The Office of the Data Protection Officer is providing Healthcare organizations with a new document to verify and guarantee that health applications that deal with personal data meet the minimum and desirable requirements in terms of information security.
In accordance with the provisions of Royal Decree 3/2010, of 8 January, which regulates the National Security Framework (ENS) in the field of Electronic Administration, the preventive measures indicated in the guide CCN-STIC 857 Security Requirements for eHealth Applications.
It also proposes measures in accordance with the criteria of the Open Web Application Security Project(OWASP), with the aim of ensuring both service availability and the integrity, authenticity, confidentiality and traceability of information.
Finally, it also includes a series of recommendations to mobile application developers on Data Protection and Privacy matters, extracted from the ENISA report called proPrivacy and dataprotection in mobile applications.
The requirements as a whole are structured around 10 security objectives to be met by the manufacturers of the technological product:
The result of the evaluation in accordance with the proposed objectives is collected automatically in an executive summary generated by the tool itself, available in the Resources and documentation section of the Office of the DPO website.
For more information and inquiries contact dpd@ticsalutsocial.cat
Subscriu-te i rep cada mes novetats i notícies al teu email