NEMA HN 1-2008 Manufacturer Disclosure Statement for Medical Device Security1.pdf
《NEMA HN 1-2008 Manufacturer Disclosure Statement for Medical Device Security1.pdf》由会员分享,可在线阅读,更多相关《NEMA HN 1-2008 Manufacturer Disclosure Statement for Medical Device Security1.pdf(17页珍藏版)》请在三一文库上搜索。
1、HIMSS/NEMA Standard HN 1-2008 Manufacturer Disclosure Statement for Medical Device Security Published by National Electrical Manufacturers Association 1300 North 17th Street, Suite 1752 Rosslyn, Virginia 22209 www.nema.org Copyright 2008 by the National Electrical Manufacturers Association and the H
2、ealthcare Information and Management Systems Society. All rights including translation into other languages, reserved under the Universal Copyright Convention, the Berne Convention for the Protection of Literary and Artistic Works, and the International and Pan American Copyright Conventions. NOTICE
3、 AND DISCLAIMER The information in this publication was considered technically sound by the consensus of persons engaged in the development and approval of the document at the time it was developed. Consensus does not necessarily mean that there is unanimous agreement among every person participatin
4、g in the development of this document. The National Electrical Manufacturers Association (NEMA) standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/
5、or seeks out the views of persons who have an interest in the topic covered by this publication. While NEMA administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the ac
6、curacy or completeness of any information or the soundness of any judgments contained in its standards and guideline publications. NEMA disclaims liability for any personal injury, property, or other damages of any nature whatsoever, whether special, indirect, consequential, or compensatory, directl
7、y or indirectly resulting from the publication, use of, application, or reliance on this document. NEMA disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of any information published herein, and disclaims and makes no warranty that the information
8、in this document will fulfill any of your particular purposes or needs. NEMA does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of this standard or guide. In publishing and making this document available, NEMA is not undertaking t
9、o render professional or other services for or on behalf of any person or entity, nor is NEMA undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent
10、 professional in determining the exercise of reasonable care in any given circumstances. Information and other standards on the topic covered by this publication may be available from other sources, which the user may wish to consult for additional views or information not covered by this publicatio
11、n. NEITHER HEALTHCARE INFORMATION MANAGEMENT SYSTEMS SOCIETY (HIMSS) NOR NEMA HAVE POWER, NOR DO THEY UNDERTAKE TO POLICE OR ENFORCE COMPLIANCE WITH THE CONTENTS OF THIS DOCUMENT. NEITHER HIMSS NOR NEMA CERTIFY, TEST, OR INSPECT PRODUCTS, DESIGNS, OR INSTALLATIONS FOR SAFETY OR HEALTH PURPOSES. ANY
12、CERTIFICATION OR OTHER STATEMENT OF COMPLIANCE WITH ANY HEALTH OR SAFETY RELATED INFORMATION IN THIS DOCUMENT SHALL NOT BE ATTRIBUTABLE TO HIMSS OR NEMA AND IS SOLELY THE RESPONSIBILITY OF THE CERTIFIER OR MAKER OF THE STATEMENT. HN 1-2008 Page i CONTENTS Page Foreword ii Section 1GENERAL.1 1.1Scope
13、.1 1.1.1The Role of Healthcare Providers in the Security Management Process 1 1.1.2The Role of Medical Device Manufacturers in the Security Management Process1 1.2References 1 1.3Definitions2 1.4Acronyms.3 Section 2INSTRUCTIONS FOR OBTAINING, USING AND COMPLETING MDS2 FORM4 2.1Obtaining the MDS2 For
14、m (Providers).4 2.2Using the MDS2Form (Providers).4 2.2.1Section 1 Questions 1-19.4 2.2.2Section 2 Explanatory notes 4 2.3Completing the MDS2 Form (Manufacturers)4 2.3.1General4 2.3.2MDS2Form Completion Guidance4 Section 3MDS2FORM8 Copyright 2008 by the National Electrical Manufacturers Association
15、and the Healthcare Information and Management Systems Society. ? HN 1-2008 Page ii Foreword This document consists of the Manufacturer Disclosure Statement for Medical Device Security (MDS2 form) and related instructions how to complete the form. The intent of the MDS2 form is to supply healthcare p
16、roviders with important information to assist them in assessing the VULNERABILITY and risks associated with protecting ELECTRONIC PROTECTEDHEALTHINFORMATION (ePHI) transmitted or maintained by medical devices. Because security risk assessment spans an entire organization, this document focuses on on
17、ly those elements of the security risk assessment process associated with medical devices and systems that maintain or transmit ePHI. A standardized form 1) allows manufacturers to quickly respond to a potentially large volume of information requests from providers regarding the security- related fe
18、atures of the medical devices they manufacture; and 2) facilitates the providers review of the large volume of security-related information supplied by the manufacturers. The manufacturer-completed MDS2 form should: (1) Be useful to healthcare provider organizations worldwide. While the form does su
19、pply information important to providers who must comply with HIPAA privacy and security rules, the information presented may be useful for any healthcare provider who aspires to have an effective information security RISK MANAGEMENT program. Outside the US, providers would therefore find the MDS2 fo
20、rm an effective tool to address regional regulations such as EU 95/46 (Europe), Act on the Protection of Personal Information (Act No. 57 of 2003, Japan), and PIPEDA (Canada). (2) Include device specific information addressing the technical security-related attributes of the individual device model.
21、 (3) Provide a simple, flexible way of collecting the technical, device-specific elements of the common/typical information needed by provider organizations (device users/operators) to begin medical device information security (i.e., confidentiality, integrity, availability) risk assessments. (4) HI
22、MSS and NEMA grant permission to make copies and use this form. PLEASE BE ADVISEDThe MDS2 form is not intended to nor should it be used as the sole basis for medical device procurement. Writing procurement specifications requires a deeper and more extensive knowledge of security (including the indiv
23、idual facilitys/providers situation) and the healthcare mission. Using the information provided by the manufacturer in the MDS2 form together with information collected about the care delivery environment (e.g., through tools like ACCE / ECRIs Guide for Information Security for Biomedical Technology
24、), the providers multidisciplinary risk assessment team can review assembled information and make informed decisions on implementing a local security management plan. This form was originally adapted from portions of the ACCE / ECRI Biomedical Equipment Survey Form, a key tool found in Information S
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- NEMA HN 1-2008 Manufacturer Disclosure Statement for Medical Device Security1 2008
链接地址:https://www.31doc.com/p-3673826.html