NEN-EN-ISO 27789:2011 Ontw. en

Medische informatica - Volgen van toegang tot elektronische zorgdossiers

  • Deze norm is ingetrokken sinds 15-11-2011


Over deze norm

Status Ingetrokken
Aantal pagina's 44
Commissie Informatievoorziening in de zorg
Gepubliceerd op 01-01-2011
Taal Engels
Electronic health records for subjects of care may reside in many different information systems within and across organisational or jurisdictional boundaries. To keep track of all actions that involve records on a particular subject of care, a common framework is a prerequisite. Audit trails for electronic health records that are distributed across different systems need a common framework to keep the complete set of personal health information auditable. This document specifies this common framework in terms of audit trigger events and audit data. ISO 27799 requires information systems containing personal health information to create a secure audit record each time a user accesses, creates, updates, or archives personal health information via the system. This audit record will at minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, access, update, etc.), and record the date and time at which the function was performed. The scope of this standard is restricted to actions performed on electronic health records. These actions are governed by the access policy for the domain where the electronic health record resides. Audit trails for electronic health records can help ascertain compliance with the access policy. The audit trails specified by this standard will not contain any personal health information from the electronic health record, other than identifiers. The audit record will only contain links to EHR segments as defined by the governing access policy. Specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaws, or support for a reconstruction of data, are outside the scope of this document.These are already covered by general computer security standards such as ISO/IEC 15408.


ICS-code 35.240.80
Nederlandse titel Medische informatica - Volgen van toegang tot elektronische zorgdossiers
Engelse titel Health informatics - Audit trails for electronic health records
Vervangen door



Ga naar winkelwagen