ISO 27799:2008 保健信息学 遵循ISO/IEC 27002的卫生信息安全管理

标准编号：ISO 27799:2008

中文名称：保健信息学 遵循ISO/IEC 27002的卫生信息安全管理

英文名称：Health informatics — Information security management in health using ISO/IEC 27002

发布日期：2008-07

标准范围

ISO 27799:2008定义了支持ISO/IEC 27002在健康信息学中的解释和实施的指南，是该标准的配套标准。ISO 27799:2008规定了一套管理健康信息安全的详细控制措施，并提供了健康信息安全最佳实践指南。通过实施本国际标准，医疗保健组织和其他健康信息保管人将能够确保符合其组织情况的最低必要安全级别，并保持个人健康信息的机密性、完整性和可用性。ISO 27799:2008年适用于健康信息的所有方面；无论信息采用何种形式（文字和数字、录音、图纸、视频和医学图像），使用何种方式存储（打印或书写在纸上或电子存储器上），以及使用何种方式传输（手动、通过传真、通过计算机网络或邮寄），因为信息必须始终得到适当的保护。

ISO 27799:2008 defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.ISO 27799:2008 specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information.ISO 27799:2008 applies to health information in all its aspects; whatever form the information takes (words and numbers, sound recordings, drawings, video and medical images), whatever means are used to store it (printing or writing on paper or electronic storage) and whatever means are used to transmit it (by hand, via fax, over computer networks or by post), as the information must always be appropriately protected.

标准预览图