Connected Health Principles

Similar documents
Accreditation & Certification Supplier Guide

Connected Health Network to Network Interface Specifications HISO

Chapter 35 ehealth Saskatchewan Sharing Patient Data 1.0 MAIN POINTS

Data Use and Reciprocal Support Agreement (DURSA) Overview

DMR Interoperability Process DMR Association

Educational Use Only S A M P L E S A M P L E

ESC Web Site Hyperlinking Policy. ESC Web Department Membership Services

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Health Information Exchange Clinical Data Repository Utility Services Architecture Building Block HISO

New Zealand Telecommunications Forum. Code for Vulnerable End Users of Telecommunication Services. ( Vulnerable End User Code )

Measures for implementing quality labelling and certification

Superannuation Transaction Network

European Code of Conduct on Data Centre Energy Efficiency

TELECOMMUNICATIONS AND DATA CABLING BUSINESSES

Code of Conduct on Data Centres Energy Efficiency. Registration Form for Endorsers

E-Signature Law of Iraq no. ( 78) of 2012

Direct, DirectTrust, and FHIR: A Value Proposition

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

ETNA Inter Domain Transport Hayim Porat Ethos Networks 05/09

Guidelines. Technical and Financial Support. State Wide Area Network (SWAN)

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

MEDICITY NETWORK ONC CERTIFICATION COST AND LIMITATIONS

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

ENISA s Position on the NIS Directive

9 March Assessment Policy for Qualifications and Part Qualifications on the Occupational Qualifications Sub-Framework (OQSF)

The HITECH Act. 5 things you can do Right Now to pave the road to compliance. 1. Secure PHI in motion.

.HEALTH REGISTRATION POLICY

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

Telecommunications Authority of Trinidad and Tobago

Introduction to AWS GoldBase

Introduction to GlobalPlatform Compliance Secretariat

Accreditation Process. Trusted Digital Identity Framework February 2018, version 1.0

DIGITALSIGN - CERTIFICADORA DIGITAL, SA.

PRIOR LEARNING ASSESSMENT AND RECOGNITION (PLAR)

Rules for LNE Certification of Management Systems

Phase II CAQH CORE 202 Certification Policy version March 2011 CAQH 2011

UNCONTROLLED IF PRINTED

Frequently Asked Questions

Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant

SCI QUAL INTERNATIONAL PTY LTD ENQUIRY & APPLICATION/RENEWAL FORM FOR CERTIFICATION

Technical Trust Policy

GLOBAL MANAGEMENT CERTIFICATION SERVICES PRIVATE LIMITED PROCEDURE

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

19 March Assessment Policy for Qualifications and Part Qualifications on the Occupational Qualifications Sub-Framework (OQSF)

Eligibility for Associate Membership

Accelerating Cloud Adoption

Air Transport & Travel Industry. Principles, Functional and Business Requirements PNRGOV

ACCAB. Accreditation Commission For Conformity Assessment Bodies

Before the FEDERAL COMMUNICATIONS COMMISSION Washington, D.C

Higher Education PKI Initiatives

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Network Security Policy

Cloud First Policy General Directorate of Governance and Operations Version April 2017

China Code of Ethics Certification 2018 CHECKLIST

NEBOSH Part A accreditation criteria

IBM Security Intelligence on Cloud

CHAPTER 13 ELECTRONIC COMMERCE

This is a free 10 page sample. Access the full version online.

BOTSWANA COMMUNICATIONS REGULATORY AUTHORITY

BT CNSP - new solutions for health and social care

State of Conformity Assessment for Equipment Requiring Type Approval in Ethiopia

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

The Solution Requirements and considerations

International Fire Service Accreditation Congress Delegation of Certification Authority

APNIC input to the Vietnam Ministry of Information and Communications ICT Journal on IPv6

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Privacy policy. Privacy Policy

Participation Agreement for the ehealth Exchange

Statement of HIPAA Readiness February 2003

Code of Ethics Certification 2018 CHECKLIST

Access Control Policy

GUIDELINES FOR RWANDA INTERNET EXCHANGE POINT (RINEX) MANAGEMENT

SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits

RELIABILITY COMPLIANCE ENFORCEMENT IN ONTARIO

GUIDELINE. of the European Committee for Welding of Railway Vehicles (ECWRV) ( ) PART 1

Revised November EFESC Handbook

ConCert FAQ s Last revised December 2017

OIX DDP. Open-IX Document Development Process draft July 2017

Privacy Policy on the Responsibilities of Third Party Service Providers

Step-by-step guide. How to become an FSC certified smallholder

NZQA registered unit standard 8086 version 7 Page 1 of 5. Demonstrate knowledge required for quality auditing

Policy for Accrediting Assessment Bodies Operating within the Cradle to Cradle Certified Product Certification Scheme. Version 1.2

SUBJECT: PRESTO operating agreement renewal update. Committee of the Whole. Transit Department. Recommendation: Purpose: Page 1 of Report TR-01-17

DECISION OF THE EUROPEAN CENTRAL BANK

Telecommunications Equipment Certification Scheme FEBRUARY 2017

Wye Valley NHS Trust. Data protection audit report. Executive summary June 2017

Information Technology (CCHIT): Report on Activities and Progress

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

IEEE Electronic Mail Policy

NOTICE OF PRIVACY PRACTICES

CERTIFICATE POLICY CIGNA PKI Certificates

Business Architecture in Healthcare

ConnectingGTA Combined Back-End and Front-End Solution Privacy Impact Assessment (Executive Summary & Conclusion)

FSC STANDARD. Standard for Multi-site Certification of Chain of Custody Operations. FSC-STD (Version 1-0) EN

RelayHealth Legal Notices

VOCUS SIP SERVICE SCHEDULE

HSCN Quality of Service (QoS) Policy

Document Cloud (including Adobe Sign) Additional Terms of Use. Last updated June 5, Replaces all prior versions.

SERVICE DEFINITION G-CLOUD 7 THALES PSN REMOTE ACCESS. Classification: Open

Requirements for Certification Bodies operating Certification against the PEFC International Chain of Custody Standard

Transcription:

Version 2.1

Table of Contents 1 INTRODUCTION... 1 2 TERMINOLOGY... 1 3 CONNECTED HEALTH PRINCIPLES... 4 3.1 CONNECTED HEALTH FOUNDATION PRINCIPLES...5 3.2 CONNECTED HEALTH ARCHITECTURAL PRINCIPLES... 6 3.3 CONNECTED HEALTH IMPLEMENTATION PRINCIPLES... 8 4 REFERENCE DOCUMENTS...9 4.1 CONNECTED HEALTH ARCHITECTURAL FRAMEWORK... 9 4.2 TELECOMMUNICATIONS ACT 2001... 9 4.3 HEALTH NETWORK CODE OF PRACTICE... 9 iii

1 Introduction Connected Health is establishing an environment for the safe sharing of health information by delivering standards, frameworks and core network components to create a foundation for an interconnected health network where applications will be able to interoperate. This document describes a set of principles to which suppliers of Connected Health certified products and services need to adhere. These principles have been developed in consultation with the industry. The purpose of these principles is to ensure that services and products are installed and operated in a manner that supports the Connected Health objective of safe sharing of health information. Suppliers must agree and adhere to these principles to be eligible to obtain Connected Health certification for services or products. The principles cover requirements suppliers need to meet when providing services or products that support the secure delivery or sharing of electronic health information. These include: Agreeing to follow the accreditation and certification processes, and submitting Health ICT products and services for certification Providing appropriate levels of security and interoperability Complying with the Connected Health architectural principles as outlined in the Connected Health Architectural Framework (refer section 4.1 for reference). Suppliers who are confirmed as meeting these principles can become Accredited Suppliers. They will be accredited to market and operate certified Connected Health products and services once their agreement to abide by the Connected Health Principles is confirmed. 2 Terminology The following terminology outlines key definitions that relate to certification. Accreditation Agreement Accredited Supplier Certification Authorities Connected Health / Connected Health Team Connected Health Product Document that confirms the supplier has agreed to the connected Health Principles and Operational Policy. Created during Accreditation. Suppliers who have been approved to be Connected Health suppliers of product and services to the NZ health sector via the Accreditation process. Agencies who conduct the certification of products against the Connected Health standards, and who may be external or internal to the Ministry. The Ministry of Health programme or business entity that implements and supports improved network inter-connectivity for the health sector, facilitating the delivery of improved network resources to health providers. A product or service that has been certified as meeting the Connected Health standards of suitability and general, technical, and procedural compliance. V 2.1 Page 1

Connected Health Tiers Industry Internet Protocol (IP) Network-to-Network Interface (NNI) Points of Interconnection (POI) Point-to-Point Tunnelling Protocol (PPTP) Post Office Protocol (POP) Product and Service Certification Sector Telecommunications Service Provider (TSP) Transit TSP The Connected Health architecture is divided into three technology tiers: Tier 1: Connectivity the telecommunications infrastructure for network access and inter network links. Tier 2: Services the telecommunications infrastructure for network access and inter-network links. Products and services in this tier include private IP telecommunications, connectivity and public broadband access. Tier 3: Applications provide health care information management, e.g. patient management systems, radiology systems, pharmacy information and claims, GP referrals, hospital discharges, etc. All suppliers who provide connectivity products, services, or applications to the health sector. A widely adopted and standardised computer communications protocol used to enable computers to be networked and to communicate by transferring information between them. An interconnection point between IP carrier networks. NNI1 is an interconnection between private networks and NNI2 is an interconnection between private and public networks. A peering point for national Telecommunications Service Provider private health networks. A protocol used to implement virtual private networks. An application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection. The process of confirming a Connected Health product or service meets predetermined specifications for compliance. The Ministry of Health issues a Product or Service Certificate if the product meets the specifications, and the supplier is an Accredited Supplier. The New Zealand health and disability sector wide grouping of organisations involved in the delivery and management of healthcare within NZ. A provider of telecommunications services (Telephone, Network, Internet services etc.) to the New Zealand public, private, commercial and government sectors, and which has a network licence as defined under the Telecommunications Act 2001. A TSP that carries network data between POIs. V 2.1 Page 2

User-to-Network Interface (UNI) The connectivity product/service that connects a subscriber to the Connected Health network. This is the physical and logical IP connectivity to the network from one of the end points, such as a single PC or large private network. V 2.1 Page 3

3 Connected Health Principles There are three groups of Connected Health principles, as follows: 1. Foundation Principles, which form the understanding with suppliers about the operation of accreditation and certification. See Connected Health Foundation Principles on page 5. 2. Architecture Principles, which govern the structure and design of the products and services provided by Connected Health. See Connected Health Architectural Principles on page 6. 3. Implementation Principles, which must be followed to implement an interconnected Connected Health network of networks based on the Connected Health Architectural Framework. See Connected Health Implementation Principles on page 8. In addition, Connected Health products and services must adhere to the Health Network Code of Practice (refer section 4.3 for reference) which ensures that suppliers and suppliers products and services adhere to the accepted standard for communicating Health Sector information. V 2.1 Page 4

3.1 Connected Health Foundation Principles The Connected Health foundation principles are: 1. Suppliers agree to adhere to the Connected Health Principles before they can offer certified Connected Health products or services By signing the Connected Health Accreditation Agreement, suppliers agree to abide by the Connected Health Principles as specified in this document. Once suppliers have signed the Accreditation Agreement they will be accredited and be able to submit products and services to the Connected Health Team or Certification Agencies for certification. 2. Suppliers will follow the Supplier Accreditation and Product and Services Certification processes Suppliers agree to follow the supplier accreditation process to become accredited and the product and service certification processes to certify products where applicable Connected Health standards exist. 3. The Connected Health Team will undertake audits of Accredited Suppliers adherence to the principles Accredited Suppliers agree to undergo audits conducted by the Connected Health Team or external auditors engaged on their behalf, to ensure that they are complying with the accreditation criteria. The supplier and the Ministry will each cover their own costs for any audit. The Ministry will cover the cost of any external audit agency. 4. Certifiable products and services will only be offered to the sector once certified Suppliers agree not to advertise, market or contract certifiable connectivity products until these products have been certified. Suppliers agree not to advertise, market or contract products or services to the sector that directly conflict with the goals and objectives of Connected Health. 5. Promotion of Connected Health certification rather than accreditation Accreditation is between the Connected Health Team and the supplier. Suppliers will not promote the fact that they are accredited, but are encouraged to promote Connected Health certification of their products or services. 6. Public Comment on Connected Health Suppliers will not make public announcements that conflict with the Connected Health Principles. If difficulties are encountered with any aspect of the Connected Health accreditation framework, then such difficulties should be raised directly with the Connected Health Team. V 2.1 Page 5

3.2 Connected Health Architectural Principles The Connected Health architectural principles are: 1. Disaggregation Services or products provided across one or more of tier 1, 2 and tier 3 must NOT be delivered in such a way that they provide exclusive services only to those sector organisations that buy bundled or integrated services across any two tiers. All Tier 1 products must have access to all Tier 2 and Tier 3 products/services no matter which supplier supplies the services in any tier. 2. Openness Any system, product, service, or network, that shares, receives, or transmits health information, is designed on the premise that all applications and services provided on that network are equally available to all participating suppliers and sector organisations. No technology, infrastructure, application, or connectivity capability may be offered that specifically excludes certified products or services, from Accredited Suppliers or sector organisations. 3. Commercial Bundling Suppliers may market products as bundled offerings, provided there is no conflict with the Disaggregation and Openness principles above. Suppliers will not use market dominance of products or services in one tier or application to leverage custom for products and services in other tiers or in other application specialties. Any bundled products or services must also be available as individual offerings. 4. Integrated Services Access Sector organisations must be able to access certified services and other non-certified health related network services on a single network service point, should they require it. Examples of non-certified health related network services are: high speed internet, IP voice and point-topoint encrypted links to third party entities. 5. Standardisation All Connected Health certified products and services will be based on international and/or New Zealand industry standards, as determined by the Ministry of Health. 6. Security All patient data transported at any point on networks must comply with the Health Network Code of Practice (HNCOP) and the Health Information Security Framework 10029 (HISF) (or their eventual replacement) for encryption, and source and destination confirmation. 7. Authentication and Authorisation All applications and services that provide any level of access to health information must ensure users and systems are properly authenticated in accordance with the HNCOP and the HISF (or their eventual replacement). Authorisation for access to clinical applications must be provided by the owner of the application. 8. Performance Network end points need to subscribe to bandwidth and access technologies that reflect the level of service required to either provide or consume services within the sector. 9. Defined Interface points All connections to telecommunication networks need to use defined interfaces (e.g. UNI, NNI) that determine the minimum interface requirements and the interconnection characteristics associated with that particular level of interface. V 2.1 Page 6

10. Availability End-points must ensure that the reliability, availability and serviceability characteristics of their access to health organisations and applications reflect the nature of the services they use or supply to the sector. 11. Standards based IP Infrastructure Suppliers must use only best practice implementation of HISO endorsed standards to ensure an enduring core IP infrastructure. 12. Differentiated Services Health organisations must be able to subscribe only to those services they require and that can be delivered on the telecommunications infrastructure available to them. Organisations must not be forced to subscribe to a high-quality UNI if the services they require do not warrant such connections. 13. Management Individual services will be managed by accredited service providers. A service management capability must be delivered by these providers, so that levels of service offered are managed to agreed performance targets, security and privacy. 14. Extensibility The products and services must be designed so that there are no artificial restrictions to expanding available suppliers, services, technologies, and connected sector organisations. For more details, refer to the Connected Health Architectural Framework. V 2.1 Page 7

3.3 Connected Health Implementation Principles To implement an interconnected Connected Health network of networks based on the Connected Health Architectural Framework, a number of key principles must be followed. These are: 1. Telecommunications Service Providers (TSPs) are to be registered To be accredited to provide products or services using telecommunications networks the provider of that product or service must be a registered network service provider as defined under the Telecommunications Act 2001 (refer section 4.2 for reference) i.e. a TSP. 2. Only Accredited TSPs are to be used to connect to the Connected Health environment Organisations of any sort, including application service providers providing services involving transmission or sharing of health information to, or between, health sector organisations, must connect to the Connected Health environment via an accredited TSP. 3. TSPs must support a minimum of one UNI and one NNI An accredited TSP must support at least one certified UNI and either an NNI 1 or an NNI 2 as appropriate to the UNI types supported. 4. TSPs must be able to route to Connected Health Points of Interconnection (POI) Any TSP supporting UNI 4 or UNI 5 (as described in the Connected Heath Architectural Framework) must support an NNI1 and either connect to all defined Connected Health POIs, or use the NNI1 to connect to an accredited Transit TSP, which by definition connects to all defined Connected Health POIs. A Connected Health Transit TSP supports NNI1 interfaces and connects to any accredited TSP and all defined Connected POIs. Any accredited Connected Health TSP can offer transit services on a commercial basis. V 2.1 Page 8

4 Reference documents 4.1 Connected Health Architectural Framework http://www.healthit.org.nz/download/files/ch_architectural_framework_v1.0_published.pdf 4.2 Telecommunications Act 2001 Telecommunications Act 2001 No 103 (as at 07 July 2010), Public Act http://www.legislation.govt.nz/act/public/2001/0103/latest/dlm124961.html?search=ts_act_tel ecommunications_resel&p=1&sr=1 4.3 Health Network Code of Practice Published by Standards New Zealand (Reference Number: SNZ HB 8169:2002) Note: the above URLs were verified as correct on 11-May-2010 V 2.1 Page 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback