This standard complement and is intended to be used with ISO/IEC 27002. BS EN ISO 27799 enables ISO/IEC 27002 to be used within healthcare environments. It tackles the special information security management needs of the health sector and its unique operating environments. Its use will help healthcare environments ensure that:
- The confidentiality and integrity of data in their care is maintained
- Critical health information systems remain available
- Accountability for health information is upheld
In addition, healthcare organizations implementing this standard can expect to see the number and severity of their security incidents reduced, staff morale improve and public trust in the systems that maintain personal health information increase.
The standard provides clear, concise and healthcare-specific guidance on the stringent controls needed to protect health information across a wide range of locations and models of service delivery.
It also provides additional health-sector-specific requirements and additional guidance in a format that persons responsible for health information security can readily understand and adopt.