医疗情报システムの安全管理に关するガイドライン - hl7org.doc

Guidelines for the Security Management of the Medical Information SystemSecond Version (This is temporary translation virsion.) (Please refer to a Japanese version.) March 2007 Ministry of Health, Labour and Welfare Amendment history Version no. Date Description First version March 2005 Guidelines prepared based on Notice on storage of medical care history and medical care records on electronic media of which storage duty is stipulated in regulations issued March 1999 and the notice Location of storing medical care history and other records issued March 2002 have been consolidated. Prepared anew as guidelines including the guidelines concerning storage of medical care history and medical care records on electronic media of which storage duty is stipulated in regulations (including external storage on media such as paper) and the guidelines for operating/managing an information system for protection of personal information in medical/nursegiving institutions. Second version March 2007 Establishment of a safe network base was determined as a target in the IT Net Reform Strategy (January 2006) published from the Advanced Information Communications Technology Strategy Headquarters (IT Strategy Headquarters) in January 2006 and, in the Basic concept related to information security measures on key infrastructure determined by the information security policy meeting in September 2005, medical care was defined as a key infrastructure that would have serious effects on the national life if a serious fault in the IT base triggered service degradation or shutdown and it was requested to systemize and clarify the measures taken against damage to the IT base and cyber attacks in the field of medical care. Based on these situations, (1) Concerning definition of security requirements concerning a network suited for use by medical institutions, requirements for a network suitable for interconnecting institutions related to medical care from various viewpoints includ