1 Scope
This standard specifies the security measures that health data controllers can take to protect the health data.
This standard is applicable to guiding health data controllers in the security protection of health data, and can also be referred to by health care- and cybersecurity-related competent departments and third-party assessment agencies and other organizations when carrying out security supervision, management and assessment of health data.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 22080-2016 Information technology - Security techniques - Information security management systems - Requirements
GB/T 22081-2016 Information technology - Security techniques - Code of practice for information security controls
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 25069 Information security technology - Terminology
GB/T 31168 Information security technology - Security capability requirements of cloud computing services
GB/T 35273 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 37964-2019 Information security technology - Guide for de-identifying personal information
ISO 80001 Application of risk management for IT-networks incorporating medical devices
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and the following apply.
3.1
personal health data
electronic data that, alone or in combination with other information, can identify a specific natural person or reflect the physical or mental health status of a specific natural person
Note: Personal health data relate to an individual's past, present or future physical or mental health status, health care services received and health care service fees paid for, etc., see Annex A.
3.2
health data
personal health data and health related electronic data obtained from processing of personal health data
Example: Overall analysis results, trend prediction, disease prevention and control statistics of a group obtained from processing of group health data.
3.3
health service professional
persons authorized by the government or industry organization to be qualified to perform specific health care duties
Example: Doctor.
3.4
health service
service provided by a health service professional or paraprofessional that has an impact on health status
3.5
health data controller
organizations or individuals who can determine the purpose, manner, scope, etc. of health data processing
Example: Organizations, medical insurance institutions, government agencies, healthcare scientific research institutions, individual clinics, etc. that provide health services.
3.6
health information system
system that collects, stores, processes, transmits, accesses, and destroys health data in a computer-processable form
3.7
limited data set
personal health data set that has been partially de-identified but still identifies the corresponding individual and therefore needs to be protected
Example: Health data from which identifications directly related to individuals and their families, family members, and employers are removed.
Note: Limited data set may be used for the purposes of scientific research, medical/health education and public health without the authorization of the individual concerned.
3.8
notes of treatment
observations, reflections, program discussions and conclusions recorded by health service professionals in the course of providing health services
Note: Notes of treatment have the attribute of intellectual property rights and their intellectual property rights belong to health service professionals and/or their units.
3.9
disclosure
act of transferring and sharing health data to specific individuals or organizations, as well as publicly releasing health data to unspecified individuals, organizations or society
3.10
clinical research
scientific research activities aimed at exploring the causes, prevention, diagnosis, treatment, and prognosis of diseases, initiated by medical institutions, academic research institutions, and/or healthcare-related enterprises, with patients or healthy individuals as research subjects
Note: Clinical research is a branch of medical research.
3.11
completely public sharing
release of data, usually release of data directly to the public via the Internet, with data being difficult to recall once after being released
[GB/T 37964-2019, Definition 3.12]
3.12
controlled public sharing
constraining the use of data through data use agreement
[GB/T 37964-2019, Definition 3.13]
3.13
enclave public sharing
sharing of data within a physical or virtual enclave, out of which data cannot flow
[GB/T 37964-2019, Definition 3.14]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ACL: Access Control Lists
API: Application Programming Interface
APP: Application
DNA: DeoxyriboNucleic Acid
EDC: Electronic Data Capture
GCP: Good Clinical Practice
HIS: Hospital Information Systems
HIV: Human Immunodeficiency Virus
HL7: Healthcare Level 7
ID: Identity
IP: Internet Protocol
IPSEC: Internet Protocol Security
LDS: Limited Data Set Files
PIN: Personal Identity Number
PUF: Public Use Files
RIF: Research Identifiable Files
RNA: RiboNucleic Acid
SQL: Structured Query Language
TLS: Transport Layer Security
USB: Universal Serial Bus
VPN: Virtual Private Network
XSS: cross-site scripting
Foreword III
Introduction IV
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Security objectives
6 Classification system
6.1 Data categories
6.2 Data classification
6.3 Classification of related roles
6.4 Flow and usage scenarios
6.5 Data opening forms
7 Principles for use and disclosure
8 Key points of security measures
8.1 Key points of classification security measures
8.2 Key points of scenario-specific security measures
8.3 Key points of data opening-specific security measures
9 Security management guide
9.1 General
9.2 Organization
9.3 Process
9.4 Emergency disposal
10 Security technology guide
10.1 General security technology
10.2 De-identification
11 Data security in typical scenarios
11.1 Data security in doctors' access
11.2 Data security in patient query
11.3 Clinical research data security
11.4 Data security in secondary use
11.5 Health sensing data security
11.6 Mobile application data security
11.7 Commercial insurance matching security
11.8 Data security for medical devices
Annex A (Informative) Personal health data scope
Annex B (Informative) Standards related to health information
Annex C (Informative) Example of a data use management method
Annex D (Informative) Examples of data application approval
Annex E (Informative) Templates of data processing and use agreements
Annex F (Informative) Health data security checklist
Annex G (Informative) Examples of health data element de-identification
Bibliography
1 Scope
This standard specifies the security measures that health data controllers can take to protect the health data.
This standard is applicable to guiding health data controllers in the security protection of health data, and can also be referred to by health care- and cybersecurity-related competent departments and third-party assessment agencies and other organizations when carrying out security supervision, management and assessment of health data.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 22080-2016 Information technology - Security techniques - Information security management systems - Requirements
GB/T 22081-2016 Information technology - Security techniques - Code of practice for information security controls
GB/T 22239-2019 Information security technology - Baseline for classified protection of cybersecurity
GB/T 25069 Information security technology - Terminology
GB/T 31168 Information security technology - Security capability requirements of cloud computing services
GB/T 35273 Information security technology - Personal information security specification
GB/T 35274-2017 Information security technology - Security capability requirements for big data services
GB/T 37964-2019 Information security technology - Guide for de-identifying personal information
ISO 80001 Application of risk management for IT-networks incorporating medical devices
3 Terms and definitions
For the purposes of this document, the terms and definitions given in GB/T 25069 and the following apply.
3.1
personal health data
electronic data that, alone or in combination with other information, can identify a specific natural person or reflect the physical or mental health status of a specific natural person
Note: Personal health data relate to an individual's past, present or future physical or mental health status, health care services received and health care service fees paid for, etc., see Annex A.
3.2
health data
personal health data and health related electronic data obtained from processing of personal health data
Example: Overall analysis results, trend prediction, disease prevention and control statistics of a group obtained from processing of group health data.
3.3
health service professional
persons authorized by the government or industry organization to be qualified to perform specific health care duties
Example: Doctor.
3.4
health service
service provided by a health service professional or paraprofessional that has an impact on health status
3.5
health data controller
organizations or individuals who can determine the purpose, manner, scope, etc. of health data processing
Example: Organizations, medical insurance institutions, government agencies, healthcare scientific research institutions, individual clinics, etc. that provide health services.
3.6
health information system
system that collects, stores, processes, transmits, accesses, and destroys health data in a computer-processable form
3.7
limited data set
personal health data set that has been partially de-identified but still identifies the corresponding individual and therefore needs to be protected
Example: Health data from which identifications directly related to individuals and their families, family members, and employers are removed.
Note: Limited data set may be used for the purposes of scientific research, medical/health education and public health without the authorization of the individual concerned.
3.8
notes of treatment
observations, reflections, program discussions and conclusions recorded by health service professionals in the course of providing health services
Note: Notes of treatment have the attribute of intellectual property rights and their intellectual property rights belong to health service professionals and/or their units.
3.9
disclosure
act of transferring and sharing health data to specific individuals or organizations, as well as publicly releasing health data to unspecified individuals, organizations or society
3.10
clinical research
scientific research activities aimed at exploring the causes, prevention, diagnosis, treatment, and prognosis of diseases, initiated by medical institutions, academic research institutions, and/or healthcare-related enterprises, with patients or healthy individuals as research subjects
Note: Clinical research is a branch of medical research.
3.11
completely public sharing
release of data, usually release of data directly to the public via the Internet, with data being difficult to recall once after being released
[GB/T 37964-2019, Definition 3.12]
3.12
controlled public sharing
constraining the use of data through data use agreement
[GB/T 37964-2019, Definition 3.13]
3.13
enclave public sharing
sharing of data within a physical or virtual enclave, out of which data cannot flow
[GB/T 37964-2019, Definition 3.14]
4 Abbreviations
For the purposes of this document, the following abbreviations apply.
ACL: Access Control Lists
API: Application Programming Interface
APP: Application
DNA: DeoxyriboNucleic Acid
EDC: Electronic Data Capture
GCP: Good Clinical Practice
HIS: Hospital Information Systems
HIV: Human Immunodeficiency Virus
HL7: Healthcare Level 7
ID: Identity
IP: Internet Protocol
IPSEC: Internet Protocol Security
LDS: Limited Data Set Files
PIN: Personal Identity Number
PUF: Public Use Files
RIF: Research Identifiable Files
RNA: RiboNucleic Acid
SQL: Structured Query Language
TLS: Transport Layer Security
USB: Universal Serial Bus
VPN: Virtual Private Network
XSS: cross-site scripting
Contents of GB/T 39725-2020
Foreword III
Introduction IV
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 Security objectives
6 Classification system
6.1 Data categories
6.2 Data classification
6.3 Classification of related roles
6.4 Flow and usage scenarios
6.5 Data opening forms
7 Principles for use and disclosure
8 Key points of security measures
8.1 Key points of classification security measures
8.2 Key points of scenario-specific security measures
8.3 Key points of data opening-specific security measures
9 Security management guide
9.1 General
9.2 Organization
9.3 Process
9.4 Emergency disposal
10 Security technology guide
10.1 General security technology
10.2 De-identification
11 Data security in typical scenarios
11.1 Data security in doctors' access
11.2 Data security in patient query
11.3 Clinical research data security
11.4 Data security in secondary use
11.5 Health sensing data security
11.6 Mobile application data security
11.7 Commercial insurance matching security
11.8 Data security for medical devices
Annex A (Informative) Personal health data scope
Annex B (Informative) Standards related to health information
Annex C (Informative) Example of a data use management method
Annex D (Informative) Examples of data application approval
Annex E (Informative) Templates of data processing and use agreements
Annex F (Informative) Health data security checklist
Annex G (Informative) Examples of health data element de-identification
Bibliography
