BS EN ISO 27799:2016给出了组织信息安全标准和 信息安全管理实践包括选择、实施和管理 考虑到组织的信息安全风险环境的控制措施。本国际标准定义了支持本标准解释和实施的指南 健康信息学符合ISO/IEC 27002标准，是该国际标准的配套标准。4) 本国际标准提供了中所述控制的实施指南 ISO/IEC 27002，并在必要时对其进行补充，以便有效地用于 管理卫生信息安全。通过实施这一国际标准，医疗保健 卫生信息的组织和其他保管人将能够确保最低限度的 他们的组织的安全水平是适当的 在他们的护理下，个人健康信息的保密性、完整性和可用性。本国际标准适用于健康信息的所有方面，无论以何种形式发布 信息采集（文字和数字、录音、绘图、视频和医学图像）， 无论使用何种方式存储（打印或书写在纸上或电子存储），以及 无论使用何种方式（通过手工、传真、通过计算机网络或邮寄）传输 信息始终受到适当保护。本国际标准和ISO/IEC 27002共同定义了以下方面的要求: 在医疗保健的信息安全方面，他们没有定义如何满足这些要求。就是 也就是说，在最大程度上，该国际标准是技术中立的。中立 尊重实现技术是一个重要特征。 安全技术仍在发展中 快速发展和这种变化的速度现在是以月而不是以年来衡量的。通过 相比之下，虽然需要定期审查，但预计国际标准总体上将保持不变 有效期为年。同样重要的是，技术中立让供应商和服务提供商免费 提出新的或正在开发的技术，以满足本国际组织提出的必要要求 标准描述。如引言所述，熟悉ISO/IEC 27002对于理解 这是国际标准。以下信息安全领域不在本国际标准的范围内:有效匿名个人健康信息的方法和统计测试；个人健康信息的化名方法（参考参考书目了解简要信息） 具体涉及该主题的技术规范说明）；网络服务质量和用于健康的网络可用性测量方法 信息学；数据质量（与数据完整性不同）。交叉引用:ISO/IEC 27000ISO/IEC 27002ISO/IEC 11770-1ISO/IEC 11770-2ISO/IEC 11770-3ISO/TS 14441:2013ISO 15489-1ISO 17090-1ISO 17090-2ISO 17090-3ISO/TR 17791:2013ISO/TS 17975ISO/IEC 18028-4:2005ISO 21091ISO/TS 21298ISO 22301ISO 22600-1ISO 22600-2ISO/TS 25237ISO/IEC 27001:2013ISO/IEC 27005ISO/IEC 27007ISO/IEC 27008ISO/IEC 270313327033-3ISO/IEC 27033-4ISO/IEC 27033-5ISO/IEC 27035ISO/IEC 27036-1ISO/IEC 27036-2ISO/IEC 27036-3ISO/IEC 27037ISO 27789:2013ISO 22857ISO/IEC 29100ISO/IEC 29101ISO 31000购买本文件时提供的所有当前修订版均包括在内。

BS EN ISO 27799:2016 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).This International Standard defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that International Standard.4) This International Standard provides implementation guidance for the controls described in ISO/IEC 27002 and supplements them where necessary, so that they can be effectively used for managing health information security. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information in their care.This International Standard applies to health information in all its aspects, whatever form the information takes (words and numbers, sound recordings, drawings, video, and medical images), whatever means are used to store it (printing or writing on paper or storage electronically), and whatever means are used to transmit it (by hand, through fax, over computer networks, or by post), as the information is always be appropriately protected.This International Standard and ISO/IEC 27002 taken together define what is required in terms of information security in healthcare, they do not define how these requirements are to be met. That is to say, to the fullest extent possible, this International Standard is technology-neutral. Neutrality with respect to implementing technologies is an important feature. Security technology is still undergoing rapid development and the pace of that change is now measured in months rather than years. By contrast, while subject to periodic review, International Standards are expected on the whole to remain valid for years. Just as importantly, technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that this International Standard describes.As noted in the introduction, familiarity with ISO/IEC 27002 is indispensable to an understanding of this International Standard.The following areas of information security are outside the scope of this International Standard:methodologies and statistical tests for effective anonymization of personal health information;methodologies for pseudonymization of personal health information (see Bibliography for a brief description of a Technical Specification that deals specifically with this topic);network quality of service and methods for measuring availability of networks used for health informatics;data quality (as distinct from data integrity).Cross References:ISO/IEC 27000ISO/IEC 27002ISO/IEC 11770-1ISO/IEC 11770-2ISO/IEC 11770-3ISO/TS 14441:2013ISO 15489-1ISO 17090-1ISO 17090-2ISO 17090-3ISO/TR 17791:2013ISO/TS 17975ISO/IEC 18028-4:2005ISO 21091ISO/TS 21298ISO 22301ISO 22313ISO 22600-1ISO 22600-2ISO 22600-3ISO/TS 25237ISO/IEC 27001:2013ISO/IEC 27005ISO/IEC 27007ISO/IEC/TR 27008ISO/IEC 27031ISO/IEC 27033-1ISO/IEC 27033-2ISO/IEC 27033-3ISO/IEC 27033-4ISO/IEC 27033-5ISO/IEC 27035ISO/IEC 27036-1ISO/IEC 27036-2ISO/IEC 27036-3ISO/IEC 27037ISO 27789:2013ISO 22857ISO/IEC 29100ISO/IEC 29101ISO 31000All current amendments available at time of purchase are included with the purchase of this document.