• Shopping Cart
    There are no items in your cart

ISO 27789:2021

Current

Current

The latest, up-to-date edition.

Health informatics Audit trails for electronic health records

Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

French, English

Published date

05-10-2021

€165.00
Excluding VAT

This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.

It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system.

NOTE Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed.

This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.

It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC15408 (all parts)[9].

AnnexA gives examples of audit scenarios. AnnexB gives an overview of audit log services.

DocumentType
Standard
Pages
50
PublisherName
International Organization for Standardization
Status
Current
Supersedes

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.