New ISO standard for the healthcare industry

If HIPAA is not enough for you IT security guys in healthcare out there, now we’ve got a new one for you to comply with: ISO 27799:2008. HIPAA (Health Insurance Portability and Accountability Act) was designed to lay out a set of standards for securing private healthcare information, and governs how networking, data storage and email should be used when patient data is being transmitted, accessed or stored. By now, most everyone in the healthcare industry should be HIPAA-compliant, and the result has been positive–fewer breaches, more secure data, and–when you go to the doctor, an extra piece of paper to sign off on.

The ISO standard goes a lot further than HIPAA in establishing a standard, and according to the ISO, it “applies to health information in all its aspects–whatever form the information takes, whatever means are used to store it and whatever means are used to transmit it.” The standard offers more detailed controls than does HIPAA and a set of best practice guidelines, and those who are required by law to comply with HIPAA may do well by looking at the ISO standard as well.

The standard also specifically addresses use of the Internet and wireless technologies as they are used to share personal medical information.

Written by Dan Blacharski

The corporate world unceremoniously booted Dan Blacharski out of his cubicle over 15 years ago, and he’s never looked back. Since that time, he has been a full-time professional freelance writer, public relations consultant and analyst, and has published six books and thousands of articles. He divides his time between South Bend, Indiana and Bangkok, and married the renowned Thai writer Charoenkwan Prakthong in 2005. He and his wife enjoy traveling the world, and spending time with their Boston Terrier, Pladook.

Leave A Reply