ISO 27799:2008

Health informatics -- Information security management in health using ISO/IEC 27002

ISO 27799:2008 defines guidelines to support the interpretation and implementation in health informatics of ISO/IEC 27002 and is a companion to that standard.

ISO 27799:2008 specifies a set of detailed controls for managing health information security and provides health information security best practice guidelines. By implementing this International Standard, healthcare organizations and other custodians of health information will be able to ensure a minimum requisite level of security that is appropriate to their organization's circumstances and that will maintain the confidentiality, integrity and availability of personal health information.

ISO 27799:2008 applies to health information in all its aspects; whatever form the information takes (words and numbers, sound recordings, drawings, video and medical images), whatever means are used to store it (printing or writing on paper or electronic storage) and whatever means are used to transmit it (by hand, via fax, over computer networks or by post), as the information must always be appropriately protected.


General information

  • Current status : Withdrawn
    Publication date : 2008-07
  • Edition : 1
    Number of pages :
  • :
    ISO/TC 215
    Health informatics
  • 35.240.80
    IT applications in health care technology

Got a question?

Check out our FAQs


Customer care
+41 22 749 08 88

Opening hours: 09:00-12:00, 14:00-17:00 (UTC+1)

You may be interested in:

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information