The international standard ISO 27799 is part of the ISO 27000 series of standards. In 2008 it was published by Technical Committee ISO/TC 215 established by the International Organization for Standardization (ISO). Its official title is "Health informatics — Information security management in health using ISO/IEC 27002".

ISO 27799 is to be regarded as an industry-specific ISO 27001 supplement, covering specific security requirements in the health sector. Accordingly, organisations can only be certified against ISO 27001. The implementation guide for both standards is ISO 27002. With ISO 27799, health care providers have gained the opportunity to establish a required minimum of information security in order to ensure the confidentiality, availability, and integrity of personal, health-related data.

By their nature, health care providers operate in an environment where visitors and the public in general cannot be excluded. Especially in large institutions, the vast number of people moving through operational areas represents a high security risk: physical damage to systems is considerably more likely than in other industries.

In addition to the specific threats, the increased protection requirements of medical records need to be taken into account as these documents contain sensitive, personal data whose confidentiality must be ensured. Furthermore, data integrity and availability are essential for the patients' safety, as they are often crucial for timely and appropriate treatment.