Security Reference for Cloud Services Targeted for Medical Institutions

Recently, the use of cloud services is spreading quickly, and they are used in various business scenes by large corporates, mid-size companies, and small enterprises. However, at medical institutions in Japan including hospitals, the use of cloud services has not quite started, because of the need to consider the type of personal information handled by such institutions, the availability of medical information systems during emergencies, and the management of medical images of which higher resolutions and sizes are becoming the standard.
Thus, the "Security Reference for Cloud Service Targeted for Medical Institutions” refers to the result of the confirmation and organization of the compliance with the following guidelines for medical institutions by target cloud service, with the purpose of promoting the use of cloud services in the medical industry.

1. Ministry of Health, Labor, and Welfare "Guidelines Concerning Safety Management of Medical Information Systems Version 5" (May 2017)
2. Ministry of Internal Affairs and Communications "Guidelines Concerning Security Management for Cloud Service Businesses Handling Medical Information" (July 2018)
3. Ministry of Internal Affairs and Communications "Information Security Measures Guidelines for ASP / SaaS" (January 30th, 2008)
4. Ministry of Internal Affairs and Communications "Guidelines Concerning Security Management for ASP / SaaS Businesses Handling Medical Information" (December 2010)
5. Ministry of Economy, Trade, and Industry "Safety Management Guidelines for Information Processing Businesses Handling Medical Information" (October 2012)

The newly released "Security Reference for Microsoft Azure' Targeted for Medical Institutions" shows the compliance situation of Microsoft's "Microsoft Azure" against each item in the 3 Ministries’ 3 Guidelines, assuming that a virtual machine (IaaS) would be used to save medical information onto Microsoft Azure through a network. The research was done by the Mitsubishi Research Institute, Inc. and Japan Business Systems, Inc.

The "Security Reference for Microsoft Azure Targeted for Medical Institutions Version 2 (Published on May 17th 2019)" can be downloaded from the below link. When Download button is clicked, you are considered to have read and agreed to the terms and conditions stated in the PDF below.

"Security Reference Microsoft Azure Edition for Medical Institutions Licensing Agreement"

The newly released "Security Reference for Office 365' Targeted for Medical Institutions" shows the compliance situation of Microsoft's "Office 365" against each item in the 3 Ministries’ 4 Guidelines, assuming that email function (Exchange Online) and file sharing function (SharePoint Online) would be used to save medical information onto Office 365 through a network. The research was done by the Mitsubishi Research Institute, Inc. and Japan Business Systems, Inc.

The "Security Reference for Office 365 Targeted for Medical Institutions Version 1.0 (Published on November 4th 2016)" can be downloaded from the below link. When Download button is clicked, you are considered to have read and agreed to the terms and conditions stated in the PDF below.