Security Requirements for Medical Applications

Question

I'm doing research on coding requirements for medical applications but I can't find anything useful/structured. Basically I'm looking for structured (if possible XML file) document with the list of security requirement. For example what kind of encryption they should use, what features of the app should be disabled by the default, what log info should be stored and how to store it, etc.

Of course requirements can be different for different apps and companies, i just need some general information and if possible for the US.

I would really hope that no government would mandate any particular security, and it would be up to your company to decide how to do it... but judging by the first answer here, at least Australia has taken steps down that dangerous path. So depressing. — rmeador, Apr 16 '09 at 16:13

score 10 · Accepted Answer · answered Apr 16 '09 at 16:11

10

For the US, you can check out the HIPAA guide for web programmers.

answered Apr 16 '09 at 16:11

RossFabricant

12,364
3
41
50

score 7 · Answer 2 · answered Apr 16 '09 at 16:10

7

HL7 is what you need.

Some links:

http://aurora.regenstrief.org/security/

http://www.hl7.org.au/docs/HL7-Sec.htm

answered Apr 16 '09 at 16:10

Srikar Doddi

15,499
15
65
106

score 0 · Answer 3 · answered Jul 29 '11 at 04:19

For your medical applications, are they specific to images? If so, you might refer to the DICOM 3.0 standard.

Here are some chapters for references (what kind of encryption algorithms to be used, which part should be de-identified etc..)

score 0 · Answer 4 · answered Apr 19 '09 at 00:41

0

In addition, consider supporting the OWASP top ten.

answered Apr 19 '09 at 00:41

McGovernTheory

6,556
4
41
75

Security Requirements for Medical Applications

4 Answers4