What is ISO 27789— Audit trails for electronic health records about?
ISO 27789 is an international standard that covers health informatics.
ISO 27789 specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.
ISO 27789 is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system.
Note 1: ISO 27789 covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides.
Note 2: ISO 27789 does not cover the specification and use of audit logs for system management and system security purposes.
Who is ISO 27789— Audit trails for electronic health records for?
ISO 27789 on Health informatics is useful for:
- Clinical informatics
- Nursing informatics
- The chief medical information officer
- Public health informatics
Why should you use ISO 27789— Audit trails for electronic health records?
Effective audit and logging can help to uncover misuse of EHR systems or EHR data and can help organizations and subjects of care, obtain redress against users abusing their access privileges. It is necessary that audit trails contain sufficient information to address a wide variety of circumstances, for auditing to be effective.
ISO 27789 provides a framework for the standardization of audit trails for electronic health records which helps you to ensure the information captured in an audit log, is sufficient to clearly reconstruct a detailed chronology of the events that have shaped the content of an electronic health record. It also helps you in ensuring that an audit trail of actions relating to a subject of care’s record can be reliably followed, even across organizational domains.
ISO 27789 helps the users who are responsible for overseeing the health information security or privacy, as well as for healthcare organizations and other custodians of health information, who are seeking guidance on audit trails together with their security advisors, consultants, auditors, vendors, and third-party service providers.
What’s changed since the last update?
BS EN ISO 27789:2021 supersedes BS EN ISO 27789:2013, which is withdrawn. BS EN ISO 27789:2021 includes some technical changes with respect to BS EN ISO 27789:2013. These include:
- Harmonization between audit record format and DICOM format
- Review of the content in Annex A
- Review of the chart in Annex B
- Bibliography update