Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Admission Discharge and Transfer System Protection Profile (ADT-PP) (An ISO/IEC 15408 Security Protection Profile for a Healthcare IT Application System)

Published

Author(s)

Ramaswamy Chandramouli, G Marshall

Abstract

The central piece of information in this document is a set of security functional and assurance requirements for an Admissions Discharge and Transfer System (ADT). The ADT is a key information technology (IT) application system used in all major healthcare settings and is the first point of electronic capture of all individually identifiable healthcare information. The set of security functional and assurance requirements is expressed in a format that conforms to the Protection Profile (PP) framework that is the part of the ISO/IEC 15408 security criteria.The underlying motivation in developing the Admissions, Discharge and Transfer System PP (referred to ADT-PP) is to demonstrate the use of a protection profile as a vehicle for capturing the dictates of public policy regulatory requirements in the form of IT application system security specifications (consisting of both security functional and assurance requirements) for healthcare IT application systems. Expressing the IT application system's security specifications in a common standardized framework would facilitate the process of interpreting the regulatory requirements among the stakeholders as well as provide a common vocabulary to support subsequent processes like design, development and evaluation of systems. The deployment of such systems in healthcare settings would then serve to meet the underlying goals of the security policy regulation - namely the integrity, availability, confidentiality and privacy of individually identifiable healthcare information.
Citation
- 6782
Report Number
6782

Keywords

HIPAA security requirements, security policies, target of evaluation, TOE security functional requirements

Citation

Chandramouli, R. and Marshall, G. (2002), Admission Discharge and Transfer System Protection Profile (ADT-PP) (An ISO/IEC 15408 Security Protection Profile for a Healthcare IT Application System), - 6782, National Institute of Standards and Technology, Gaithersburg, MD (Accessed December 4, 2023)
Created March 1, 2002, Updated October 16, 2008