Extra Horizon Logo Colour Transparant

How to become a HIPAA compliant digital health solution


ISO 27001 provides a best-practice framework for how an organisation should manage the security of their information and data. This includes all processes and policies relevant to the control and use of data. Certification to ISO 27001 affirms that your Information Security Management System (ISMS) follows all internationally acknowledged best practices to manage risks and preserve the Confidentiality, Integrity and Availability (CIA) of information.

A systematic and holistic approach to risk management

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the recognised system for worldwide standardisation.


'ISO/IEC 27001:2013 certified for managing information security risks' is the central standard in the ISMS family (ISO/IEC 27000), and a standard to which organisations can be audited and certified.


ISO 27001 is technology-neutral, so does not mandate specific tools or solutions. Instead it acts as a checklist for a systematic and holistic approach to risk management, addressing the three key areas for information security: people, processes, and technology.

Managing information security risks

For certification, all areas of security management are audited to ensure the organisation's processes are in line with best practice. This includes:


Information security organisation, policies, and responsibilities – Covering the management framework to ensure information security within the organisation; how policies should be written in the ISMS; and guidance on ensuring all employees and contractors are aware of and fulfil their responsibilities regarding information security

Asset management - covering the processes for managing, protecting and securing data assets, as well as methods to ensure data integrity

Access control - so that authorised persons can get access to information whenever it is needed, whilst ensuring that information cannot be accessed by unauthorised persons

Encryption – methods and levels of encryption to ensure the data is unusable even if security is breached

Physical and environmental security - to prevent unauthorised access and loss, damage or theft of information

Operations and communications security - to ensure secure collection and storage of data, and the protection of information in networks and the supporting information processing facilities

Information systems security - to ensure security of information systems across their entire lifecycle

Supplier relationships - to ensure security is part of all supplier service agreements so that any data accessible to or affected by suppliers is protected

Incident management and business continuity management - ensuring appropriate measures are in place to respond to security issues and deal with business disruptions or major changes

Compliance - to ensure the organisation is in compliance with all applicable legal, statutory, regulatory, and contractual obligations related to information security

ISO 27701: Integrating privacy with security controls

Extra Horizon ISO 27701 Certified Regulatory Risk Management

ISO 27701 is the most recent addition to the ISO 27000 series, and covers requirements for implementation of a Privacy Implementation Management System (PIMS).


The standard sets out guidance on the appropriate technical and organisational measures to meet the requirements of the General Data Protection Regulation (GDPR) for protection of personal data.


In the context of digital healthcare, ISO 27701 has particular relevance regarding medical device quality management systems.

Extra Horizon: the foundation for your regulatory compliance

Extra Horizon is certified to ISO 27001 and ISO 27701, as well as many further relevant international standards. In this capacity, the Extra Horizon platform provides the ideal regulatory foundation for faster development and reliable deployment of digital health applications.


Extra Horizon cloud infrastructure uses medical software and services to capture, transmit and analyse data from connected medical devices and apps, all in compliance with security, privacy and regulatory requirements.


Furthermore, to help our customers with compliance and reporting, we share information, best practices, and provide easy access to documentation. This takes most of the burden of MDR/IVDR, GDPR and HIPAA compliance off your shoulders.


To discuss your project, or for further details about the Extra Horizon platform, contact us today.


RECENT POSTS

Encryption: the Key to Success to Navigate the Complexities of Data Security in Healthcare
By Extra Horizon 21 Nov, 2023
In the intricate landscape of healthcare and medtech, where patient data is sacred and regulatory compliance is paramount, the journey through data security becomes even more challenging. In this blog, we will delve deeper into the importance of encryption, unraveling the intricacies of data security specific to the healthcare and medtech environments.
By Koen Schoofs 08 Sep, 2023
In the rapidly evolving digital health landscape, medical device companies are increasingly turning to public cloud infrastructures to power their operations. While the cloud offers tremendous scalability and cost-efficiency, it also introduces unique challenges when it comes to regulatory compliance. In this blog post, we will explore what challenges digital health medical device companies face and how Extra Horizon provides a comprehensive solution for its clients.
Show all ->

FREE EBOOKS

Building and releasing medical device software is hard, very hard. Here at Extra Horizon we have had
By Free ebook 11 Oct, 2022
Get a thorough yet simple guide to IEC 62304 in Extra Horizon's ebook. Unlock insights into software development for medical devices.
ISO 13485 Ebook Medical Device Development
By Free ebook 27 Apr, 2022
Learn the thirteen essential boxes to tick on the path to ISO 13485:2016 certification. Gain insights and guidance in Extra Horizon's ebook. Download now!

GOT QUESTIONS?

Get in touch, we're eager to answer your questions

Share by: