ISO 27799 is an international standard that provides guidance on how best to protect the confidentiality, integrity and availability of personal health data for those active in the health care business.
Specifically, it builds on and extends the guidance provided by ISO/IEC 27002:2013 regarding the development of Information Security Management Systems to meet the specific needs that arise in the field of health.
Examples of best practices required by ISO 27799 are:
- Data access controls, including privileged access management,
- Cryptographic control of sensitive data,
- Management and protection of encryption keys,
- Recording and archiving of all events related to the use and management of user IDs and confidential identity information as well as the protection of these files from tampering and unauthorized access etc.