مدیریت اطلاعات سلامت (Dec 2017)
Evaluation of Hospital Information Systems Security
Abstract
Introduction: System security includes a set of security protections related to software, hardware, personnel and enterprise policies that protect Information Systems (IS) against internal and external threats. The present study aimed to define a comprehensive security model and then, assess hospital information systems (HIS) security in three areas of administrative, physical and technical safeguards. Methods: This was a qualitative-descriptive study. The study population included 4 public educational hospitals from different regions of the country, each with a different HIS. The data collection tool was a checklist of 134 questions. In order to design a checklist, first, the security criteria were identified from the security standards. Then, HIS security requirements were determined in three areas of administrative, physical and technical safeguards through modified Delphi method. The answers to the questions of the checklist were defined as Yes “1” or No “0”. HIS security level was identified in a five-level scale ranging from very low (0%) to very high (100%). Data were analyzed by descriptive statistics such as frequency and percentage. Results: Administrative safeguards of HIS in studied hospitals with 31.8 % and physical safeguards with 25% had a low level of security. Moreover, technical safeguards of HIS in hospitals were observed to be a medium level of security with 42.6%. Conclusion: The findings of this study expose HIS security weaknesses thus providing a good basis for managers of health information management and information technology departments in hospitals to implement appropriate corrective actions in policy formulation, user training, access control and risk management, and other dimensions of managerial and physical standards.