1 Scope
This standard specifies the security measures that health data controllers can take to protect the health data.
This standard is applicable to guiding health data controllers in the security protection of health data, and can also be referred to by health care- and cybersecurity-related competent departments and third-party assessment agencies and other organizations when carrying out security supervision, management and assessment of health data.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 22080-2016 Information technology - Security techniques - Information security management systems - Requirements
GB/T 22081-2016 Information technology - Security techniques - Code of practice for information security controls
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 25069 Information security technology - Terminology
GB/T 31168 Information security technology - Security capability requirements of cloud computing services
GB/T 35273 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 37964-2019 Information security technology - Guide for de-identifying personal information
ISO 80001 Application of risk management for IT-networks incorporating medical devices
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and the following apply.
3.1
personal health data
electronic data that, alone or in combination with other information, can identify a specific natural person or reflect the physical or mental health status of a specific natural person
Note: Personal health data relate to an individual's past, present or future physical or mental health status, health care services received and health care service fees paid for, etc., see Annex A.
3.2
health data
personal health data and health related electronic data obtained from processing of personal health data
Example: Overall analysis results, trend prediction, disease prevention and control statistics of a group obtained from processing of group health data.
3.3
health service professional
persons authorized by the government or industry organization to be qualified to perform specific health care duties
Example: Doctor.
3.4
health service
service provided by a health service professional or paraprofessional that has an impact on health status
3.5
health data controller
organizations or individuals who can determine the purpose, manner, scope, etc. of health data processing
Example: Organizations, medical insurance institutions, government agencies, healthcare scientific research institutions, individual clinics, etc. that provide health services.
3.6
health information system
system that collects, stores, processes, transmits, accesses, and destroys health data in a computer-processable form
3.7
limited data set
personal health data set that has been partially de-identified but still identifies the corresponding individual and therefore needs to be protected
Example: Health data from which identifications directly related to individuals and their families, family members, and employers are removed.
Note: Limited data set may be used for the purposes of scientific research, medical/health education and public health without the authorization of the individual concerned.
3.8
notes of treatment
observations, reflections, program discussions and conclusions recorded by health service professionals in the course of providing health services
Note: Notes of treatment have the attribute of intellectual property rights and their intellectual property rights belong to health service professionals and/or their units.
3.9
disclosure
act of transferring and sharing health data to specific individuals or organizations, as well as publicly releasing health data to unspecified individuals, organizations or society
3.10
clinical research
scientific research activities aimed at exploring the causes, prevention, diagnosis, treatment, and prognosis of diseases, initiated by medical institutions, academic research institutions, and/or healthcare-related enterprises, with patients or healthy individuals as research subjects
Note: Clinical research is a branch of medical research.
3.11
completely public sharing
release of data, usually release of data directly to the public via the Internet, with data being difficult to recall once after being released
[GB/T 37964-2019, Definition 3.12]
3.12
controlled public sharing
constraining the use of data through data use agreement
[GB/T 37964-2019, Definition 3.13]
3.13
enclave public sharing
sharing of data within a physical or virtual enclave, out of which data cannot flow
[GB/T 37964-2019, Definition 3.14]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ACL: Access Control Lists
API: Application Programming Interface
APP: Application
DNA: DeoxyriboNucleic Acid
EDC: Electronic Data Capture
GCP: Good Clinical Practice
HIS: Hospital Information Systems
HIV: Human Immunodeficiency Virus
HL7: Healthcare Level 7
ID: Identity
IP: Internet Protocol
IPSEC: Internet Protocol Security
LDS: Limited Data Set Files
PIN: Personal Identity Number
PUF: Public Use Files
RIF: Research Identifiable Files
RNA: RiboNucleic Acid
SQL: Structured Query Language
TLS: Transport Layer Security
USB: Universal Serial Bus
VPN: Virtual Private Network
XSS: cross-site scripting
Foreword III
Introduction IV
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Security objectives
6 Classification system
6.1 Data categories
6.2 Data classification
6.3 Classification of related roles
6.4 Flow and usage scenarios
6.5 Data opening forms
7 Principles for use and disclosure
8 Key points of security measures
8.1 Key points of classification security measures
8.2 Key points of scenario-specific security measures
8.3 Key points of data opening-specific security measures
9 Security management guide
9.1 General
9.2 Organization
9.3 Process
9.4 Emergency disposal
10 Security technology guide
10.1 General security technology
10.2 De-identification
11 Data security in typical scenarios
11.1 Data security in doctors' access
11.2 Data security in patient query
11.3 Clinical research data security
11.4 Data security in secondary use
11.5 Health sensing data security
11.6 Mobile application data security
11.7 Commercial insurance matching security
11.8 Data security for medical devices
Annex A (Informative) Personal health data scope
Annex B (Informative) Standards related to health information
Annex C (Informative) Example of a data use management method
Annex D (Informative) Examples of data application approval
Annex E (Informative) Templates of data processing and use agreements
Annex F (Informative) Health data security checklist
Annex G (Informative) Examples of health data element de-identification
Bibliography
前言
本标准按照GB/T 1.1-2009给出的规则起草。
本标准由全国信息安全标准化技术委员会(SAC/TC 260)提出并归口。
引言
健康医疗数据包括个人健康医疗数据以及由个人健康医疗数据加工处理之后得到的健康医疗相关数据。随着健康医疗数据应用、“互联网+医疗健康”和智慧医疗的蓬勃发展,各种新业务、新应用不断出现,健康医疗数据在全生命周期各阶段均面临着越来越多的安全挑战,安全问题频发。由于健康医疗数据安全事关患者生命安全.个人信息安全、社会公共利益和国家安全,为了更好地保护健康医疗数据安全,规范和推动健康医疗数据的融合共享、开放应用,促进健康医疗事业发展,特制定健康医疗数据安全指南。
信息安全技术 健康医疗数据安全指南
1 范围
本标准给出了健康医疗数据控制者在保护健康医疗数据时可采取的安全措施。
本标准适用于指导健康医疗数据控制者对健康医疗数据进行安全保护.也可供健康医疗、网络安全相关主管部门以及第三方评估机构等组织开展健康医疗数据的安全监督管理与评估等工作时参考。
2 规范性引用文件
下列文件对于本文件的应用是必不可少的。凡是注日期的引用文件,仅注日期的版本适用于本文件。凡是不标注日期的引用文件,其最新版本(包括所有的修改单)适用于本文件。
GB/T 22080-2016 信息技术 安全技术 信息安全管理体系 要求
GB/T 22081-2016 信息技术 安全技术 信 息安全控制实践指南
GB/T 22239-2019 信息安全技术 网络安全 等级保护基本要求
GB/T 25069 信息安全技术 术语
GB/T 31168 信息安全技术 云计算服 务安全能力要求
GB/T 35273 信息安全技术 个人 信息安全规范
GB/T 35274-2017 信息安全技术 大数据服 务安全能力要求
GB/T 37964-2019 信息安全技术 个人 信息去标识化指南
ISO 80001 Application of risk management for IT-networks incorporating medical devices
3 术语和定义
GB/T 25069界定的以及下列术语和定义适用于本文件。
3.1
个人健康医疗数据
personal health data
单独或者与其他信息结合后能够识别特定自然人或者反映特定自然人生理或心理健康的相关电子数据。
注:个人健康医疗数据涉及个人过去,现在或将来的身体或精神健康状况,接受的医疗保健服务和支付的医疗保健服务费用等,参见附录A.
3.2
健康医疗数据health data
个人健康医疗数据以及由个人健康医疗数据加工处理之后得到的健康医疗相关电子数据。
示例:经过对群体健康医疗数据处理后得到的群体总体分析结果、趋势预测、疾病防治统计数据等。
3.3
健康医疗专业人员
health service professional
经政府或行业组织授权有资格履行特定健康医疗工作职责的人员。
示例:医生。
3.4
健康医疗服务health service
由健康医疗专业人员或专业辅助人员提供的对健康状况有影响的服务。
3.5
健康医疗数据控制者health data controller
能够决定健康医疗数据处理目的、方式及范围等的组织或个人。
示例:提供健康医疗服务的组织.医保机构.政府机构.健康医疗科学研究机构.个体诊所等.
3.6
健康医疗信息系统health information system
以计算机可处理的形式采集、存储、处理.传输、访问、销毁健康医疗数据的系统。
3.7
受限制数据集limited data set
经过部分去标识化处理,但仍可识别相应个人并因此需要保护的个人健康医疗数据集。
示例:从健康医疗数据中删除与个人及其家属、家庭成员和雇主直接相关的标识。
注:受限制数据集可在未经个人授权的情形下用于科学研究、医学/健康教育、公共卫生目的。
3.8
治疗笔记notes of treatment
健康医疗专业人员在提供健康医疗服务过程中记录的观察、思考、方案探讨结论等内容。
注:治疗笔记具有知识产权属性,其知识产权归健康医疗专业人员和/或其单位所有.
3.9
披露
disclosure
将健康医疗数据向特定个人或组织进行转让、共享,以及向不特定个人、组织或社会公开发布的行为。
3.10
临床研究clinical research
以患者或健康人为研究对象,由医疗机构、学术研究机构和/或医疗健康相关企业发起的,以探索疾病原因、预防、诊断、治疗和预后为目的的科学研究活动。
注:临床研究属于医学研究的-个分支。
3.11
完全公开共享completely public sharing
数据一旦发布,很难召回,-般通过互联网直接公开发布。
[GB/T 37964-2019,定义3.12]
3.12
受控公开共享
controlled public sharing
通过数据使用协议对数据的使用进行约束。
[GB/T 37964- 2019,定义3.13]
3.13
领地公开共享
enclave public sharing
在物理或者虚拟的领地范围内共享,数据不能流出到领地范围外。
[GB/T 37964-2019,定义3.14]
4缩略语
下列缩略语适用于本文件。
ACL:访问控制列表(Access Control Lists)
API:应用程序接口(Application Programming Interface)
APP:应用(Application)
DNA:脱氧核糖核酸(DeoxyriboNucleic Acid)
EDC:电子数据采集( Electronie Data Capture)
GCP:临床试验规范标准(Good Clinical Practice)
HIS:医院信息系统( Hospital Information Systems)
HIV :艾滋病病毒( Human Immunodeficiency Virus)
HL7:医疗第七层( Healtheare Level 7)
ID:身份标识( ldentity)
IP:互联网协议(Internet Protocol )
IPSEC:网际协议安全( Internet Protocol Security)
LDS:受限制数据集( Limited Data Set Files)
PIN:个人识别号码(Personal Identity Number)
PUF :公用数据集(Public Use Files)
RIF:可标识数据集( Research Identifiable Files)
RNA:核糖核酸(RiboNucleic Acid)
SQL:结构化查询语言(Structured Query Language)
TLS:传输层安全(Transport Layer Security)
USB:通用串行总线( Universal Serial Bus)
VPN:虛拟专用网络( Virtual Private Network)
XSS:跨站点脚本(cross-site scripting)
