Security Requirements for Medical Applications [closed]
-
09-09-2019 - |
Question
I'm doing research on coding requirements for medical applications but I can't find anything useful/structured. Basically I'm looking for structured (if possible XML file) document with the list of security requirement. For example what kind of encryption they should use, what features of the app should be disabled by the default, what log info should be stored and how to store it, etc.
Of course requirements can be different for different apps and companies, i just need some general information and if possible for the US.
Solution
For the US, you can check out the HIPAA guide for web programmers.
OTHER TIPS
In addition, consider supporting the OWASP top ten.
For your medical applications, are they specific to images? If so, you might refer to the DICOM 3.0 standard.
Here are some chapters for references (what kind of encryption algorithms to be used, which part should be de-identified etc..)