Inventory of Health Care Information Standards. Accredited Standards Committee (ASC) X12

01/01/1997

The American Standards Committee X12, Electronic Data Interchange (EDI)/EDIFACT, has a number of security standards under development that are primarily targeted at messaging. X12's work in message security takes a non-health care-specific approach and is managed by X12 Subcommittee C (X12C) the data security task group of X12 that is co-chaired by Don Petry, and which coordinates efforts with the UN/EDIFACT Security Joint Working Group, chaired by Terry Dosdale of the United Kingdom.

Current X12C efforts include:

X12.42, Cryptographic Service Message (815) (usually referred to as the 815). The 815, which has been published and has a Reference Model in development, is used to provide the data format required for cryptographic key management in support of authentication and encryption. 815 includes the automated distribution and exchange of keys.

X12.376 Secure Authentication & Acknowledgment (993) (usually referred to as the 993). Currently in development, 993 is used by the recipient of a transaction set to authenticate and acknowledge the origin, content, or sequence of data received with the originator of the transactions.

X12.58 Security Structures, which has been published and has a Reference Model in development, is used to define the data formats required for authentication and encryption to provide integrity, confidentiality and verification of the originator at the functional group and transaction set levels.

ISO/IEC 9735, under the general title Electronic data interchange for administration, commerce and transport (EDIFACT) - Application level syntax rules, which is currently in draft form, to be reviewed at the X12 meetings in San Francisco in early February of this year, has five parts specifically targeting message security. These parts are: Part 5 - Security rules for batch EDI (authenticity, integrity and non-repudiation of origin); Part 6 - Secure authentication and acknowledgment message; Part 7 - Security rules for batch EDI (confidentiality); Part 9 - Security key and certificate management message; and Par 10 - Security rules for interactive EDI. The security aspects of ISO 9735 are targeted for finalization by march of 1997, and will be forwarded to ISO for final approval through the ISO Fast Track process.

American Standards Committee (ASC) contact:

Regina Girouard

Manager, Secretariat Services

Data Interchange Standards Association, Inc. (DISA)

1800 Diagonal Road, Suite 200

Alexandria, VA 22314

rgirouard@disa.org

703-548-7005 (x165) [voice]

703-548-5738 [fax]