Information security is paramount in the health care industry. Not only is sensitive personal health data being processed and stored, health care providers also depend on the availability of computer systems, networks and medical devices for the safety of their patients.
While ISO 27001 provides a great framework for managing information security, a lot depends on the organization’s risk management skills.
Health care specific standards
In the last decade, several countries have developed localized standards based on ISO 27001. These baselines make sure certain information security measures (or controls) are always implemented in the same way, thus eliminating the element of chance.
Examples of such standards include:
- ISO 27799 (implementation guidelines for 35 annex A controls of ISO 27001)
- NEN 7510 (a Dutch translation of ISO 27799)
- MedMij (a Dutch standard for the exchange of medical records)
- HDS 1.1 (a French standard developed by ASIP Santé)
- ISO 13485 (defines a quality management system for medical devices)
- HIPAA (title II establishes policies and procedures for maintaining the privacy and the security and is relevant for health care providers in the US)
The implementation of these standards is shifting form voluntary to mandatory for health care providers, which in turn demand compliance from their service providers.
This makes the health care industry one of the fastest growing in terms of information security.
Advantages of ISO 27001 certification
If you are a provider of such services, achieving external certification will provide certainty to your clients that information security is on top of mind in all processes of the organization. Not only in the design and development of services and products, but also the hiring and screening of employees that perform these services.
In the last decade, ISO 27001 has developed itself into a globally recognized baseline for information security. Compliance is often requested during (government) tenders and procurement. Advertising your organization has achieved ISO 27001 certification has also proven to be a commercial advantage.
Advantages of Instant 27001
Implementing ISO 27001, or any of the above mentioned standards, can seem a daunting task at first. The ISO documentation is designed to be very generic, therefore it is tempting to resort to commercially available template sets. Most of these kits are composed using years of experience, combining best practices in all markets. Again, generic instead of specific.
Instant 27001 is developed as a lean and mean approach towards ISO 27001. The supplied sample content is written with IT service providers in mind, so it requires very little imagination to make the necessary modifications.
Some notable clients in the health care industry include: