医院中的健康信息安全：安全保障措施的应用

Health Information Security in Hospitals: the Application of Security Safeguards.

作者信息

Mehraeen Esmaeil, Ayatollahi Haleh, Ahmadi Maryam

机构信息

Department of Health Information Management, School of Paramedicine, Tehran University of Medical Sciences, Tehran, Iran.

School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran.

出版信息

Acta Inform Med. 2016 Feb;24(1):47-50. doi: 10.5455/aim.2016.24.47-50. Epub 2016 Feb 2.

DOI:10.5455/aim.2016.24.47-50

PMID:27046944

原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC4789743/

Abstract

INTRODUCTION

A hospital information system has potentials to improve the accessibility of clinical information and the quality of health care. However, the use of this system has resulted in new challenges, such as concerns over health information security. This paper aims to assess the status of information security in terms of administrative, technical and physical safeguards in the university hospitals.

METHODS

This was a survey study in which the participants were information technology (IT) managers (n=36) who worked in the hospitals affiliated to the top ranked medical universities (university A and university B). Data were collected using a questionnaire. The content validity of the questionnaire was examined by the experts and the reliability of the questionnaire was determined using Cronbach's coefficient alpha (α=0.75).

RESULTS

The results showed that the administrative safeguards were arranged at a medium level. In terms of the technical safeguards and the physical safeguards, the IT managers rated them at a strong level.

CONCLUSION

According to the results, among three types of security safeguards, the administrative safeguards were assessed at the medium level. To improve it, developing security policies, implementing access control models and training users are recommended.

摘要

引言

医院信息系统有潜力提高临床信息的可及性和医疗保健质量。然而，该系统的使用带来了新的挑战，如对健康信息安全的担忧。本文旨在从大学医院的行政、技术和物理保障措施方面评估信息安全状况。

方法

这是一项调查研究，参与者为在排名靠前的医科大学（A大学和B大学）附属医院工作的信息技术（IT）经理（n = 36）。通过问卷调查收集数据。问卷的内容效度由专家进行检验，问卷的信度使用克朗巴哈系数α确定（α = 0.75）。

结果

结果显示行政保障措施处于中等水平。在技术保障措施和物理保障措施方面，IT经理将其评为较强水平。

结论

根据结果，在三种安全保障措施中，行政保障措施评估为中等水平。为改善这一情况，建议制定安全政策、实施访问控制模型并培训用户。

相似文献

Health Information Security in Hospitals: the Application of Security Safeguards.医院中的健康信息安全：安全保障措施的应用

Acta Inform Med. 2016 Feb;24(1):47-50. doi: 10.5455/aim.2016.24.47-50. Epub 2016 Feb 2.

Information Security Risk Assessment in Hospitals.医院中的信息安全风险评估

Open Med Inform J. 2017 Sep 14;11:37-43. doi: 10.2174/1874431101711010037. eCollection 2017.

Managing the security of nursing data in the electronic health record.管理电子健康记录中护理数据的安全性。

Acta Inform Med. 2015 Feb;23(1):39-43. doi: 10.5455/aim.2015.23.39-43. Epub 2015 Feb 22.

Validation of Medical Tourism Service Quality Questionnaire (MTSQQ) for Iranian Hospitals.伊朗医院医疗旅游服务质量问卷（MTSQQ）的验证

Electron Physician. 2017 Mar 25;9(3):3905-3911. doi: 10.19082/3905. eCollection 2017 Mar.

Security of electronic medical information and patient privacy: what you need to know.电子医疗信息和患者隐私的安全：你需要知道的。

J Am Coll Radiol. 2014 Dec;11(12 Pt B):1212-6. doi: 10.1016/j.jacr.2014.09.011. Epub 2014 Dec 1.

Hospital managers' attitude and commitment toward electronic medical records system in Isfahan hospitals 2014.2014年伊斯法罕医院管理人员对电子病历系统的态度和承诺

J Educ Health Promot. 2017 May 5;6:37. doi: 10.4103/jehp.jehp_13_15. eCollection 2017.

Challenges of Implementing Picture Archiving and Communication System in Multiple Hospitals: Perspectives of Involved Staff and Users.多院区实施影像归档与通信系统面临的挑战：相关工作人员和用户的观点。

J Med Syst. 2019 May 15;43(7):182. doi: 10.1007/s10916-019-1319-0.

Development of death education training content for adult cancer patients: A mixed methods study.成人癌症患者死亡教育培训内容的开发：一项混合方法研究。

J Clin Nurs. 2018 Dec;27(23-24):4400-4410. doi: 10.1111/jocn.14595. Epub 2018 Aug 29.

Security Techniques for the Electronic Health Records.电子健康记录的安全技术

J Med Syst. 2017 Aug;41(8):127. doi: 10.1007/s10916-017-0778-4. Epub 2017 Jul 21.

Developing and Assessing the Validity and Reliability of an Iranian Food Security Questionnaire.开发并评估伊朗食品安全问卷的有效性和可靠性。

Arch Iran Med. 2019 Jan 1;22(1):11-23.

引用本文的文献

Decoding privacy concerns: the role of perceived risk and benefits in personal health data disclosure.解读隐私担忧：感知风险和益处对个人健康数据披露的影响

Arch Public Health. 2024 Oct 11;82(1):180. doi: 10.1186/s13690-024-01416-z.

Balancing confidentiality and care coordination: challenges in patient privacy.平衡保密性与护理协调：患者隐私面临的挑战

BMC Nurs. 2024 Aug 15;23(1):564. doi: 10.1186/s12912-024-02231-1.

Readiness for Health Information Technology is Associated to Information Security in Healthcare Institutions.医疗机构对健康信息技术的准备情况与信息安全相关。

Acta Inform Med. 2020 Dec;28(4):265-271. doi: 10.5455/aim.2020.28.265-271.

Technical requirements framework of hospital information systems: design and evaluation.医院信息系统的技术要求框架：设计与评估。

BMC Med Inform Decis Mak. 2020 Apr 3;20(1):61. doi: 10.1186/s12911-020-1076-5.

Security Requirements of Internet of Things-Based Healthcare System: a Survey Study.基于物联网的医疗保健系统的安全要求：一项调查研究。

Acta Inform Med. 2019 Dec;27(4):253-258. doi: 10.5455/aim.2019.27.253-258.

Integrating Genetic Data into Electronic Health Records: Medical Geneticists' Perspectives.将基因数据整合到电子健康记录中：医学遗传学家的观点。

Healthc Inform Res. 2019 Oct;25(4):289-296. doi: 10.4258/hir.2019.25.4.289. Epub 2019 Oct 31.

Common elements and features of a mobile-based self-management system for people living with HIV.针对艾滋病毒感染者的基于移动设备的自我管理系统的共同要素和特征。

Electron Physician. 2018 Apr 25;10(4):6655-6662. doi: 10.19082/6655. eCollection 2018 Apr.

Information Security Risk Assessment in Hospitals.医院中的信息安全风险评估

Open Med Inform J. 2017 Sep 14;11:37-43. doi: 10.2174/1874431101711010037. eCollection 2017.

本文引用的文献

Security and privacy in electronic health records: a systematic literature review.电子健康记录中的安全性和隐私保护：系统文献综述。

J Biomed Inform. 2013 Jun;46(3):541-62. doi: 10.1016/j.jbi.2012.12.003. Epub 2013 Jan 8.

Security practices and regulatory compliance in the healthcare industry.医疗行业的安全实践和法规遵从。

J Am Med Inform Assoc. 2013 Jan 1;20(1):44-51. doi: 10.1136/amiajnl-2012-000906. Epub 2012 Sep 6.

Analysis of information security management systems at 5 domestic hospitals with more than 500 beds.对5家床位超过500张的国内医院的信息安全管理系统进行分析。

Healthc Inform Res. 2010 Jun;16(2):89-99. doi: 10.4258/hir.2010.16.2.89. Epub 2010 Jun 30.

Security threats categories in healthcare information systems.医疗信息系统中的安全威胁类别。

Health Informatics J. 2010 Sep;16(3):201-9. doi: 10.1177/1460458210377468.

Security requirements and solutions in electronic health records: lessons learned from a comparative study.电子健康记录中的安全要求和解决方案：来自比较研究的经验教训。

J Med Syst. 2010 Aug;34(4):629-42. doi: 10.1007/s10916-009-9276-7. Epub 2009 Apr 1.

A review of security of electronic health records.电子健康记录的安全性综述。

Health Inf Manag. 2005;34(1):13-8. doi: 10.1177/183335830503400105.

How secure is your information system? An investigation into actual healthcare worker password practices.你的信息系统有多安全？对医护人员实际密码使用情况的调查。

Perspect Health Inf Manag. 2006 Sep 27;3:8.

Influence of the HIPAA Privacy Rule on health research.《健康保险流通与责任法案》隐私规则对健康研究的影响。

JAMA. 2007 Nov 14;298(18):2164-70. doi: 10.1001/jama.298.18.2164.

Breaching the security of the Kaiser Permanente Internet patient portal: the organizational foundations of information security.突破凯撒医疗互联网患者门户的安全防线：信息安全的组织基础

J Am Med Inform Assoc. 2007 Mar-Apr;14(2):239-43. doi: 10.1197/jamia.M2195. Epub 2007 Jan 9.

The roles of policy and professionalism in the protection of processed clinical data: a literature review.政策与专业精神在保护经处理临床数据中的作用：一项文献综述

Int J Med Inform. 2007 Apr;76(4):261-8. doi: 10.1016/j.ijmedinf.2005.11.003. Epub 2006 Jan 6.

文献检索

告别复杂PubMed语法，用中文像聊天一样搜索，搜遍4000万医学文献。AI智能推荐，让科研检索更轻松。

立即免费搜索

文件翻译

保留排版，准确专业，支持PDF/Word/PPT等文件格式，支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述，25分钟生成高质量综述，智能提取关键信息，辅助科研写作。

立即免费体验