ISO 27789:2013

About

ISO 27789:2013 Health informatics - Audit trails for Electronic Health Records specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.

Scope and Purpose

ISO 27789:2013 Health informatics - Audit trails for Electronic Health Records is applicable to systems processing personal health information which, complying with ISO 27799, creates a secure audit record each time a user accesses, creates, updates or archives personal health information via the system.

ISO 27789:2013 Health informatics - Audit trails for Electronic Health Records covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.

It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408-2.

Audit log:

All actions related to electronic health information in accordance with the standard specified in the document including viewing should be recorded.
All actions based on user-defined events must be recorded.
All or a specified set of recorded audit information, upon request or at a set period of time, must be electronically displayed or printed for user/administrative review.
All actions related to electronic health information must be recorded with the date, time, record identification, and user identification whenever any electronic health information is created, modified (non-clinical data only), deleted (stale and non-clinical data only), or printed; and an indication of which action(s) took place must also be recorded.
A cross-enterprise secure transaction that contains sufficient identity information such that the receiver can make access control decisions and produce detailed and accurate security audit trails should be preferably used within the system.

Information to Get Electronic Health Record (EHR) Standards for India is available at the Get Standard

Quick Link

International Organization for Standardization (ISO)

Bureau of Indian Standards (BIS)

Testimonials

More...

We are really happy for the continuous and timely support that you provide for our startup

M. Sri Vidhya Bhavani

Co-founder, Destratum Solutions

We were overwhelmed by both - the technical expertise of the team and the willingness to support all the stakeholders to achieve "true digital health" in the country.

Anand Apte

Head - Strategy & Business, Jupiter Hospital, Pune

Thanks team!!! you been giving exceptional support to us in integrating FHIR Standard for NHCX.

Peddi Sai Rahul Goud

Deputy Manager-IT, Chola MS General Insurance Company Limited

Testimonials

Home

Home

Registries

Registry

Services

Services

Standards

Standards

About Us

About Us

Contact Us

Contact Us

More

More