This document focuses on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices and health information systems.
This document specifies the risk assessment necessary to protect remote maintenance activities, taking into consideration the special characteristics of the healthcare field such as patient safety, regulations and privacy protections.
This document provides practical examples of risk analysis to protect both the HCF and RMS provider information assets in a safe and efficient (i.e. economical) manner. These assets are primarily the information system itself and personal health data held in the information system.