六、参考文献

（一）《中华人民共和国网络安全法》（中华人民共和国主席令第五十三号）

（二）国务院办公厅关于促进和规范健康医疗大数据应用发展的指导意见（国办发〔2016〕47号）

（三）《医疗器械注册管理办法》（国家食品药品监督管理总局令第4号）

（四）《医疗器械说明书和标签管理规定》（国家食品药品监督管理总局令第6号）

（五）国家食品药品监督管理总局关于公布医疗器械注册申报资料要求和批准证明文件格式的公告（国家食品药品监管总局公告2014年第43号）

（六）国家食品药品监督管理总局关于发布医疗器械软件注册技术审查指导原则的通告（国家食品药品监管总局通告2015年第50号）

（七）《医疗器械召回管理办法（试行）》（原卫生部令第82号）

（八）《人口健康信息管理办法（试行）》（国卫规划发〔2014〕24号）

（九）国家卫生计生委关于推进医疗机构远程医疗服务的意见（国卫医发〔2014〕51号）

（十）GB/T 20271-2006《信息安全技术信息系统通用安全技术要求》

（十一）GB/T 20984-2007 《信息安全技术信息安全风险评估规范》

（十二）GB/T 22080-2016《信息技术安全技术信息安全管理体系要求》

（十三）GB/T 22081-2016《信息技术安全技术信息安全管理实用规则》

（十四）GB/T 29246-2012《信息技术安全技术信息安全管理体系概述和词汇》

（十五）GB/Z 24364-2009《信息安全技术信息安全风险管理指南》

（十六）YY/T 0287-2003《医疗器械质量管理体系用于法规的要求》

（十七）YY/T 0316-2016《医疗器械风险管理对医疗器械的应用》

（十八）YY/T 0664-2008《医疗器械软件软件生存周期过程》

（十九）YY/T 1474-2016 《医疗器械可用性工程对医疗器械的应用》

（二十）FDA, Cybersecurity for Networked Medical Devices Containing Off-the-Shelf Software, 2005-1-14

（二十一）FDA, Content of Premarket Submissions for Management of Cybersecurity in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, 2014-10-2

（二十二）FDA, Radio Frequency Wireless Technology in Medical Devices - Guidance for Industry and Food and Drug Administration Staff, 2013-8-14

（二十三）FDA, Postmarket Management ofCybersecurity in Medical Devices – Draft Guidance for Industry and Food and Drug Administration Staff, 2016-1-22

（二十四）FDA, Design Considerations and Pre-market SubmissionRecommendations for InteroperableMedical Devices – Draft Guidance for Industry and Food and Drug Administration Staff, 2016-1-26

（二十五）IEC 60601-1Edition3.1:2012, Medical electrical equipment - Part 1: General requirements for basic safety and essential performance

（二十六）IEC 82304-1, Health Software - Part 1: General requirements for product safety

（二十七）IEC80001-1:2010, Application of risk management for IT-networks incorporating medical devices - Part 1: Roles,responsibilities and activities

（二十八）IEC/TR 80001-2-1:2012, Application of risk management for IT-networks incorporating medical devices - Part 2-1: Step-by-step risk management of medical IT-networks - Practical applications and examples

（二十九）IEC/TR 80001-2-2:2012, Application of risk management for IT-networks incorporating medical devices - Part 2-2: Guidance for the disclosure and communication of medical device security needs, risks and controls

（三十）IEC/TR 80001-2-3:2012, Application of risk management for IT-networks incorporating medical devices - Part 2-3: Guidance for wireless networks

（三十一）IEC/TR 80001-2-4:2012, Application of risk management for IT-networks incorporating medical devices - Part 2-4: Application guidance - General implementation guidance for healthcare delivery organizations

（三十二）IEC/TR 80001-2-5:2014, Application of risk management for IT-networks incorporating medical devices - Part 2-5: Application guidance - Guidance on distributed alarm systems

（三十三）ISO/TR 80001-2-6:2014, Application of risk management for IT-networks incorporating medical devices -Part 2-6: Application guidance - Guidance for responsibility agreements

（三十四）ISO/TR 80001-2-7:2015, Application of risk management for IT-networks incorporating medical devices -Application guidance -Part 2-7: Guidance for Healthcare Delivery Organizations (HDOs) on how to self-assess their conformance with IEC 80001-1

（三十五）IEC/TR 80001-2-8:2016, Application of risk management for IT-networks incorporating medical devices - Part 2-8: Application guidance - Guidance on standards for establishing the security capabilities identified in IEC/TR 80001-2-2

（三十六）IEC/TR 80001-2-9, Application of risk management for IT-networks incorporating medical devices - Part 2-9: Application guidance - Guidance for use of security assurance cases to demonstrate confidence in IEC/TR 80001-2-2 security capabilities

（三十七）ISO/DIS 27799Health informatics - Information security management in health using ISO/IEC 27002

（三十八）HIMSS/NEMA HN 1-2013, Manufacturer Disclosure Statement for Medical Device Security

（三十九）NEMA/MITA CSP 1-2016, Cybersecurity for Medical Imaging

（四十）IMDRF/SaMD WG/N12FINAL:2014, Software as a Medical Device (SaMD): Possible framework for Risk Categorization and Corresponding Considerations, 2014-9-18