Information Security in Hospital Information Systems Affiliated to Isfahan University of Medical Sciences

Document Type: Original Article

Authors

1 Health Information Technology Research Center, Isfahan University of Medical Sciences, Isfahan, Iran.

2 Department of Management, Isfahan (Khorasgan) Branch, Islamic Azad University, Isfahan, Iran.

3 Health Information technology, Faculty of Management and Medical Information Sciences, Isfahan University of Medical Sciences, Isfahan, Iran.

Abstract

Objective: The aim of this study is to identify the security status of information on three dimensions: managerial, technical, and physical in the information systems of the hospitals affiliated to Isfahan University of Medical Sciences.
Method: This is an applied descriptive study conducted in 2017-2018. The study population comprised 35 Information Technology Department Managers(ITDM). The instrument for data collection was a questionnaire comprising managerial, technological, and physical dimensions, designed on a Likert scale. The data were collected by visiting the hospital, making observations, and inquiring from the ITDM and then analyzing using SPSS version 22.
Findings: From the viewpoint of ITD, the information security at the Hospital information systems was unsatisfactory: 1.37%, 1.28%, and 1.218% on managerial, technological, and physical dimensions respectively at the hospital information systems. 
Conclusion: In this study, the information security on the managerial, technological, and physical dimensions of hospital information systems, development and execution of security policies and administration of training courses for users, aimed to improve the security of health information seems essential. Furthermore, to improve the physical security for this purpose, hospitals need to devise means to physically control the resources, create security fences for areas containing such information as the server room, using physical protection to counter human damages, natural disasters such as power cuts. To improve technological security, it is recommended that technological arrangements be made to verify the person requesting access to electronic information prior to permitting it.

Keywords

Main Subjects