ISO/TS 14441:2013 examines electronic patient record systems at the clinical point of care that are also interoperable with EHRs. This standard addresses their security and privacy protections by providing a set of security and privacy requirements, along with guidelines and best practice for conformity assessment.
Due to development of local, regional and national EHR infostructures, electronic patient record systems are being implemented at the many points of care where patients are seen [point-of-service (POS) clinical systems].
The security and privacy of these systems becomes much more critical and complex as countries begin to connect these POS clinical systems to EHR infostructures (or directly exchange clinical information with other POS clinical systems through system-to-system communications); than when the systems operated in a disconnected or 'stand-alone' state.
To ensure the required standards are implemented correctly into these systems, so that they will securely interact with EHR infostructures and maintain the privacy of patient information, certification and conformance testing programs are being implemented by many countries to provide objective evidence of conformity with these requirements.
The POS clinical systems profiled receive, store, process, display and communicate clinical data and administrative actions, as well as information related to system users (demographics, personal). It is important to ensure that the systems are always accessed by authorized and authenticated users.
Various users of EHR systems in a healthcare setup are:
This Technical Specification identifies the security and privacy requirements, harvested from the above mentioned standards and international experiences, which should be in place for conformance testing for interoperable POS clinical (electronic patient record) systems interfacing with EHRs.
This Technical Specification includes:
Information to Get Electronic Health Record (EHR) Standards for India is available at the Get Standard