管理电子健康记录中护理数据的安全性。
Managing the security of nursing data in the electronic health record.
作者信息
Samadbeik Mahnaz, Gorzin Zahra, Khoshkam Masomeh, Roudbari Masoud
机构信息
Department of Health Information Technology, School of Allied Health professions, Lorestan University of Medical Sciences, Khoramabad, Iran.
Department of Health Information Technology, School of Health Management and Information Sciences, Tehran University of Medical Sciences, Tehran, Iran.
出版信息
Acta Inform Med. 2015 Feb;23(1):39-43. doi: 10.5455/aim.2015.23.39-43. Epub 2015 Feb 22.
BACKGROUND
The Electronic Health Record (EHR) is a patient care information resource for clinicians and nursing documentation is an essential part of comprehensive patient care. Ensuring privacy and the security of health information is a key component to building the trust required to realize the potential benefits of electronic health information exchange. This study was aimed to manage nursing data security in the EHR and also discover the viewpoints of hospital information system vendors (computer companies) and hospital information technology specialists about nursing data security.
METHODS
This research is a cross sectional analytic-descriptive study. The study populations were IT experts at the academic hospitals and computer companies of Tehran city in Iran. Data was collected by a self-developed questionnaire whose validity and reliability were confirmed using the experts' opinions and Cronbach's alpha coefficient respectively. Data was analyzed through Spss Version 18 and by descriptive and analytic statistics.
RESULTS
The findings of the study revealed that user name and password were the most important methods to authenticate the nurses, with mean percent of 95% and 80%, respectively, and also the most significant level of information security protection were assigned to administrative and logical controls. There was no significant difference between opinions of both groups studied about the levels of information security protection and security requirements (p>0.05). Moreover the access to servers by authorized people, periodic security update, and the application of authentication and authorization were defined as the most basic security requirements from the viewpoint of more than 88 percent of recently-mentioned participants.
CONCLUSIONS
Computer companies as system designers and hospitals information technology specialists as systems users and stakeholders present many important views about security requirements for EHR systems and nursing electronic documentation systems. Prioritizing of these requirements helps policy makers to decide what to do when planning for EHR implementation. Therefore, to make appropriate security decisions and to achieve the expected level of protection of the electronic nursing information, it is suggested to consider the priorities of both groups of experts about security principles and also discuss the issues seem to be different between two groups of participants in the research.
背景
电子健康记录(EHR)是临床医生的患者护理信息资源,而护理文档是全面患者护理的重要组成部分。确保健康信息的隐私和安全是建立信任的关键要素,以实现电子健康信息交换的潜在益处。本研究旨在管理电子健康记录中的护理数据安全,并了解医院信息系统供应商(计算机公司)和医院信息技术专家对护理数据安全的看法。
方法
本研究为横断面分析描述性研究。研究对象为伊朗德黑兰市学术医院和计算机公司的信息技术专家。通过自行编制的问卷收集数据,该问卷的有效性和可靠性分别通过专家意见和克朗巴赫α系数得到确认。数据通过Spss 18版进行分析,并采用描述性和分析性统计方法。
结果
研究结果显示,用户名和密码是护士身份验证的最重要方法,平均百分比分别为95%和80%,并且信息安全保护的最高级别被分配给管理和逻辑控制。两组研究对象在信息安全保护级别和安全要求方面的意见没有显著差异(p>0.05)。此外,从超过88%的上述参与者的角度来看,授权人员访问服务器、定期安全更新以及应用身份验证和授权被定义为最基本的安全要求。
结论
作为系统设计者的计算机公司和作为系统用户及利益相关者的医院信息技术专家对电子健康记录系统和护理电子文档系统的安全要求提出了许多重要观点。对这些要求进行优先级排序有助于政策制定者在规划电子健康记录实施时决定采取何种措施。因此,为了做出适当的安全决策并达到电子护理信息的预期保护水平,建议考虑两组专家在安全原则方面的优先级,并讨论研究中两组参与者之间似乎存在差异的问题。
Zotero 插件