ISO 27799 Updated

ISO 27799, “Health informatics – Information security management in health using ISO/IEC 27002,” has just been updated.  The new 2nd Edition is a technical revision of the 1st Edition, so your copy of the older standard is now out-of-date (withdrawn and replaced by the 2nd Edition).  This important standard shows you how to protect the confidentiality, integrity and availability of personal health care information.  It should be used by those of you who are responsible for overseeing such information, especially with regards to security of this data.  This can include those of you in the roles of security advisors, consultants, auditors, vendors and other third part providers as well.

The ISO 27766 has been built upon the foundation provided by ISO/IEC 27002 (“Information technology – Security techniques – Code of practice for information security controls”).  But the 27766 particularly addresses those aspects of data security found in the health care environment.  Since healthcare records have the conflicting requirements for both patient confidentiality and for accessibility by a number of organizations, particular care needs to be taken.  And of course, record integrity is essential as well.

The ISO 27766 is a flexible standard, intended to be use in a variety of contexts.  The authors considered that many EHR (Electronic health record) implementations are made in situations where the health professional works as a solo health care provider or in a small clinic.  So the range of preferred security measures has been made scalable in order to give guidance in the many situations where this type of data is both generated and used.

It is a lengthy publication (112 pages in total).  It provides guidance on 14 security control clauses, 35 main security categories and 114 controls as specified in ISO/IEC 27002.  Attention is given to health-specific control, implementation guidance and other information.  These include information security policies, human resource security, access control, physical and environmental security and operations security.  Compliance and incident management are also addressed.  Three informative annexes are part of the document.  They cover threats to health information security, practical action plan for implementing security in healthcare, and a checklist for conformance to ISO 27799.  A 39-item bibliography completes the standard.

Now to get your copy of the new 2nd Edition.  You’ll use an authorized ISO distributor like Document Center Inc.  Head to our webstore www.document-center.com to search for and order one of the over 1 million standards in our database.  Here’s a link to the order page for ISO 27799 for your convenience.

You may have additional questions or want to work with one of our staff members in order to place your order.  Feel free to contact us by phone (650-591-7600) or email (info@document-center.com) with any standards issues you may have.  We’ve been working with standards since 1982.  So make us your Standards Experts!