Healthc Inform Res.
2010 Jun;16(2):89-99. 10.4258/hir.2010.16.2.89.
Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds
- Affiliations
-
- 1Department of Pediatrics, College of Medicine, Dankook University, Cheonan, Korea.
- 2Department of Medical Information, Dankook University Hospital, Cheonan, Korea. swseo@dkuh.co.kr
- 3Hyundai Information Technology, Seoul, Korea.
- 4Electronic and Telecommunications Research Institute, Daejeon, Korea.
- 5Department of Healthcare Management, Kwandong University, Gangneung, Korea.
- 6Department of Prevention Medicine, School of Medicine, The Catholic University of Korea, Seoul, Korea.
- KMID: 2166572
- DOI: http://doi.org/10.4258/hir.2010.16.2.89
Abstract
OBJECTIVES
The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals.
METHODS
The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system.
RESULTS
With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS.
CONCLUSIONS
The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.
Keyword
MeSH Terms
Figure
-
Figure 1 Check list sample.
Reference
-
1. Jung BJ. Present situation and problems of U-healthcare service (Ubiquitous Society Research Series 10) [Internet]. 2005. cited at 2010 May 4. Seoul: National Information Security Agency;Available from: http://old.nia.or.kr/open_content/board/boardView.jsp?id=28795&tn=CV_0000224.2. Kim HE, Kim JH. A survey on the attitude of social groups toward security, privacy, and confidentiality of health information: an original paper authors and affiliations. J Korean Soc Med Inform. 1999. 5:63–76.
Article3. Kim ON. Registration of medical information and effective data collecting of information for survey and personal information protection methods, registration of medical data and information control for survey. Proceedings of Korea Medical Record Association Annual Fall Conference. 2003. 2003 September 26-27; Gyeongju. Seoul: Korea Medical Record Association;32–35.4. International Organization for Standardization. ISO/IEC 17799: Information technology--security techniques--code of practice for information security management. 2005. Geneva: International Organization for Standardization.5. International Organization for Standardization. ISO/IEC 27001: Information technology--security techniques--information security management system--requirements, international standard. 2005. Geneva: International Organization for Standardization.6. Japanese Industrial Standards Committee. JIS Q 15001: Personal information protection management systems: requirements. 2006. Tokyo: Japanese Standards Association.7. Korea Internet & Security Agency. ISMS certification inspection standards. 2008. Seoul: Korea Internet & Security Agency.8. Center for Interoperable EHR. Report of development of information protection and security system. 2009. Seoul: Center for Interoperable EHR.9. Korea Health Industry Development Institute. Guidance for hospital evaluation program. 2007. Seoul: Korea Health Industry Development Institute.10. Lee EJ, Kim SY, Chae YM. Legislation direction for health information privacy in the telemedicine era. J Korean Soc Med Inform. 2009. 15:361–371.
Article
- Full Text Links
-
- Actions
-
Cited
- CITED
-
- Close
- Share
-
- Similar articles
-
- A Study on Facilitators and Inhibitors to the Introduction of Outsourcing in the Hospital Information Systems in Korea
- Integrated Information Systems for Strategic Management in Hospitals
- Determinant factors on the adoption of application service providers in hospital information systems
- Trends in Research on the Security of Medical Information in Korea: Focused on Information Privacy Security in Hospitals
- Multilevel Secure Recovery Management of Medical Databases in Hospital Information System
