ISO 17090 Health informatics - Public Key Infrastructure (Part 1 through 5)


ISO 17090 Health informatics - Public Key Infrastructure(PKI) consists of the following parts, under the general title Health informatics -- Public Key Infrastructure:

About ISO 13606

ISO 17090-1:2013 defines the basic concepts underlying the use of digital certificates in healthcare and provides a scheme of interoperability requirements to establish digital certificate-enabled secure communication of health information.

ISO 17090-2:2015 specifies the certificate profiles required to interchange healthcare information within a single organization, between different organizations and across jurisdictional boundaries. It details the use made of digital certificates in the health industry and focuses, in particular, on specific healthcare issues relating to certificate profiles.

ISO 17090-3:2008 gives guidelines for certificate management issues involved in deploying digital certificates in healthcare. It specifies a structure and minimum requirements for certificate policies, as well as a structure for associated certification practice statements.

ISO 17090-3:2008 also identifies the principles needed in a healthcare security policy for cross-border communication and defines the minimum levels of security required, concentrating on aspects unique to healthcare.

ISO 17090-4:2014 supports interchangeability of digital signatures and the prevention of incorrect or illegal digital signatures by providing minimum requirements and formats for generating and verifying digital signatures and related certificates.

Furthermore, it defines the provable compliance with a PKI policy necessary in the domain of healthcare. This part of ISO 17090 adopts long-term signature formats to ensure integrity and non-repudiation in long-term electronic preservation of healthcare information.

ISO 17090-5:2017 defines the procedural requirements for validating an entity credential based on Healthcare PKI defined in the ISO 17090 series used in healthcare information systems including accessing remote systems. Authorization procedures and protocols are out of scope of this document. The data format of digital signatures is also out of scope of this document.

Information to Get Electronic Health Record (EHR) Standards for India is available at the Get Standard