• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

医院计算机化健康信息系统的信息安全风险管理:以伊朗为例

Information security risk management for computerized health information systems in hospitals: a case study of Iran.

作者信息

Zarei Javad, Sadoughi Farahnaz

机构信息

Health Information Management, Health Management and Economics Research Center, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran.

Health Information Management Department, School of Health Management and Information Science, Iran University of Medical Sciences, Tehran, Islamic Republic of Iran.

出版信息

Risk Manag Healthc Policy. 2016 May 27;9:75-85. doi: 10.2147/RMHP.S99908. eCollection 2016.

DOI:10.2147/RMHP.S99908
PMID:27313481
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC4890691/
Abstract

BACKGROUND

In recent years, hospitals in Iran - similar to those in other countries - have experienced growing use of computerized health information systems (CHISs), which play a significant role in the operations of hospitals. But, the major challenge of CHIS use is information security. This study attempts to evaluate CHIS information security risk management at hospitals of Iran.

MATERIALS AND METHODS

This applied study is a descriptive and cross-sectional research that has been conducted in 2015. The data were collected from 551 hospitals of Iran. Based on literature review, experts' opinion, and observations at five hospitals, our intensive questionnaire was designed to assess security risk management for CHISs at the concerned hospitals, which was then sent to all hospitals in Iran by the Ministry of Health.

RESULTS

Sixty-nine percent of the studied hospitals pursue information security policies and procedures in conformity with Iran Hospitals Accreditation Standards. At some hospitals, risk identification, risk evaluation, and risk estimation, as well as risk treatment, are unstructured without any specified approach or methodology. There is no significant structured approach to risk management at the studied hospitals.

CONCLUSION

Information security risk management is not followed by Iran's hospitals and their information security policies. This problem can cause a large number of challenges for their CHIS security in future. Therefore, Iran's Ministry of Health should develop practical policies to improve information security risk management in the hospitals of Iran.

摘要

背景

近年来,伊朗的医院——与其他国家的医院类似——经历了计算机化健康信息系统(CHISs)使用的不断增加,这些系统在医院运营中发挥着重要作用。但是,CHIS使用的主要挑战是信息安全。本研究试图评估伊朗医院的CHIS信息安全风险管理。

材料与方法

这项应用研究是一项描述性横断面研究,于2015年进行。数据收集自伊朗的551家医院。基于文献综述、专家意见以及对五家医院的观察,我们设计了详细问卷,以评估相关医院CHISs的安全风险管理,然后由卫生部将问卷发送给伊朗的所有医院。

结果

69%的被研究医院遵循符合伊朗医院认证标准的信息安全政策和程序。在一些医院,风险识别、风险评估、风险估计以及风险处理是无组织的,没有任何特定的方法或方法论。在被研究医院中没有显著的结构化风险管理方法。

结论

伊朗的医院及其信息安全政策没有遵循信息安全风险管理。这个问题可能在未来给它们的CHIS安全带来大量挑战。因此,伊朗卫生部应制定切实可行的政策,以改善伊朗医院的信息安全风险管理。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/5dc1/4890691/4cc5fb7d8e53/rmhp-9-075Fig1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/5dc1/4890691/4cc5fb7d8e53/rmhp-9-075Fig1.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/5dc1/4890691/4cc5fb7d8e53/rmhp-9-075Fig1.jpg

相似文献

1
Information security risk management for computerized health information systems in hospitals: a case study of Iran.医院计算机化健康信息系统的信息安全风险管理:以伊朗为例
Risk Manag Healthc Policy. 2016 May 27;9:75-85. doi: 10.2147/RMHP.S99908. eCollection 2016.
2
The challenge of medical waste management: a case study in northwest Iran-Tabriz.医疗废物管理的挑战:伊朗西北部大不里士的案例研究
Waste Manag Res. 2009 Jun;27(4):328-35. doi: 10.1177/0734242X08104132.
3
Views of Health Information Management Staff on Non-Technical Security Management Factors, Mashhad, Iran.伊朗马什哈德健康信息管理工作人员对非技术安全管理因素的看法
Stud Health Technol Inform. 2019;258:65-69.
4
Iran hospital accreditation standards: challenges and solutions.伊朗医院认证标准:挑战与解决方案。
Int J Health Plann Manage. 2021 May;36(3):958-975. doi: 10.1002/hpm.3144. Epub 2021 Mar 13.
5
Hospital accreditation in Iran: A qualitative case study of Kerman hospitals.伊朗的医院评审:克尔曼医院的定性案例研究
Int J Health Plann Manage. 2018 Apr;33(2):426-433. doi: 10.1002/hpm.2480. Epub 2018 Jan 8.
6
Patients' perception of the information security management in health centers: the role of organizational and human factors.患者对医疗中心信息安全管理的感知:组织和人为因素的作用。
BMC Med Inform Decis Mak. 2018 Nov 15;18(1):102. doi: 10.1186/s12911-018-0681-z.
7
Managing the security of nursing data in the electronic health record.管理电子健康记录中护理数据的安全性。
Acta Inform Med. 2015 Feb;23(1):39-43. doi: 10.5455/aim.2015.23.39-43. Epub 2015 Feb 22.
8
Health promoting hospitals in Iran: A review of the current status, challenges, and future prospects.伊朗的健康促进医院:现状、挑战及未来展望综述
Med J Islam Repub Iran. 2019 May 27;33:47. doi: 10.34171/mjiri.33.47. eCollection 2019.
9
Concerns and hopes about outsourcing decisions regarding health information management services at two teaching hospitals in Semnan, Iran.关于伊朗塞姆南两所教学医院的卫生信息管理服务外包决策的关注和希望。
Health Inf Manag. 2016 Apr;45(1):36-44. doi: 10.1177/1833358316639455.
10
Estimation of nursing staff in selected hospitals of ilam and ahvaz provinces, Western iran.伊朗西部伊拉姆省和阿瓦士省部分医院护理人员的估计
Nurs Midwifery Stud. 2013 Jun;2(2):217-25. doi: 10.5812/nms.10605. Epub 2013 Jun 27.

引用本文的文献

1
Information Security Awareness and Behaviors of Health Care Professionals at Public Health Care Facilities.公共卫生保健机构医疗保健专业人员的信息安全意识和行为。
Appl Clin Inform. 2021 Aug;12(4):924-932. doi: 10.1055/s-0041-1735527. Epub 2021 Sep 29.
2
Cybersecurity in Hospitals: A Systematic, Organizational Perspective.医院中的网络安全:系统的组织视角
J Med Internet Res. 2018 May 28;20(5):e10059. doi: 10.2196/10059.
3
Information Security Risk Assessment in Hospitals.医院中的信息安全风险评估

本文引用的文献

1
Reasons for deficiencies in health information laws in Iran.伊朗健康信息法律存在缺陷的原因。
Perspect Health Inf Manag. 2014 Apr 1;11(Spring):1b. eCollection 2014.
2
eHealth: extending, enhancing, and evolving health care.电子健康:拓展、增强和发展医疗保健。
Annu Rev Biomed Eng. 2013;15:359-82. doi: 10.1146/annurev-bioeng-071812-152350. Epub 2013 May 13.
3
Assessing and comparing information security in swiss hospitals.评估与比较瑞士医院的信息安全状况。
Open Med Inform J. 2017 Sep 14;11:37-43. doi: 10.2174/1874431101711010037. eCollection 2017.
Interact J Med Res. 2012 Nov 7;1(2):e11. doi: 10.2196/ijmr.2137.
4
Security and privacy in electronic health records: a systematic literature review.电子健康记录中的安全性和隐私保护:系统文献综述。
J Biomed Inform. 2013 Jun;46(3):541-62. doi: 10.1016/j.jbi.2012.12.003. Epub 2013 Jan 8.
5
Anticipating and addressing the unintended consequences of health IT and policy: a report from the AMIA 2009 Health Policy Meeting.预测和解决医疗信息技术和政策的意外后果:来自 AMIA 2009 年健康政策会议的报告。
J Am Med Inform Assoc. 2011 Jan-Feb;18(1):82-90. doi: 10.1136/jamia.2010.007567.
6
Security requirements and solutions in electronic health records: lessons learned from a comparative study.电子健康记录中的安全要求和解决方案:来自比较研究的经验教训。
J Med Syst. 2010 Aug;34(4):629-42. doi: 10.1007/s10916-009-9276-7. Epub 2009 Apr 1.
7
Security and privacy issues with health care information technology.医疗信息技术的安全与隐私问题。
Conf Proc IEEE Eng Med Biol Soc. 2006;2006:5453-8. doi: 10.1109/IEMBS.2006.260060.
8
Final HIPAA security regulations: a review.《健康保险流通与责任法案》最终安全法规:综述
Manag Care Q. 2003 Summer;11(3):15-27.