標準編號:	GB/T 39725-2020
中文名稱:	信息安全技術 健康醫(yī)療數(shù)據(jù)安全指南
英文名稱:	Information security technology—Guide for health data security
中標分類:	L80    數(shù)據(jù)加密
行業(yè)分類:	GB    國家標準
ICS分類:	35.040 35.040    字符集和信息編碼 35.040
發(fā)布機構:	國家市場監(jiān)督管理總局 國家標準化管理委員會
發(fā)布日期:	2020-12-14
實施日期:	2021-7-1
標準狀態(tài):	valid
翻譯語言:	英文
文件格式:	PDF
中文字符數(shù):	62000 字
翻譯價格(元):	4340.0
交付時間:	付款后 1 個工作日

1 Scope This standard specifies the security measures that health data controllers can take to protect the health data. This standard is applicable to guiding health data controllers in the security protection of health data, and can also be referred to by health care- and cybersecurity-related competent departments and third-party assessment agencies and other organizations when carrying out security supervision, management and assessment of health data. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. GB/T 22080-2016 Information technology - Security techniques - Information security management systems - Requirements GB/T 22081-2016 Information technology - Security techniques - Code of practice for information security controls GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity GB/T 25069 Information security technology - Terminology GB/T 31168 Information security technology - Security capability requirements of cloud computing services GB/T 35273 Information security technology - Personal information security specification GB/T 35274-2017 Information security technology - Security capability requirements for big data services GB/T 37964-2019 Information security technology - Guide for de-identifying personal information ISO 80001 Application of risk management for IT-networks incorporating medical devices 3 Terms and definitions For the purposes of this document, the terms and definitions given in GB/T 25069 and the following apply. 3.1 personal health data electronic data that, alone or in combination with other information, can identify a specific natural person or reflect the physical or mental health status of a specific natural person Note: Personal health data relate to an individual's past, present or future physical or mental health status, health care services received and health care service fees paid for, etc., see Annex A. 3.2 health data personal health data and health related electronic data obtained from processing of personal health data Example: Overall analysis results, trend prediction, disease prevention and control statistics of a group obtained from processing of group health data. 3.3 health service professional persons authorized by the government or industry organization to be qualified to perform specific health care duties Example: Doctor. 3.4 health service service provided by a health service professional or paraprofessional that has an impact on health status 3.5 health data controller organizations or individuals who can determine the purpose, manner, scope, etc. of health data processing Example: Organizations, medical insurance institutions, government agencies, healthcare scientific research institutions, individual clinics, etc. that provide health services. 3.6 health information system system that collects, stores, processes, transmits, accesses, and destroys health data in a computer-processable form ? 3.7 limited data set personal health data set that has been partially de-identified but still identifies the corresponding individual and therefore needs to be protected Example: Health data from which identifications directly related to individuals and their families, family members, and employers are removed. Note: Limited data set may be used for the purposes of scientific research, medical/health education and public health without the authorization of the individual concerned. 3.8 notes of treatment observations, reflections, program discussions and conclusions recorded by health service professionals in the course of providing health services Note: Notes of treatment have the attribute of intellectual property rights and their intellectual property rights belong to health service professionals and/or their units. 3.9 disclosure act of transferring and sharing health data to specific individuals or organizations, as well as publicly releasing health data to unspecified individuals, organizations or society 3.10 clinical research scientific research activities aimed at exploring the causes, prevention, diagnosis, treatment, and prognosis of diseases, initiated by medical institutions, academic research institutions, and/or healthcare-related enterprises, with patients or healthy individuals as research subjects Note: Clinical research is a branch of medical research. 3.11 completely public sharing release of data, usually release of data directly to the public via the Internet, with data being difficult to recall once after being released [GB/T 37964-2019, Definition 3.12] 3.12 controlled public sharing constraining the use of data through data use agreement [GB/T 37964-2019, Definition 3.13] 3.13 enclave public sharing sharing of data within a physical or virtual enclave, out of which data cannot flow [GB/T 37964-2019, Definition 3.14] 4 Abbreviations For the purposes of this document, the following abbreviations apply. ACL: Access Control Lists API: Application Programming Interface APP: Application DNA: DeoxyriboNucleic Acid EDC: Electronic Data Capture GCP: Good Clinical Practice HIS: Hospital Information Systems HIV: Human Immunodeficiency Virus HL7: Healthcare Level 7 ID: Identity IP: Internet Protocol IPSEC: Internet Protocol Security LDS: Limited Data Set Files PIN: Personal Identity Number PUF: Public Use Files RIF: Research Identifiable Files RNA: RiboNucleic Acid SQL: Structured Query Language TLS: Transport Layer Security USB: Universal Serial Bus VPN: Virtual Private Network XSS: cross-site scripting

Foreword III Introduction IV 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviations 5 Security objectives 6 Classification system 6.1 Data categories 6.2 Data classification 6.3 Classification of related roles 6.4 Flow and usage scenarios 6.5 Data opening forms 7 Principles for use and disclosure 8 Key points of security measures 8.1 Key points of classification security measures 8.2 Key points of scenario-specific security measures 8.3 Key points of data opening-specific security measures 9 Security management guide 9.1 General 9.2 Organization 9.3 Process 9.4 Emergency disposal 10 Security technology guide 10.1 General security technology 10.2 De-identification 11 Data security in typical scenarios 11.1 Data security in doctors' access 11.2 Data security in patient query 11.3 Clinical research data security 11.4 Data security in secondary use 11.5 Health sensing data security 11.6 Mobile application data security 11.7 Commercial insurance matching security 11.8 Data security for medical devices Annex A (Informative) Personal health data scope Annex B (Informative) Standards related to health information Annex C (Informative) Example of a data use management method Annex D (Informative) Examples of data application approval Annex E (Informative) Templates of data processing and use agreements Annex F (Informative) Health data security checklist Annex G (Informative) Examples of health data element de-identification Bibliography

前言 本標準按照GB/T 1.1-2009給出的規(guī)則起草。 本標準由全國信息安全標準化技術委員會(SAC/TC 260)提出并歸口。 引言 健康醫(yī)療數(shù)據(jù)包括個人健康醫(yī)療數(shù)據(jù)以及由個人健康醫(yī)療數(shù)據(jù)加工處理之后得到的健康醫(yī)療相關數(shù)據(jù)。隨著健康醫(yī)療數(shù)據(jù)應用、“互聯(lián)網(wǎng)+醫(yī)療健康”和智慧醫(yī)療的蓬勃發(fā)展,各種新業(yè)務、新應用不斷出現(xiàn)，健康醫(yī)療數(shù)據(jù)在全生命周期各階段均面臨著越來越多的安全挑戰(zhàn),安全問題頻發(fā)。由于健康醫(yī)療數(shù)據(jù)安全事關患者生命安全.個人信息安全、社會公共利益和國家安全,為了更好地保護健康醫(yī)療數(shù)據(jù)安全,規(guī)范和推動健康醫(yī)療數(shù)據(jù)的融合共享、開放應用,促進健康醫(yī)療事業(yè)發(fā)展,特制定健康醫(yī)療數(shù)據(jù)安全指南。 信息安全技術 健康醫(yī)療數(shù)據(jù)安全指南 1 范圍 本標準給出了健康醫(yī)療數(shù)據(jù)控制者在保護健康醫(yī)療數(shù)據(jù)時可采取的安全措施。 本標準適用于指導健康醫(yī)療數(shù)據(jù)控制者對健康醫(yī)療數(shù)據(jù)進行安全保護.也可供健康醫(yī)療、網(wǎng)絡安全相關主管部門以及第三方評估機構等組織開展健康醫(yī)療數(shù)據(jù)的安全監(jiān)督管理與評估等工作時參考。 2 規(guī)范性引用文件 下列文件對于本文件的應用是必不可少的。凡是注日期的引用文件,僅注日期的版本適用于本文件。凡是不標注日期的引用文件,其最新版本(包括所有的修改單)適用于本文件。 GB/T 22080-2016 信息技術 安全技術 信息安全管理體系 要求 GB/T 22081-2016 信息技術 安全技術 信 息安全控制實踐指南 GB/T 22239-2019 信息安全技術 網(wǎng)絡安全 等級保護基本要求 GB/T 25069 信息安全技術 術語 GB/T 31168 信息安全技術 云計算服 務安全能力要求 GB/T 35273 信息安全技術 個人 信息安全規(guī)范 GB/T 35274-2017 信息安全技術 大數(shù)據(jù)服 務安全能力要求 GB/T 37964-2019 信息安全技術 個人 信息去標識化指南 ISO 80001 Application of risk management for IT-networks incorporating medical devices 3 術語和定義 GB/T 25069界定的以及下列術語和定義適用于本文件。 3.1 個人健康醫(yī)療數(shù)據(jù) personal health data 單獨或者與其他信息結合后能夠識別特定自然人或者反映特定自然人生理或心理健康的相關電子數(shù)據(jù)。 注:個人健康醫(yī)療數(shù)據(jù)涉及個人過去,現(xiàn)在或將來的身體或精神健康狀況,接受的醫(yī)療保健服務和支付的醫(yī)療保健服務費用等,參見附錄A. 3.2 健康醫(yī)療數(shù)據(jù)health data 個人健康醫(yī)療數(shù)據(jù)以及由個人健康醫(yī)療數(shù)據(jù)加工處理之后得到的健康醫(yī)療相關電子數(shù)據(jù)。 示例:經(jīng)過對群體健康醫(yī)療數(shù)據(jù)處理后得到的群體總體分析結果、趨勢預測、疾病防治統(tǒng)計數(shù)據(jù)等。 3.3 健康醫(yī)療專業(yè)人員 health service professional 經(jīng)政府或行業(yè)組織授權有資格履行特定健康醫(yī)療工作職責的人員。 示例:醫(yī)生。 3.4 健康醫(yī)療服務health service 由健康醫(yī)療專業(yè)人員或專業(yè)輔助人員提供的對健康狀況有影響的服務。 3.5 健康醫(yī)療數(shù)據(jù)控制者health data controller 能夠決定健康醫(yī)療數(shù)據(jù)處理目的、方式及范圍等的組織或個人。 示例:提供健康醫(yī)療服務的組織.醫(yī)保機構.政府機構.健康醫(yī)療科學研究機構.個體診所等. 3.6 健康醫(yī)療信息系統(tǒng)health information system 以計算機可處理的形式采集、存儲、處理.傳輸、訪問、銷毀健康醫(yī)療數(shù)據(jù)的系統(tǒng)。 3.7 受限制數(shù)據(jù)集limited data set 經(jīng)過部分去標識化處理，但仍可識別相應個人并因此需要保護的個人健康醫(yī)療數(shù)據(jù)集。 示例:從健康醫(yī)療數(shù)據(jù)中刪除與個人及其家屬、家庭成員和雇主直接相關的標識。 注:受限制數(shù)據(jù)集可在未經(jīng)個人授權的情形下用于科學研究、醫(yī)學/健康教育、公共衛(wèi)生目的。 3.8 治療筆記notes of treatment 健康醫(yī)療專業(yè)人員在提供健康醫(yī)療服務過程中記錄的觀察、思考、方案探討結論等內(nèi)容。 注:治療筆記具有知識產(chǎn)權屬性,其知識產(chǎn)權歸健康醫(yī)療專業(yè)人員和/或其單位所有. 3.9 披露 disclosure 將健康醫(yī)療數(shù)據(jù)向特定個人或組織進行轉讓、共享,以及向不特定個人、組織或社會公開發(fā)布的行為。 3.10 臨床研究clinical research 以患者或健康人為研究對象,由醫(yī)療機構、學術研究機構和/或醫(yī)療健康相關企業(yè)發(fā)起的,以探索疾病原因、預防、診斷、治療和預后為目的的科學研究活動。 注:臨床研究屬于醫(yī)學研究的-個分支。 3.11 完全公開共享completely public sharing 數(shù)據(jù)一旦發(fā)布,很難召回,-般通過互聯(lián)網(wǎng)直接公開發(fā)布。 [GB/T 37964-2019,定義3.12] 3.12 受控公開共享 controlled public sharing 通過數(shù)據(jù)使用協(xié)議對數(shù)據(jù)的使用進行約束。 [GB/T 37964- 2019,定義3.13] 3.13 領地公開共享 enclave public sharing 在物理或者虛擬的領地范圍內(nèi)共享,數(shù)據(jù)不能流出到領地范圍外。 [GB/T 37964-2019,定義3.14] 4縮略語 下列縮略語適用于本文件。 ACL:訪問控制列表(Access Control Lists) API:應用程序接口(Application Programming Interface) APP:應用(Application) DNA:脫氧核糖核酸(DeoxyriboNucleic Acid) EDC:電子數(shù)據(jù)采集( Electronie Data Capture) GCP:臨床試驗規(guī)范標準(Good Clinical Practice) HIS:醫(yī)院信息系統(tǒng)( Hospital Information Systems) HIV :艾滋病病毒( Human Immunodeficiency Virus) HL7:醫(yī)療第七層( Healtheare Level 7) ID:身份標識( ldentity) IP:互聯(lián)網(wǎng)協(xié)議(Internet Protocol ) IPSEC:網(wǎng)際協(xié)議安全( Internet Protocol Security) LDS:受限制數(shù)據(jù)集( Limited Data Set Files) PIN:個人識別號碼(Personal Identity Number) PUF :公用數(shù)據(jù)集(Public Use Files) RIF:可標識數(shù)據(jù)集( Research Identifiable Files) RNA:核糖核酸(RiboNucleic Acid) SQL:結構化查詢語言(Structured Query Language) TLS:傳輸層安全(Transport Layer Security) USB:通用串行總線( Universal Serial Bus) VPN:虛擬專用網(wǎng)絡( Virtual Private Network) XSS:跨站點腳本(cross-site scripting)