Admission Discharge and Transfer System Protection Profile (ADT-PP) (An ISO/IEC 15408 Security Protection Profile for a Healthcare IT Application System)
Ramaswamy Chandramouli, G Marshall
The central piece of information in this document is a set of security functional and assurance requirements for an Admissions Discharge and Transfer System (ADT). The ADT is a key information technology (IT) application system used in all major healthcare settings and is the first point of electronic capture of all individually identifiable healthcare information. The set of security functional and assurance requirements is expressed in a format that conforms to the Protection Profile (PP) framework that is the part of the ISO/IEC 15408 security criteria.The underlying motivation in developing the Admissions, Discharge and Transfer System PP (referred to ADT-PP) is to demonstrate the use of a protection profile as a vehicle for capturing the dictates of public policy regulatory requirements in the form of IT application system security specifications (consisting of both security functional and assurance requirements) for healthcare IT application systems. Expressing the IT application system's security specifications in a common standardized framework would facilitate the process of interpreting the regulatory requirements among the stakeholders as well as provide a common vocabulary to support subsequent processes like design, development and evaluation of systems. The deployment of such systems in healthcare settings would then serve to meet the underlying goals of the security policy regulation - namely the integrity, availability, confidentiality and privacy of individually identifiable healthcare information.
HIPAA security requirements, security policies, target of evaluation, TOE security functional requirements
and Marshall, G.
Admission Discharge and Transfer System Protection Profile (ADT-PP) (An ISO/IEC 15408 Security Protection Profile for a Healthcare IT Application System), - 6782, National Institute of Standards and Technology, Gaithersburg, MD
(Accessed March 29, 2023)