What is ISO 27799— Health Informatics Certification about?

ISO 27799 is useful for:

• Anyone overseeing health information security
• Healthcare organizations
• Other custodians of personal health information
• Security advisors
• Related consultants, auditors and vendors
• Third-party service providers

We understand that certification to ISO 27799 may appear daunting. Our experts are here to make sure that the process is as smooth as possible and that you gain maximum benefits.

This standard complement and is intended to be used with ISO/IEC 27002. BS EN ISO 27799 enables ISO/IEC 27002 to be used within healthcare environments. It tackles the special information security management needs of the health sector and its unique operating environments. Its use will help healthcare environments ensure that:

• The confidentiality and integrity of data in their care is maintained
• Critical health information systems remain available
• Accountability for health information is upheld

In addition, healthcare organizations implementing this standard can expect to see the number and severity of their security incidents reduced, staff morale improve and public trust in the systems that maintain personal health information increase.

The standard provides clear, concise and healthcare-specific guidance on the stringent controls needed to protect health information across a wide range of locations and models of service delivery.

It also provides additional health-sector-specific requirements and additional guidance in a format that persons responsible for health information security can readily understand and adopt.

The standard was systematically reviewed by technical experts to ensure its continued market relevance. This standard is a technical revision of the 2008 version which has been withdrawn.