From The Secure Arc Wiki

Jump to: navigation, search

Information below in italics, is referenced from PubMed Website, as public domain information.

Medical informatics. Security categorisation and protection for healthcare information systems, is a standard originating from the EU, in 1997.

The standard provides a method for categorising Health Care Information Systems according to their security requirements. Taking into account the various aspects of Integrity, Confidentiality and Availability, six categories are distinguished. For each category a comprehensive set of protection measures is specified.


Within the working programme of CEN/TC251 (Health Informatics), a standard for Security Categorisation and Protection for Healthcare Information Systems has been developed. The document was formally adopted in 1997 by CEN as pre-standard CEN ENV 12924. A demonstration and implementation effort, which was to be effected in principle at one location, was planned and executed as part of the MEDSEC project. The standard CEN ENV 12924 contains a security categorisation model for information systems in Healthcare, distinguishing six categories, plus some refinements. For each category it specifies the required protection measures.


The CEN ENV/12924 Standard is not freely available, and must be purchased. It is available at the following British Standards Institute website.


Personal tools