Health Information Management

Current Issue

By Issue

By Author

By Subject

Author Index

Keyword Index

About Journal

Aims and Scope

Editorial Board

Publication Ethics

Indexing and Abstracting

Related Links

FAQ

Peer Review Process

Journal Metrics

News

Archive policy and data storage

Author Guidelines

forms

Publication Fee

Reviewers Guide

Evaluation of Hospital Information Systems Security

Document Type : Original Article

Authors

1 Associate Professor, Health Information Management, Health Information Management Research Center AND Department of Health Information Management and Technology, School of Paramedicine, Kashan University of Medical Sciences, Kashan, Iran

2 Lecturer, Computer Engineering, Department of Computer Engineering and Information Technology, Payame Noor University, Tehran, Iran

3 Lecturer, Statistics and Epidemiology, Department of Statistics, School of Health, Kashan University of Medical Sciences, Kashan, Iran

4 MSc, Health Information Technology, Department of Health Information Management and Technology, School of Paramedicine, Kashan University of Medical Sciences, Kashan, Iran

Abstract

Introduction: System security includes a set of security protections related to software, hardware, personnel and enterprise policies that protect Information Systems (IS) against internal and external threats. The present study aimed to define a comprehensive security model and then, assess hospital information systems (HIS) security in three areas of administrative, physical and technical safeguards.Methods: This was a qualitative-descriptive study. The study population included 4 public educational hospitals from different regions of the country, each with a different HIS. The data collection tool was a checklist of 134 questions. In order to design a checklist, first, the security criteria were identified from the security standards. Then, HIS security requirements were determined in three areas of administrative, physical and technical safeguards through modified Delphi method. The answers to the questions of the checklist were defined as Yes “1” or No “0”. HIS security level was identified in a five-level scale ranging from very low (0%) to very high (100%). Data were analyzed by descriptive statistics such as frequency and percentage.Results: Administrative safeguards of HIS in studied hospitals with 31.8 % and physical safeguards with 25% had a low level of security. Moreover, technical safeguards of HIS in hospitals were observed to be a medium level of security with 42.6%.Conclusion: The findings of this study expose HIS security weaknesses thus providing a good basis for managers of health information management and information technology departments in hospitals to implement appropriate corrective actions in policy formulation, user training, access control and risk management, and other dimensions of managerial and physical standards.

Keywords

References
  1. Jo H, Kim S, Won D. Advanced information security management evaluation system. KSII T Internet Info 2011; 5(6): 1192-213.
  2. Cucoranu IC, Parwani AV, West AJ, Romero-Lauro G, Nauman K, Carter AB, et al. Privacy and security of patient data in the pathology laboratory. J Pathol Inform 2013; 4: 4.
  3. Barham C. Confidentiality and security of information. Anaesth Crit Care Med 2014; 15(1): 46-8.
  4. Samy GN, Ahmad R, Ismail Z. Threats to health information security. Proceedings of the 50th International Conference on Information Assurance and Security; 2009 Aug. 18-20; Xi'An China, China.
  5. Fernando JI, Dawson LL. The health information system security threat lifecycle: An informatics theory. Int J Med Inform 2009; 78(12): 815-26.
  6. Appari A, Eric Johnson M. Information security and privacy in healthcare: Current state of research. International Journal Internet and Enterprise Management 2010; 6(4): 279-314.
  7. Fernandez-Aleman JL, Sanchez-Henarejos A, Toval A, Sanchez-Garcia AB, Hernandez-Hernandez I, Fernandez-Luque L. Analysis of health professional security behaviors in a real clinical setting: An empirical study. Int J Med Inform 2015; 84(6): 454-67.
  8. El Emam K, Moreau K, Jonker E. How strong are passwords used to protect personal health information in clinical trials? J Med Internet Res 2011; 13(1): e18.
  9. Sharifian R, Nematollahi M, Monem H, Ebrahimi F. Evaluating the security safeguards in hospital information system according to the health insurance portability and accountability act of university hospitals in shiraz university of medical sciences. Health Inf Manage 2013; 10(1): 1-12. [In Persian].
  10. Susanto H, Almunawar MN, Tuan YC. Information security management system standards: A comparative study of the big five. International Journal of Electrical & Computer Sciences 2011; 12(1).
  11. Park WS, Seo SW, Son SS, Lee MJ, Kim SH, Choi EM, et al. Analysis of information security management systems at 5 domestic hospitals with more than 500 beds. Healthc Inform Res 2010; 16(2): 89-99.
  12. Karasz HN, Eiden A, Bogan S. Text messaging to communicate with public health audiences: How the HIPAA Security Rule affects practice. Am J Public Health 2013; 103(4): 617-22.
  13. Farzandipour M, Sadoughi F, Ahmadi M, Karimi I. Security requirements and solutions in electronic health records: Lessons learned from a comparative study. J Med Syst 2010; 34(4): 629-42.
  14. Fernandez-Aleman JL, Senor IC, Lozoya PA, Toval A. Security and privacy in electronic health records: A systematic literature review. J Biomed Inform 2013; 46(3): 541-62.
  15. Tracy SJ. Qualitative research methods: Collecting evidence, crafting analysis, communicating impact. New York, NY: John Wiley & Sons; 2012.
  16. Kushniruk AW, Bates DW, Bainbridge M, Househ MS, Borycki EM. National efforts to improve health information system safety in Canada, the United States of America and England. Int J Med Inform 2013; 82(5): e149-e160.
  17. York TW, MacAlister D. Physical security safeguards. In: York TW, MacAlister D, Editors. Hospital and healthcare security. Philadelphia, PA: Elsevier Science; 2015.
  18. Kruger HA, Steyn T, Drevin L, Medlin BD. How secure are passwords that will be used by future health care workers? In redefining an agenda for Information Security. Proceedings of the 7th Annual Conference Security; 2008 June 2-3; Las Vegas, NV.
  19. Cruz-Correia R, Boldt I, Lapao L, Santos-Pereira C, Rodrigues PP, Ferreira AM, et al. Analysis of the quality of hospital information systems Audit Trails. BMC Med Inform Decis Mak 2013; 13: 84.
  20. Mahmood AK. Information security management of healthcare system [MSc Thesis]. Karlskrona, Sweden: Blekinge Institute of Technology; 2010.
Health Information Management
Volume 14, Issue 5 - Serial Number 5
October 2017
Pages 187-193
Files
Share
How to cite
Statistics