If HIPAA is not enough for you IT security guys in healthcare out there, now we’ve got a new one for you to comply with: ISO 27799:2008. HIPAA (Health Insurance Portability and Accountability Act) was designed to lay out a set of standards for securing private healthcare information, and governs how networking, data storage and email should be used when patient data is being transmitted, accessed or stored. By now, most everyone in the healthcare industry should be HIPAA-compliant, and the result has been positive–fewer breaches, more secure data, and–when you go to the doctor, an extra piece of paper to sign off on.
The ISO standard goes a lot further than HIPAA in establishing a standard, and according to the ISO, it “applies to health information in all its aspects–whatever form the information takes, whatever means are used to store it and whatever means are used to transmit it.” The standard offers more detailed controls than does HIPAA and a set of best practice guidelines, and those who are required by law to comply with HIPAA may do well by looking at the ISO standard as well.
The standard also specifically addresses use of the Internet and wireless technologies as they are used to share personal medical information.