BS EN ISO 27789:2021

$198.66

Health informatics. Audit trails for electronic health records

Published By	Publication Date	Number of Pages
BSI	2021	60

Guaranteed Safe Checkout

Categories: 35.240.80 - IT applications in health care technology, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.

It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system.

NOTE

Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed.

This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.

It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408 (all parts)^[ ⁹^].

Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services.

PDF Catalog

PDF Pages	PDF Title
2	undefined
3	64_e_stf.pdf
5	European foreword Endorsement notice
8	Foreword
9	Introduction
12	1 Scope 2 Normative references 3 Terms and definitions
16	4 Abbreviated terms 5 Requirements and uses of audit data 5.1 Ethical and formal requirements 5.1.1 General 5.1.2 Access policy
17	5.1.3 Unambiguous identification of information system users 5.1.4 User roles 5.1.5 Secure audit records 5.2 Uses of audit data 5.2.1 Governance and supervision
18	5.2.2 Subjects of care exercising their rights 5.2.3 Evidence and retention requirements 6 Trigger events 6.1 General
19	6.2 Details of the event types and their contents 6.2.1 Access events to the personal health information 6.2.2 Query events to the personal health information 7 Audit record details 7.1 The general record format
21	7.2 Trigger event identification 7.2.1 Event ID
22	7.2.2 Event action code 7.2.3 Event date and time
23	7.2.4 Event outcome indicator 7.2.5 Event type code 7.3 User identification 7.3.1 User ID
24	7.3.2 Alternative user ID 7.3.3 User name 7.3.4 User is requestor 7.3.5 Role ID code
25	7.3.6 Purpose of use
26	7.4 Access point identification 7.4.1 Network access point type code
27	7.4.2 Network access point ID 7.5 Audit source identification 7.5.1 Overview
28	7.5.2 Audit enterprise site ID 7.5.3 Audit source ID 7.5.4 Audit source type code
29	7.6 Participant object identification 7.6.1 Overview
30	7.6.2 Participant object type code 7.6.3 Participant object type code role
31	7.6.4 Participant object data life cycle and record entry lifecycle events
33	7.6.5 Participant object ID type code
34	7.6.6 Participant object Permission PolicySet 7.6.7 Participant object sensitivity
35	7.6.8 Participant object ID 7.6.9 Participant object name 7.6.10 Participant object query 7.6.11 Participant object detail, Participant object description
36	8 Audit records for individual events 8.1 Access events
37	8.2 Query events
39	9 Secure management of audit data 9.1 Security considerations 9.2 Securing the availability of the audit system
40	9.3 Retention requirements 9.4 Securing the confidentiality and integrity of audit trails 9.5 Access to audit data
41	Annex A (informative) Audit scenarios
47	Annex B (informative) Audit log services
56	Bibliography

Additional information

Status	Definitive
Pages	60
Publication Date	2021-11-01
ISBN	978 0 539 00593 6
Standard Number	BS EN ISO 27789:2021
Title	Health informatics. Audit trails for electronic health records
Identical National Standard Of	EN ISO 27789, ISO 27789
Replaces	BS EN ISO 27789:2013
Descriptors	Data recording, Data transmission methods, Information handling, Data handling, Data processing, Data layout, Data storage, Personal health, Data representation, Data transmission, Health services, Data syntax, Information exchange, Data transfer, Records (documents)
Publisher	BSI
Committee	IST/35
ICS Codes	35.240.80 - IT applications in health care technology

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN ISO 27789:2021

PDF Catalog

Related products