ISO 27799: 2016: Health informatics - Information security management in health using ISO/IEC 27002
A guide to information security standards and practices that includes selection, implementation and management of risk-based controls
The guidelines supplement implementation of health informatics in ISO/IEC 27002: 2013: Information technology — Security techniques — Code of practice for information security controls.
Health organizations and other bodies that handle medical information may ensure the necessary degree of security on the basis of their operating circumstances to keep personal health information available, complete, and secure.
The standard applies to all sources of private information (images, recordings, documents, etc.) across mediums (print and digital storage), and the method of communications (manual, online, fax).
It should be emphasized that the standard is "indifferent" to technology, given the speed at which it moves forward (every few months!), with the result that the standard is relevant over time and service providers can offer technologies in compliance with the specifications of the standard.
It should also be emphasized that familiarity with ISO/IEC 27002 is essential for understanding ISO 27799.
The standard covers the following subjects:
- Anonymization methodologies and statistical tests of private health information
- Pseudonymization of private health information
- Communications quality and methodologies to ensure communications availability
- Information quality
The road to certification
To initiate the process, we recommend purchasing the standard at the Standards Institution of Israel Information Center
Certification follows the successful implementation an organization's in-house quality management system pursuant to the requirements of the standard. To start this process, it is recommended to purchase the standard at the Standards Institution of Israel Information Center, study the requirements, and participate in appropriate training. It is also possible to consult with the quality management experts and undergo an audit by Standards Institution of Israel to check for shortcomings.
The process ought to be seen as an opportunity for improvement via the organization team which will receive management commitment and involvement. At the end of the process, independent Standards Institution of Israel auditors will perform an audit that confirms that the organization's management system is compatible to the specifications of the standard.
The Standards Institution of Israel – the right choice for you!
- The Standards Institution of Israel has a longstanding reputation for quality and professionalism
- Our people are among the best experts in the quality assurance field, with experience and familiarity of customers' needs
- The Standards Institution of Israel is the country's largest certification body
- The Standards Institution of Israel has accreditation from the largest certification bodies in the world
- The Standards Institution of Israel offers a range of services under one roof: certification (individual and integrated), a range of laboratory tests, and a training center
- The Standards Institution of Israel is member of international standardization committees and has cooperation agreements with top certification bodies in the world.
- The Standards Institution of Israel is a member of IQNet Association - The International Certification Network, which incorporates certification bodies from all over the world. Standards Institution of Israel customers obtain exclusive IQNet certification for free and may also obtain mutual recognition from IQNet members as a marketing tool.
ISO/IEC 27001