NA 063

DIN Standards Committee Medicine

Standards [CURRENT]

DIN EN ISO 27789
Health informatics - Audit trails for electronic health records (ISO 27789:2013); German version EN ISO 27789:2013

Title (German)

Medizinische Informatik - Audit-Trails für elektronische Gesundheitsakten (ISO 27789:2013); Deutsche Fassung EN ISO 27789:2013

Overview

Electronic health records on treated persons may reside in many different information systems within and across organizational or even jurisdictional boundaries. To keep track of all actions that involve records on a particular subject of care, a common framework is a prerequisite. For audit trails for electronic health records which have been divided between different systems a common framework is required to keep the complete set of personal health information auditable. This document specifies this common framework in terms of audit trigger events and audit data. In accordance with ISO 27799 information systems containing personal health information shall create a secure audit record each time a user accesses, creates, updates or archives personal health information via the system. Such audit records, at a minimum, uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, access, update, etcetera), and record the date and time at which the function was performed. The scope covers only actions performed on the electronic health records. These actions are governed by the access policy for the domain where the electronic health record resides. Audit trails can help to find out if the access policy is met. Apart from identifiers audit trails specified in this standard contain no personal health information. The audit record only contains links to electronic health record segments as defined by the governing access policy. The scope of this document does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data. These aspects are already dealt with in general computer security standards such as ISO/IEC 15408. This standard contains examples for services for safe audit logs. The committee responsible for this standard is NA 063-07-04 AA "Sicherheit" ("Safety") at DIN.

Document: references other documents

Document: referenced in other documents

Responsible national committee

NA 063-07-04 AA - Security 

Responsible european committee

CEN/TC 251/WG 1 - Enterprise and Information 

Edition 2013-06
Original language German
Translation English
Price from 128.00 €
Table of contents

Contact

Dipl.-Ing.

Bernd Bösler

Saatwinkler Damm 42/43
13627 Berlin

Tel.: +49 30 2601-2488
Fax: +49 30 2601-42488

Send message to contact