The central piece of information in this document is a set of security functional and assurance requirements for an Admissions Discharge and Transfer System (ADT). The ADT is a key information technology (IT) application system used in all major healthcare settings and is the first point of electronic capture of all individually identifiable healthcare information. The set of security functional and assurance requirements is expressed in a format that conforms to the Protection Profile (PP) framework that is the part of the ISO/IEC 15408 security criteria.The underlying motivation in developing the Admissions, Discharge and Transfer System PP (referred to ADT-PP) is to demonstrate the use of a protection profile as a vehicle for capturing the dictates of public policy regulatory requirements in the form of IT application system security specifications (consisting of both security functional and assurance requirements) for healthcare IT application systems. Expressing the IT application system's security specifications in a common standardized framework would facilitate the process of interpreting the regulatory requirements among the stakeholders as well as provide a common vocabulary to support subsequent processes like design, development and evaluation of systems. The deployment of such systems in healthcare settings would then serve to meet the underlying goals of the security policy regulation - namely the integrity, availability, confidentiality and privacy of individually identifiable healthcare information.
Citation: NIST Interagency/Internal Report (NISTIR) - 6782
NIST Pub Series: NIST Interagency/Internal Report (NISTIR)
Pub Type: NIST Pubs
HIPAA security requirements, security policies, target of evaluation, TOE security functional requirements