20/30376066 DC - BS EN ISO 27789. Health informatics. Audit trails for electronic health records

20/30376066 DC

BS EN ISO 27789. Health informatics. Audit trails for electronic health records

Status : Draft for public comment, Current   Published : April 2020



This document specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.

It is applicable to systems processing personal health information which, complying with ISO 27799, create a secure audit record each time a user accesses, creates, updates, or archives personal health information via the system.


Such audit records at minimum uniquely identify the user, uniquely identify the subject of care, identify the function performed by the user (record creation, access, update, etc.), and record the date and time at which the function was performed.

This document covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.

It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408[9].

Annex A gives examples of audit scenarios. Annex B gives an overview of audit log services.

Standard Number20/30376066 DC
TitleBS EN ISO 27789. Health informatics. Audit trails for electronic health records
StatusDraft for public comment, Current
Publication Date22 April 2020
Normative References(Required to achieve compliance to this standard)ISO 27799:2016
Informative References(Provided for Information)ISO/IEC 15408-2:2008, ISO/TS 14265:2011, ISO 22600, ISO/IEC 8824-2, ISO/TS 21547:2010, IETF RFC 3881:2004, ASTM E2147-01, ISO/IEC 8824-1, ISO 21298:2017, ISO 15489-1:2001, ISO 12052:2017
International RelationshipsISO/DIS 27789
Draft Expiry Date10 June 2020
DescriptorsData handling, Data processing, Data layout, Information exchange, Data recording, Data syntax, Information handling, Data transmission methods, Data transmission, Health services, Personal health, Data representation, Data transfer, Records (documents), Data storage
Title in FrenchInformatique de santé — Historique d'expertise des dossiers de santé informatisés
File Size1.115 MB
NotesWarning: this draft is not current beyond its expiry date for comments.

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world


The faster, easier way to work with standards