ENV 12251:2000

Health informatics - Secure user identification for health care - Management and security of authentication by passwords

Scope

This European Prestandard is designed to improve the authentication of individual users of health care IT system, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities. This European Prestandard applies to all information systems (hereafter called systems) within the health care
environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this European Prestandard include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information. This European Prestandard does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.