Home>ISO Standards>ISO 27789:2013 pdf free

ISO 27789:2013 pdf free

ISO 27789:2013 pdf free.Health informatics – Audit trails for electronic health records
Healthcare providers have their professional ethical responsibilities to meet. Among these are protecting the privacy of subjects of care and documenting the findings and activities of care. Restricting access to health records and ensuring their appropriate use are both essential requirements in health care and in many jurisdictions these requirements are set down in law.
Secure audit trails of access to electronic health records may support compliance with professional ethics, organizational policies and legislation, but they are not sufficient in themselves to assess completeness of an electronic health record.
An organization responsible for maintaining an audit log shall identify the access policy governing all accesses logged.
The access policy shall be in accordance with ISO 27799:2008, 7.8.1.2, Access control policy.
NOTE 1 The access policy is presumed to define an EHR segment structure.
NOTE 2 In the audit record the access policy is identified by the audit log source.
Guidance on specifying and implementing access policies can be found in ISO/TS 22600.161 A field “Participant object Permission PolicySet” is defined in 7.6.6 to support referencing the actual policies in the audit record.
Unambiguous identification of information system users
The audit trails shall provide sufficient data to unambiguously identify all authorized health information system users. Users of the information system can be persons, but also other entities.
The audit trails shall provide sufficient data to determine which authorized users and external systems have accessed or been sent health record data from the system.
The audit trail shall show the role of the user, while performing the recorded action on personal health information.
Information systems processing personal health information should support role-based access control capable of mapping each user to one or more roles, and each role to one or more system functions, as recommended in ISO 27799:2008, 7.8.2.2, Privilege management.
Functional and structural roles are documented in ISO/TS 21298.[4] Additional guidance on privilege management in health is given by ISO/TS 22600, (all parts).[6]ISO 27789 pdf download.

Related standards