying parties or CA wishing to facilitate cross-trust relationships must then make their own risk analysis to determine if the modified policy is adequate for the proposed usage. This assessment, while not as easy as that based upon full compliance, should be significantly facilitated by treating the policy as a reference standard from which to judge the modifications. Certificates and the certificate issuance process can vary in at least three distinct ways. The most frequently cited variation is about assurance. Assurance levels vary depending upon the degree of diligence applied in the registration, key generation, certificate issuance, certificate revocation, and private key protection. The required assurance level depends on the risks associated with a potential compromise. The federal PKI, among others, divides assurance into three classes. Rudimentary assurance involves very little control of either the registration process or key security. The federal PKI does not consider rudimentary assurance appropriate for healthcare use. Medium assurance involves a higher degree of diligence in the registration process and requires a number controls over CA keys. Medium assurance is designed for moderate risk applications. High assurance adds additional controls on the CA and subscriber keys as well as careful division of roles in the issuance process. These additions make high assurance certificates more appropriate for higher risk applications. Certificates may also vary depending upon the type of entity whose identity is bound to the certificate. Finally, certificates are often described in terms of appropriate and inappropriate uses. The policy does not define certificates in terms of assurance levels. Instead, it defines three classes of certificates (entity, basic individual, and clinical individual) that differ in terms of their primary intended use or purpose and in terms of their intended subscriber type. The three certificate classes are ordered so that the clinical individual certificate must meet all the requirements of the basic individual certificate and the basic individual certificate must meet all the requirements of the entity certificate. It is anticipated that the policy will be used to facilitate cross-licensing between healthcare CA. The policy is intended to provide a common reference point for establishing compatibility of purposes, representations, and practices among a number of autonomous healthcare CA. 1. Scope
1.1 This practice covers a policy ( the policy ) for digital certificates that support the authentication, authorization, confidentiality, integrity, and nonrepudiation requirements of persons and organizations that electronically create, disclose, receive, or otherwise transact health information. 1.2 This practice defines a policy for three classes of certificates: ( 1 ) entity certificates issued to computing components such as servers, devices, applications, processes, or accounts reflecting role assignment; ( 2 ) basic individual certificates issued to natural persons involved in the exchange of health information used for healthcare provisioning; and ( 3 ) clinical individual certificates issued to natural persons and used for authentication of prescriptive orders relating to the clinical treatment of patients. 1.3 The policy defined by this practice covers: ( 1 ) definition of healthcare certificates, healthcare certification authorities, healthcare subscribers, and healthcare relying parties; ( 2 ) appropriate use of healthcare certificates; ( 3 ) general conditions for the issuance of healthcare certificates; ( 4 ) healthcare certificate formats and profile; and ( 5 ) requirements for the protection of key material. 1.4 The policy establishes minimum responsibilities for healthcare certification authorities, relying parties, and certificate subscribers. ASTM Standards E2084 Specification for Authentication of Healthcare Information Using Digital Signatures E2086 Guide for Internet and Intranet Healthcare Security Other Documents RFC2560Intern OCSP, June 1999 Available at http://www.ietf.org/rfc/rfc2560.txt.Keywords Certification/registration; Healthcare documentation/delivery/training; ICS Code ICS Number Code 03.120.20 (Product and company certification. Conformity assessment); 11.020 (Medical sciences and health care facilities in general) DOI: 10.1520/E2212-02AR10 ASTM International is a member of CrossRef. ASTM E2212This book also exists in the following packages...Subscription InformationMADCAD.com ASTM Standards subscriptions are annual and access is unlimited concurrency based (number of people that can access the subscription at any given time) from single office location. For pricing on multiple office location ASTM Standards Subscriptions, please contact us at info@madcad.com or +1 800.798.9296.
Some features of MADCAD.com ASTM Standards Subscriptions are: - Immediate Access: As soon as the transaction is completed, your ASTM Standards Subscription will be ready for access.
For any further information on MADCAD.com ASTM Standards Subscriptions, please contact us at info@madcad.com or +1 800.798.9296.
About ASTMASTM International, formerly known as the American Society for Testing and Materials (ASTM), is a globally recognized leader in the development and delivery of international voluntary consensus standards. Today, some 12,000 ASTM standards are used around the world to improve product quality, enhance safety, facilitate market access and trade, and build consumer confidence. ASTM’s leadership in international standards development is driven by the contributions of its members: more than 30,000 of the world’s top technical experts and business professionals representing 150 countries. Working in an open and transparent process and using ASTM’s advanced electronic infrastructure, ASTM members deliver the test methods, specifications, guides, and practices that support industries and governments worldwide. |
GROUPS
|