Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

Woo-Sung Park; Sun-Won Seo; Seung-Sik Son; Mee-Jeong Lee; Shin-Hyo Kim; Eun-Mi Choi; Ji-Eon Bang; Yea-Eun Kim; Ok-Nam Kim

doi:10.4258/hir.2010.16.2.89

Healthcare Informatics Research (Jun 2010)

Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds

Woo-Sung Park,
Sun-Won Seo,
Seung-Sik Son,
Mee-Jeong Lee,
Shin-Hyo Kim,
Eun-Mi Choi,
Ji-Eon Bang,
Yea-Eun Kim,
Ok-Nam Kim

Affiliations

Woo-Sung Park: Department of Pediatrics, College of Medicine, Dankook University, Cheonan, Korea.
Sun-Won Seo: Department of Medical Information, Dankook University Hospital, Cheonan, Korea.
Seung-Sik Son: Hyundai Information Technology, Seoul, Korea.
Mee-Jeong Lee: Department of Pediatrics, College of Medicine, Dankook University, Cheonan, Korea.
Shin-Hyo Kim: Electronic and Telecommunications Research Institute, Daejeon, Korea.
Eun-Mi Choi: Department of Healthcare Management, Kwandong University, Gangneung, Korea.
Ji-Eon Bang: Department of Medical Information, Dankook University Hospital, Cheonan, Korea.
Yea-Eun Kim: Department of Medical Information, Dankook University Hospital, Cheonan, Korea.
Ok-Nam Kim: Department of Prevention Medicine, School of Medicine, The Catholic University of Korea, Seoul, Korea.

DOI: https://doi.org/10.4258/hir.2010.16.2.89
Journal volume & issue: Vol. 16, no. 2
pp. 89 – 99

Abstract

Read online

ObjectivesThe information security management systems (ISMS) of 5 hospitals with more than 500 beds were evaluated with regards to the level of information security, management, and physical and technical aspects so that we might make recommendations on information security and security countermeasures which meet both international standards and the needs of individual hospitals.MethodsThe ISMS check-list derived from international/domestic standards was distributed to each hospital to complete and the staff of each hospital was interviewed. Information Security Indicator and Information Security Values were used to estimate the present security levels and evaluate the application of each hospital's current system.ResultsWith regard to the moderate clause of the ISMS, the hospitals were determined to be in compliance. The most vulnerable clause was asset management, in particular, information asset classification guidelines. The clauses of information security incident management and business continuity management were deemed necessary for the establishment of successful ISMS.ConclusionsThe level of current ISMS in the hospitals evaluated was determined to be insufficient. Establishment of adequate ISMS is necessary to ensure patient privacy and the safe use of medical records for various purposes. Implementation of ISMS which meet international standards with a long-term and comprehensive perspective is of prime importance. To reflect the requirements of the varied interests of medical staff, consumers, and institutions, the establishment of political support is essential to create suitable hospital ISMS.

Published in Healthcare Informatics Research

ISSN: 2093-3681 (Print); 2093-369X (Online)
Publisher: The Korean Society of Medical Informatics
Country of publisher: Korea, Republic of
LCC subjects: Medicine: Medicine (General): Computer applications to medicine. Medical informatics
Website: http://www.e-hir.org

About the journal

Abstract

Keywords