ISO/TR 22696:2020 pdf download – Health informatics — Guidance on the identification and authentication of connectable Personal Healthcare Devices (PHDs).
3.3 authenticate verify the identity of a user (3.20), user device, or other entity, or the integrity (3.11) of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission [SOURCE: IEC/TS 62443-1-1:2009, 3.2.12] 3.4 authentication provision of assurance that a claimed characteristic of an entity is correct [SOURCE: ISO/IEC 27000:2018, 3.5] 3.5 authorization right or permission that is granted to a system entity to access a system resource [SOURCE: IEC/TS 62443:2009, 3.2.14] 3.6 availability property of being accessible and usable on demand by an authorized entity [SOURCE: ISO/IEC 27000:2018, 3.7] 3.7 bidirectional connection two-way communication connection between a personal health device (3.16) and a gateway (3.9) for data exchange 3.8 confidentiality property that information is not made available or disclosed to unauthorized individuals, entities, or processes [SOURCE: ISO/IEC 27000:2018, 3.10] 3.9 gateway relay mechanism that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables host computers on one network to communicate with hosts on the other Note 1 to entry: Also described as an intermediate system that is the translation interface between two computer networks. [SOURCE: IEC/TS 62443-1-1:2009, 3.2.53] 3.10 identification process of identifying and recognizing a user (3.20), personal health device (3.16), or home gateway (3.9) as a unique entity that establishes connections
5 Information security objectives in healthcare and PHDs Information security has been addressed in three security objectives: confidentiality, integrity, and availability. Although in most information technology domains confidentiality has been considered more important than integrity and availability, there is room for debate, depending on the needs of each situation. For example, when it comes to the ICS, availability is deemed more significant than integrity or confidentiality. Its importance is clear when considering the large amount of loss and high level of impact that the stoppage of national power plants or burning furnaces have. In the healthcare domain, it is crucial to prioritize confidentiality, integrity and availability according to specific requirements of the domain. Practical guidelines for emergency situations prompt health- care providers to consider human life above any other requirements, i.e. privacy rules. When it comes to integrity and availability, it is difficult to definitively prioritize one over the other. For example, it is clear that availability would be the priority for a patient in an ICU since a system-off would be fatal and cause death. For a patient who is supported by a pacemaker, the availability of the pacemaker is also critical. However, if the data that is connected to a patient’s critical equipment in ICU or to a pacemaker is manipulated or falsely reported, the patient faces the same risks that those associated with unavailability. Hence, integrity should also be prioritized in the healthcare sector when it comes to the PHD’s security and accurate functionality, since contaminated data can pose a threat to human life.