Designation:E2085–00aAnAmericanNationalStandardStandardGuideonSecurityFrameworkforHealthcareInformation1ThisstandardisissuedunderthefixeddesignationE2085;thenumberimmediatelyfollowingthedesignationindicatestheyearoforiginaladoptionor,inthecaseofrevision,theyearoflastrevision.Anumberinparenthesesindicatestheyearoflastreapproval.Asuperscriptepsilon(e)indicatesaneditorialchangesincethelastrevisionorreapproval.1.Scope1.1Thisguidecoversaframeworkfortheprotectionofhealthcareinformation.Itaddressesbothstorageandtransmis-sionofinformation.Itdescribesexistingstandardsusedforinformationsecuritywhichcanbeusedinmanycases,anddescribeswhich(healthcare–specific)standardsareneededtocompletetheframework.Appropriatebackgroundinformationonsecurity(andparticularlycryptography)isincluded.Theframeworkisdesignedtoaccommodateaverylarge(nationalorinternational),distributeduserbase,spreadacrossmanyorganizations,anditthereforerecommendstheuseofcertain(scaleable)technologiesoverothers.1.2Electronicinformationexchangeandsharingofdatainhasbeenthebackboneofindustriessuchasfinancialinstitu-tionsforseveralyears.Costcuttingmeasuresandarealneedforsharingofinformationaredrivinghealthcareservicestowardincreaseduseofcomputer-basedinformationsystems.Oneoftherequirementsfortheabilitytoshareandexchangehealthcareinformationisthattheinformationbeprotected.1.3Selectionofstandardswasperformedusingthefollow-ingcriteria,whicharedescribedinmoredetailin4.2.1.3.1Securityrequirementsaredefinedinthisframework,and(insomecases)inadditionalASTMguidelines.1.3.2ASTMstandardspecificationsareusedtodefineprotocolsandmessageformatsinsupportofinteroperability.1.3.3Existingstandardswillbereusedorextendedwhen-everpossible.1.3.4Thisframeworkdoesnotaddresspolicyissues.ASTMSubcommitteeE31.17iswritingstandardsthataddresstheseissues.2.ReferencedDocuments2.1ASTMStandards:E1238SpecificationforTransferringClinicalObservationsBetweenIndependentComputerSystems2E1384GuideforContentandStructureoftheComputer-BasedPatientRecord2E1762Guid...
