Security Requirements for Medical Applications [closed]

Question

I'm doing research on coding requirements for medical applications but I can't find anything useful/structured. Basically I'm looking for structured (if possible XML file) document with the list of security requirement. For example what kind of encryption they should use, what features of the app should be disabled by the default, what log info should be stored and how to store it, etc.

Of course requirements can be different for different apps and companies, i just need some general information and if possible for the US.

Answer 1

For the US, you can check out the HIPAA guide for web programmers.

Answer 2

HL7 is what you need.

Some links:

http://aurora.regenstrief.org/security/

http://www.hl7.org.au/docs/HL7-Sec.htm

Answer 3

In addition, consider supporting the OWASP top ten.

Answer 4

For your medical applications, are they specific to images? If so, you might refer to the DICOM 3.0 standard.

Here are some chapters for references (what kind of encryption algorithms to be used, which part should be de-identified etc..)

• Part 15 Security Profiles ftp://medical.nema.org/medical/dicom/2009/09_15pu.pdf
• Supp 51 Media Security ftp://medical.nema.org/medical/dicom/final/sup51_ft.pdf
• Supp 86 Digital Signatures for Structured Reports