On Applying BS 7799 Specification for Review Information Security Management Documents of Health Care Providers
| Autor: | Hsiang-Yu Yeh, 葉相妤 |
|---|---|
| Rok vydání: | 2002 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 90 The developing of Internet and WWW brought out society into an information era; a great quantity of information can be swiftly duplicated, transferred and deal with. This achievement will result great influence in every stratum of society. In the meantime, while we give this new technology a great ovation, there are many reports about information security occupy important printed pages of media. Information security follows the combination of technology and life becoming a great issue for all the population. Medical industry is an industry that needs high quality and quantity of information. Many medical cares must proceed basing on correct information. Information technology has already become an edged tool for promoting quantity and efficiency of medical industry. Recently, many hospitals started to build their information systems. A lot of medical information has been saved into electronic type. Electronic documents can replace original documents becoming statutory documents by the legislation of electronic signature. At this moment, we can still hear queries related to information security. The aims of this study are to understand and find out a standard of evaluation of information security for medical apparatuses and to realize current information security system in medical surroundings. The most acceptable information management standard by the international organizations is BS 7799, which set up by British Standard Institution. And then we took BS 7799 as a standard to evaluate how medical surroundings manage their information security. Due to restrictions on time and difficulty of collecting information, we aimed at“Security Management for Personal Information File” provided from each hospital and six copies of policy for information security management provided from CPRI (computerized patient record institute) as verifying files. After verifying these files, we find out that although BS 7799 is not designed for medical environment, but most controls from BS 7799 are suitable for medical environment. In addition to protect patients’ privacy, other important information security items for medical environment are included. We followed formats of BS 7799 to conclude four objects and thirteen controls for protecting patient’s privacy; excluded other controls irrelevant to medical care; proposed a synthesized method for management of medical information security based on BS 7799. Since the demands from we proposed could not be reached immediately, we set another version of inner as intermediate range target before we can reach the goal. In short-term purpose, we trimmed off twenty-three dominated measures to put into practice currently. Owing to restrictions of time and ability, our results for this study are pretty rough, and there are many aspects we could improve. But this study is one little step for constructing an efficient and safe medical information system. I hope that our findings could attract more researchers to study security and management of medical information. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|