Health informatics — Guidance on the identification and authentication of connectable Personal Healthcare Devices (PHDs)

An increasing number of personal health devices (PHDs) are designed to exchange information electronically with other health information technology (IT) systems in the user environment. Security threats to PHDs can spread damages to the existing healthcare systems through the networks that are meant to be kept secure for the benefit of the healthcare-service users.

This document gives guidance for managing healthcare-service security using connectable PHDs. It applies to identification and authentication between the bidirectionally connected PHDs and gateway by providing possible use cases and the associated threats and vulnerabilities. It also considers unidirectional data uploading from a PHD to the gateway (manager device).

Main sections:

· Information security objectives in healthcare and PHDs

· Security vulnerabilities of PHDs

· Security threats of PHDs

· Person or entity identification and authentication

· Application, identification and authentication

· Access control

· Annex A: Mapping to other standards