This European Prestandard is designed to improve the authentication of individual users of health care IT system, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities. This European Prestandard applies to all information systems (hereafter called systems) within the health care
environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this European Prestandard include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information. This European Prestandard does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.
99.60 Withdrawal effective
Aug 18, 2004