|
KMID : 0603720100160020089
|
|
Journal of Korean Society of Medical Informatics
2010 Volume.16 No. 2 p.89 ~ p.99
|
|
|
Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds
|
|
Park Woo-Sung
Seo Sun-Won
Son Seung-Sik
Lee Mee-Jeong
Kim Shin-Hyo
Choi Eun-Mi
Bang Ji-Eon
Kim Yea-Eun
Kim Ok-Nam
|
|
|
Abstract
|
|
|
Objectives: The information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals.
Methods: The ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital¡¯s current sys-tem.
Results: With regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of success-ful ISMS.
Conclusions: The level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implemen-tation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.
|
|
|
KEYWORD
|
|
|
Information Security Management System, Information Security, Personal Health Information Protection, Secu-rity Requirements
|
|
|
FullTexts / Linksout information
|
|
|
|
|
Listed journal information
|
|
  
|