ISO 27799:2008 defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.
ISO 27799:2008 specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information.
ISO 27799:2008 applies to health information in all its aspects; whatever form the information takes (words and numbers, sound recordings, drawings, video and medical images), whatever means are used to store it (printing or writing on paper or electronic storage) and whatever means are used to transmit it (by hand, via fax, over computer networks or by post), as the information must always be appropriately protected.
Organizations Reach the Health Informatics Security Standard with Avnet
Avnet provides the Health Informatics Security Standard for the Computational Health of Medical Establishments, enabling them to keep their Patient Data private, thereby ensuring Patient confidentiality while securing the data and the inter-systems interoperability, while eliminating vulnerabilities.
Avnet supports the highest level of data security, enabling hospitals and other medical facilities to reach and maintain the Health Informatics Security Standard while continuing daily routines which are life-preserving. Avnet follows up on work procedures and analyses data control of the issues at hand while examining them all the while.
The keys definition of conforming to the Health Informatics Security Standard are:
Medical Organizations should utilize Avnet's routine inspection service in order to achieve and maintain the Health Informatics Security Standard.
Avnet's supervision of critical organizational systems is ongoing, and includes securing:
• Data technologies
• Data system
• Physical security
• Safety procedures
• Law department
Note: Capacity Planning procedures implemented in data system department should be done independently of procedures implemented in other departments, as a variety of standards exist.
The standard, when implemented, enables the organization to maintain procedures, however, proactive planning and creative attack management, prevention and information gathering must take place on an ongoing basis in order to analyze the data and reach logical and ongoing solutions.