ANSI - American National Standards Institute
 Print this article  Previous Next 

New ISO Standard Focuses on Health Information Security Management

New York, Sep 03, 2008

A newly published standard from the International Organization for Standardization (ISO) helps to safeguard the confidentiality of personal health information by providing guidelines for the management of health information security. ISO 27799:2008, Health informatics – Information security management in health using ISO/IEC 27002, is applicable to many different types of records and ways of storing and transmitting information, offering a set of detailed controls for healthcare organizations of all sizes.

The Healthcare Information Technology Standards Panel (HITSP) is currently running a series of free educational webinars that aim to build awareness of the work that is currently underway to support the exchange of healthcare information in the United States.

Three more webinars remain in the series. The next session, Electronic Health Record (EHR) and Emergency Response, will take place on Thursday, September 4, from 2:00 p.m. to 3:30 p.m. For more information, visit

Operating under contract to the U.S. Department of Health and Human Services (HHS), HITSP is administered by ANSI in cooperation with strategic partners including HIMSS, the Advanced Technology Institute (ATI) and Booz Allen Hamilton.

This new standard builds upon the principles set forth in ISO/IEC 27002:2005, Information technology – Security techniques – Code of practice for information security management. Developed jointly by ISO and the International Electrotechnical Commission (IEC), ISO/IEC 27002:2005 provides guidelines for organizations from any industry sector to initiate, implement, maintain, and improve information security management practices.

The development of ISO 27799:2008 was guided by healthcare professionals who contributed their expertise on the specific application of ISO/IEC 27002:2005 guidelines to health information management.

ISO Technical Committee (TC) 215, Health informatics, led the development of ISO 27799:2008. Since the committee’s formation in 1998, TC 215 has published 48 International Standards that help to achieve compatibility and interoperability between independent information and communication technology (ICT) systems. The U.S. has held the secretariat of this committee since its inception, and the Healthcare Information and Management Systems Society (HIMSS) has performed the secretariat duties since 2003. In addition, HIMSS serves as the Administrator of the American National Standards Institute (ANSI)-accredited U.S. Technical Advisory Group (TAG) to TC 215.

For more information on ISO 27799:2008, see the ISO news release.

ANSI Nanotechnology Standards Panel