Law and standards faced to market rules in health information security

摘要

This paper presents the main differences existing in the elaboration process of law and standard and analyses their potential conflicts. It also describes the respective force of law and standards in three main areas : legal threat versus financial threat, conflict versus cooperation and finally their respective position faced to oligarchic power. Perhaps because both the legislature and standards bodies produce official documents, they appear to have the same nature. These documents are written inside well representative institutions whose membership is not free but submitted to selective criteria and they are delivered after a long administrative process. However, this would be a fundamentally wrong interpretation of the situation. This short paper outlines how far the law and standards documents are from each other during their elaboration process and how close they are in the daily technical practice where the required standard can provide a perfect answer to a legal obligation. It describes and compares successively the elaboration process, their respective force and their mutual relations in a world where technical innovation, especially in the information technology field, goes faster than the public opinion which is the main determinant of the political power. Even the standards organizations have moved relatively fast in the field of healthcare informatics during the last two years but a brief outline of the situation is given in and a more extensive description is available in this MEDSEC Handbook. The TC251 and ISO 215 standards activity can be accessed directly . Further it may be expected that the International Electro-technical Commission standard 61508 parts 1-7 will provide a basis for the development of safe systems in Health Care in due course .