{"id":385243,"date":"2024-10-20T03:29:47","date_gmt":"2024-10-20T03:29:47","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iso-277892021\/"},"modified":"2024-10-26T06:20:17","modified_gmt":"2024-10-26T06:20:17","slug":"bs-en-iso-277892021","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iso-277892021\/","title":{"rendered":"BS EN ISO 27789:2021"},"content":{"rendered":"<p>This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.<\/p>\n<p>It is applicable to systems processing personal health information that create a secure audit record each time a user reads, creates, updates, or archives personal health information via the system.<\/p>\n<div class=\"non-normative-note\">\n<div class=\"note-label\">\n  NOTE\n <\/div>\n<p>Such audit records at a minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, read, update, etc.), and record the date and time at which the function was performed.<\/p>\n<\/div>\n<p>This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.<\/p>\n<p>It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as <span class=\"std\"><span class=\"std-ref\">ISO\/IEC&nbsp;15408<\/span><\/span> (all parts)<sup>[<\/sup> <span class=\"xref\"><sup>9<\/sup><\/span><sup>]<\/sup>.<\/p>\n<p><span class=\"xref\">Annex&nbsp;A<\/span> gives examples of audit scenarios. <span class=\"xref\">Annex&nbsp;B<\/span> gives an overview of audit log services.<\/p>\n<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>undefined  <\/td>\n<\/tr>\n<tr>\n<td><b>3<b><\/td>\n<td>64_e_stf.pdf  <\/td>\n<\/tr>\n<tr>\n<td><b>5<b><\/td>\n<td>European foreword <br \/> Endorsement notice  <\/td>\n<\/tr>\n<tr>\n<td><b>8<b><\/td>\n<td>Foreword   <\/td>\n<\/tr>\n<tr>\n<td><b>9<b><\/td>\n<td>Introduction   <\/td>\n<\/tr>\n<tr>\n<td><b>12<b><\/td>\n<td>1 Scope  <br \/> 2 Normative references  <br \/> 3 Terms and definitions   <\/td>\n<\/tr>\n<tr>\n<td><b>16<b><\/td>\n<td>4 Abbreviated terms  <br \/> 5 Requirements and uses of audit data  <br \/> 5.1 Ethical and formal requirements  <br \/> 5.1.1 General  <br \/> 5.1.2 Access policy   <\/td>\n<\/tr>\n<tr>\n<td><b>17<b><\/td>\n<td>5.1.3 Unambiguous identification of information system users  <br \/> 5.1.4 User roles  <br \/> 5.1.5 Secure audit records  <br \/> 5.2 Uses of audit data  <br \/> 5.2.1 Governance and supervision   <\/td>\n<\/tr>\n<tr>\n<td><b>18<b><\/td>\n<td>5.2.2 Subjects of care exercising their rights  <br \/> 5.2.3 Evidence and retention requirements  <br \/> 6 Trigger events  <br \/> 6.1 General   <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>6.2 Details of the event types and their contents  <br \/> 6.2.1 Access events to the personal health information  <br \/> 6.2.2 Query events to the personal health information  <br \/> 7 Audit record details  <br \/> 7.1 The general record format   <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>7.2 Trigger event identification  <br \/> 7.2.1 Event ID   <\/td>\n<\/tr>\n<tr>\n<td><b>22<b><\/td>\n<td>7.2.2 Event action code  <br \/> 7.2.3 Event date and time   <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>7.2.4 Event outcome indicator  <br \/> 7.2.5 Event type code  <br \/> 7.3 User identification  <br \/> 7.3.1 User ID   <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>7.3.2 Alternative user ID  <br \/> 7.3.3 User name  <br \/> 7.3.4 User is requestor  <br \/> 7.3.5 Role ID code   <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>7.3.6 Purpose of use   <\/td>\n<\/tr>\n<tr>\n<td><b>26<b><\/td>\n<td>7.4 Access point identification  <br \/> 7.4.1 Network access point type code   <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>7.4.2 Network access point ID  <br \/> 7.5 Audit source identification  <br \/> 7.5.1 Overview   <\/td>\n<\/tr>\n<tr>\n<td><b>28<b><\/td>\n<td>7.5.2 Audit enterprise site ID  <br \/> 7.5.3 Audit source ID  <br \/> 7.5.4 Audit source type code   <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>7.6 Participant object identification  <br \/> 7.6.1 Overview   <\/td>\n<\/tr>\n<tr>\n<td><b>30<b><\/td>\n<td>7.6.2 Participant object type code  <br \/> 7.6.3 Participant object type code role   <\/td>\n<\/tr>\n<tr>\n<td><b>31<b><\/td>\n<td>7.6.4 Participant object data life cycle and record entry lifecycle events   <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>7.6.5 Participant object ID type code   <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>7.6.6 Participant object Permission PolicySet  <br \/> 7.6.7 Participant object sensitivity   <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>7.6.8 Participant object ID  <br \/> 7.6.9 Participant object name  <br \/> 7.6.10 Participant object query  <br \/> 7.6.11 Participant object detail, Participant object description   <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>8 Audit records for individual events  <br \/> 8.1 Access events   <\/td>\n<\/tr>\n<tr>\n<td><b>37<b><\/td>\n<td>8.2 Query events   <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>9 Secure management of audit data  <br \/> 9.1 Security considerations  <br \/> 9.2 Securing the availability of the audit system   <\/td>\n<\/tr>\n<tr>\n<td><b>40<b><\/td>\n<td>9.3 Retention requirements  <br \/> 9.4 Securing the confidentiality and integrity of audit trails  <br \/> 9.5 Access to audit data   <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>Annex A (informative) Audit scenarios   <\/td>\n<\/tr>\n<tr>\n<td><b>47<b><\/td>\n<td>Annex B (informative) Audit log services   <\/td>\n<\/tr>\n<tr>\n<td><b>56<b><\/td>\n<td>Bibliography   <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Health informatics. Audit trails for electronic health records<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2021<\/td>\n<td>60<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":385249,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[704,2641],"product_tag":[],"class_list":{"0":"post-385243","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-80","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/385243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/385249"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=385243"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=385243"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=385243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}