1. Scope
1.1 This practice covers a policy ("the policy") for digital certificates that support the authentication, authorization, confidentiality, integrity, and nonrepudiation requirements of persons and organizations that electronically create, disclose, receive, or otherwise transact health information.
1.2 This practice defines a policy for three classes of certificates: (1) entity certificates issued to computing components such as servers, devices, applications, processes, or accounts reflecting role assignment; (2) basic individual certificates issued to natural persons involved in the exchange of health information used for healthcare provisioning; and (3) clinical individual certificates issued to natural persons and used for authentication of prescriptive orders relating to the clinical treatment of patients.
1.3 The policy defined by this practice covers: (1) definition of healthcare certificates, healthcare certification authorities, healthcare subscribers, and healthcare relying parties; (2) appropriate use of healthcare certificates; ( 3) general conditions for the issuance of healthcare certificates; (4) healthcare certificate formats and profile; and (5) requirements for the protection of key material.
1.4 The policy establishes minimum responsibilities for healthcare certification authorities, relying parties, and certificate subscribers.
2. Referenced Documents
ASTM Standards
E2084 Specification for Authentication of Healthcare Information Using Digital Signatures
E2086 Guide for Internet and Intranet Healthcare Security
Other Documents
RFC 2560—Internet X.509 Public Key Infrastructure Online Certificate Status Protocol, OCSP, June 1999
Index Terms
digital; authentication; health; information; electronically; healthcare; ICS Number Code 03.120.20 (Product and company certification. Conformity assessment); 11.020 (Medical sciences and health care facilities in general)
DOI: 10.1520/E2212-02A
ASTM International is a member of CrossRef.
Citing ASTM Standards
[Back to Top]
