The document “Guidelines for the Security Management of Medical Information Systems” from the Ministry of Health, Labour and Welfare (MHLW) sets out the requirements for the secure management of medical information systems and compliance with e-Document Law from both a technical and operations management perspective.
Medical institutions that outsource medical information systems or use a cloud-type service must review their management measures against the requirements of three different documents: the guidelines from the MHLW mentioned above, along with the “Security Management Guidelines for Information Processing Providers Dealing with Medical Information” from the Ministry of Economy, Trade and Industry, and the “Security Management Guidelines for Cloud Service Providers Handling Medical Information” from the Ministry of Internal Affairs and Communications. These three sets of guidelines issued by the three ministries are collectively referred to as the “Three Guidelines from Three Ministries.”
At Google, we've created a handbook to describe how our control environment complies with the Three Guidelines from Three Ministries. Most of the regulations described in the handbook have been certified by third-party compliance programs, such as ISO/IEC 27001, ISO/IEC 27017, and ISO/IEC 27018.