Code of conduct for information security in the health sector
More and more work in the health sector is based on the electronic processing of patient information. Likewise, a larger and larger portion of communication between organizations is electronic.
The increased electronic processing of information provides opportunities, but it also poses challenges to information security in the organizations.
Electronic processing entails, amongst other things that information can more
easily and more quickly be made available both internally in an organization
and externally outside of the organization. This is an advantage, insofar as
the information is only made available to the right person at the right
time.
However, unintended consequences may arise regarding the confidentiality of
the information, and special measures must be implemented in order to
prevent unauthorized access to electronically stored information. Mechanisms
are required that ensure that all aspects of information security are
satisfactorily handled in the relevant organizations.
This is the background for the initiative by the Directorate for Health and
Social Affairs to prepare a separate code of conduct for information
security.
The purpose of the Code is to contribute to satisfactory information security
in the health sector. The Code is also intended to be an aid for individual
organizations in their work with information security.
Documents to be downloaded from the right hand side of this page:
The Code of conduct
Summary of The Code of conduct
Guideline for remote access
Fact sheets:
Fact sheet 36 - Remote access for maintenance and updates
Fact sheet 37 - Security requirements and security documentation in
projects
Fact sheet 38 - Security requirements for systems
Fact sheet 41 - Damage limitation when data has been unintentionally
disclosed
