Information security risk management for computerized health information systems in hospitals: a case study of Iran

Information security risk management for computerized health information systems in hospitals: a case study of Iran

Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of...

Full description

Bibliographic Details
Main Authors: Zarei J, Sadoughi F
Format: Article
Language:English
Published: Dove Medical Press 2016-05-01
Series:Risk Management and Healthcare Policy
Subjects:
Information security
Risk management
Health Information systems
Hospital
Online Access:https://www.dovepress.com/information-security-risk-management-for-computerized-health-informati-peer-reviewed-article-RMHP
Description
Summary:Javad Zarei,1 Farahnaz Sadoughi2 1Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran, 2Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran Background: In recent years, hospitals in Iran – similar to those in other countries – have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.Materials and methods: This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts’ opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.Results: Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.Conclusion: Information security risk management is not followed by Iran’s hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran’s Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran. Keywords: information security, risk management, health information systems, hospital
ISSN:1179-1594

Similar Items