Technical rule 2014-04
As local, regional and national EHR infostructures develop, electronic health record (HER) systems are being implemented at the many points of care where patients are seen - so called point-of-service (POS) clinical systems. In addition to institutional settings like hospitals, where the systems in various departments are typically integrated into a single health record, smaller single purpose systems such as electronic medical records (EMRs) are also being implemented in physician offices and other non-institutional settings where the sophistication of the systems and the local IT support infrastructure is much less. As countries begin to connect these POS clinical systems to EHR infostructures (or directly exchange clinical information with other POS clinical systems through system-to-system communications), the security and privacy aspects of these systems become much more critical and complex than when the systems operated in a disconnected or 'stand-alone' state. To ensure the required standards are implemented correctly into these systems, so that they will securely interact with EHR infostructures and maintain the privacy of patient information, many countries are implementing certification and conformance testing programs to provide objective evidence of conformity with these requirements. This Technical Specification specifies the security and data protection requirements, harvested from the aforementioned standards and international experiences, which should be in place for conformance testing for interoperable POS clinical systems (for electronic patient data recording) interfacing with EHRs. The body responsible for this Technical Specification is NA 063-07-04 AA "Sicherheit" ("Security") at DIN.