What is this standard about?
It provides guidance on how best to protect the confidentiality, integrity, auditability and availability of personal health information irrespective of the form information takes, its means of storage and any means used to transmit it. This is important for patient privacy and safety to be maintained.
In addition, healthcare is often time critical so it’s important that health information systems remain operational in the face of natural disasters, system failures and denial-of-service attacks.
Who is this standard for?
- Anyone overseeing health information security
- Healthcare organizations
- Other custodians of personal health information
- Security advisors
- Related consultants, auditors and vendors
- Third-party service providers
Why should you use this standard?
This standard complements and is intended to be used with ISO/IEC 27002. BS EN ISO 27799 enables ISO/IEC 27002 to be used within healthcare environments. It tackles the special information security management needs of the health sector and its unique operating environments. Its use will help healthcare environments ensure that:
- The confidentiality and integrity of data in their care is maintained
- Critical health information systems remain available
- Accountability for health information is upheld
In addition, healthcare organizations implementing this standard can expect to see the number and severity of their security incidents reduced, staff morale improve and public trust in the systems that maintain personal health information increase.
The standard provides clear, concise and healthcare-specific guidance on the stringent controls needed to protect health information across a wide range of locations and models of service delivery.
It also provides additional health-sector-specific requirements and additional guidance in a format that persons responsible for health information security can readily understand and adopt.
What’s changed since the last update?
The standard was systematically reviewed by technical experts to ensure its continued market relevance. This standard is a technical revision of the 2008 version which has been withdrawn.