This document is designed to improve the authentication of individual users of health care IT systems, by
strengthening the automatic software procedures associated with the management of user identifiers and
passwords, without resorting to additional hardware facilities.
This document applies to all information systems (hereafter called systems) within the health care
environment that handle or store sensitive person identifiable health information, using passwords as the only
means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that
fall within the scope of this document include for example electronic patient record systems, patient
administrative systems and laboratory systems, containing personal health information.
This document does not apply to systems outside the health care environment. Neither does it apply to
systems within the health care environment that use other means of identification and authentication, such as
smart cards, biometric methods or other technical facilities.
Die ÖNORM ist anzuwenden für alle Informationssysteme im Gesundheitswesen, welche sensible personenbezogene Gesundheitsdaten handhaben oder speichern und als ausschließliches Mittel der Authentizität des Anwenders ein Password verwenden.