Roxana Sharifian; Mohtaram Nematollahi; Hossein Monem; Fatemeh Ebrahimi
Volume 10, Issue 1 , May 2014, , Pages 35-46
Abstract
Introduction: One of the main characteristics of a hospital information system (HIS) is confidentiality.Studies have shown that the security requirements on electronic health records are not fully met in Iran.This study was conducted to determine the percentage of HIPAA (health insurance portability ...
Read More
Introduction: One of the main characteristics of a hospital information system (HIS) is confidentiality.Studies have shown that the security requirements on electronic health records are not fully met in Iran.This study was conducted to determine the percentage of HIPAA (health insurance portability andaccountability act) security safeguard application in university hospitals of Shiraz University of MedicalSciences in 2010.Methods: This was a cross-sectional descriptive study. The study population included university hospitalsof Shiraz University of Medical Sciences equipped with HIS. Data were collected by a checklist throughinterview with the IT authorities of the hospitals. The checklist was in accordance with HIPAA securitystandard rules. Tool validity was checked by the content validity method. Data were analyzed usingdescriptive statistics.Results: The risk management and data backup plan, two out of seven required administrative securitysafeguards (i.e. risk analysis, risk management, sanction policy, information system activity review, databackup plan, disaster recovery plan, and emergency mode operation plan), were fully applied in all thehospitals. Both of two required physical security safeguards, disposal and media reuse, were applied in themajority of the hospitals. Of the two required technical security safeguards, unique user identifications,and emergency access procedure were applied only in one of the hospitals.Conclusion: Operational planning must be implemented in order to increase the application of requiredadministrative security safeguards. Full application of the required physical security safeguards, which areclose to reach, and the required technical security safeguards could be the main steps in promotingsecurity of the HIS.