Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2009 ◽  
pp. 682-690
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Health Care ◽  
Information System ◽  
Information Security ◽  
Clinical Information System ◽  
Security Management ◽  
Clinical Information ◽  
Information Security Management ◽  
Care Industry ◽  
Security Event ◽  
Picture Archiving And Communication

Like other information systems in banking and commercial companies, information security is also an important issue in the health care industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the USA, more than 10 million security incidences occurred in the year 2003. The total loss was over $2 billion. In the health care industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in health care systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability. BS7799 is an information security management standard developed by the British Standards Institution (BSI) for an information security management system (ISMS). The first part of BS7799, which is the code of practice for information security, was later adopted by the International Organization for Standardization (ISO) as ISO17799. The ISO 27002 standard is the rename of the existing ISO 17799 standard. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented. The second part of BS7799 states the specification for ISMS which was replaced by The ISO 27001 standard published in October 2005. The Picture Archiving and Communication System (PACS; Huang, 2004) is a clinical information system tailored for the management of radiological and other medical images for patient care in hospitals and clinics. It was the first time in the world to implement both standards to a clinical information system for the improvement of data security.

Information Security Management in Picture Archiving and Communication Systems for the Healthcare Industry

2011 ◽  
pp. 1714-1723
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information System ◽  
Information Security ◽  
Clinical Information System ◽  
Security Management ◽  
Clinical Information ◽  
Healthcare Industry ◽  
Information Security Management ◽  
Picture Archiving ◽  
Security Event ◽  
Picture Archiving And Communication

Like other information systems in banking and commercial companies, information security is also an important issue in the healthcare industry. It is a common problem to have security incidences in an information system. Such security incidences include physical attacks, viruses, intrusions, and hacking. For instance, in the U.S.A., more than 10 million security incidences occurred in the year of 2003. The total loss was over $2 billion. In the healthcare industry, damages caused by security incidences could not be measured only by monetary cost. The trouble with inaccurate information in healthcare systems is that it is possible that someone might believe it and do something that might damage the patient. In a security event in which an unauthorized modification to the drug regime system at Arrowe Park Hospital proved to be a deliberate modification, the perpetrator received a jail sentence under the Computer Misuse Act of 1990. In another security event (The Institute of Physics and Engineering in Medicine, 2003), six patients received severe overdoses of radiation while being treated for cancer on a computerized medical linear accelerator between June 1985 and January 1987. Owing to the misuse of untested software in the control, the patients received radiation doses of about 25,000 rads while the normal therapeutic dose is 200 rads. Some of the patients reported immediate symptoms of burning and electric shock. Two died shortly afterward and others suffered scarring and permanent disability. BS7799 is an information-security-management standard developed by the British Standards Institution (BSI) for an information-securitymanagement system (ISMS). The first part of BS7799, which is the code of practice for information security, was later adopted by the International Organization for Standardization (ISO) as ISO17799. The second part of BS7799 states the specification for ISMS. The picture-archiving and -communication system (PACS; Huang, 2004) is a clinical information system tailored for the management of radiological and other medical images for patient care in hospitals and clinics. It was the first time in the world to implement both standards to a clinical information system for the improvement of data security.

scholarly journals Implementing an Integrated Large-Scale Clinical Information System for ISSSTE’s Hospital Network in Mexico

2021 ◽  
Vol 3 (2) ◽  
pp. 444-453
Author(s):  
Arturo Cervantes Trejo ◽  
Sophie Domenge Treuille ◽  
Isaac Castañeda Alcántara
Keyword(s):  
Health Care ◽  
Information System ◽  
Health Care Services ◽  
Large Scale ◽  
Clinical Information System ◽  
Clinical Information ◽  
Public Hospitals ◽  
Care Services ◽  
Cost Reductions

AbstractThe Institute for Security and Social Services for State Workers (ISSSTE) is a large public provider of health care services that serve around 13.2 million Mexican government workers and their families. To attain process efficiencies, cost reductions, and improvement of the quality of diagnostic and imaging services, ISSSTE was set out in 2019 to create a digital filmless medical image and report management system. A large-scale clinical information system (CIS), including radiology information system (RIS), picture archiving and communication system (PACS), and clinical data warehouse (CDW) components, was implemented at ISSSTE’s network of forty secondary- and tertiary-level public hospitals, applying global HL-7 and Digital Imaging and Communications in Medicine (DICOM) standards. In just 5 months, 40 hospitals had their endoscopy, radiology, and pathology services functionally interconnected within a national CIS and RIS/PACS on secure private local area networks (LANs) and a secure national wide area network (WAN). More than 2 million yearly studies and reports are now in digital form in a CDW, securely stored and always available. Benefits include increased productivity, reduced turnaround times, reduced need for duplicate exams, and reduced costs. Functional IT solutions allow ISSSTE hospitals to leave behind the use of radiographic film and printed medical reports with important cost reductions, as well as social and environmental impacts, leading to direct improvement in the quality of health care services rendered.

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

Information Security Standards for Health Information Systems

2011 ◽  
pp. 113-145
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

TARGETED COMPREHENSION OF THE PROGRAM OF INCREASING AWARENESS OF EMPLOYEES ON INFORMATION SECURITY OF THE ORGANIZATION

2021 ◽  
pp. 231-238
Author(s):  
Людмила Викторовна Астахова ◽  
Семён Александрович Бесчастнов
Keyword(s):  
Professional Development ◽  
Information System ◽  
Information Security ◽  
Dominant Role ◽  
Security Management ◽  
Software Tool ◽  
Information Security Management ◽  
Research Results ◽  
Technical Parameters

Повышение осведомленности сотрудников организации об информационной безопасности занимает устойчивое место в числе объектов исследования науки и практики, что обусловлено объективными факторами. Результаты исследований показывают, что в организациях присутствуют проблемные области управления информационной безопасностью, связанные с отсутствием целенаправленно применяемой методологии обучения и профессионального развития пользователей информационных систем. Это выражается в росте числа утечек защищаемой информации, спровоцированных внутренними пользователями. Для решения этой проблемы в статье обоснована сущность принципа целевой комплексности программы повышения осведомленности сотрудников об информационной безопасности организации, его доминирующая роль в процессе проектирования структуры и содержания программы. Охарактеризовано разработанное на основе этого принципа программное средство для повышения осведомленности сотрудников, его технические параметры, функциональные возможности и отличия от других продуктов. Raising the awareness of employees of the organization about information security takes a stable place among the objects of research in science and practice, which is due to objective factors. Research results show that organizations have problem areas of information security management associated with the lack of a purposefully applied methodology for training and professional development of information system users. This leads to an increasing number of information leaks through the fault of users. To solve this problem, the article substantiates the essence of the principle of the target complexity of the program for raising the awareness of employees about the information security of an organization, its dominant role in the process of designing the structure and content of the program. A software tool developed based on this principle for raising employee awareness, its technical parameters, functionality, and differences from other products is characterized.

Information Security Standards for Health Information Systems

2012 ◽  
pp. 225-257
Author(s):  
Evangelos Kotsonis ◽  
Stelios Eliakis
Keyword(s):  
Health Care ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Health Care Organization ◽  
Security Management ◽  
Health Information Systems ◽  
Care Organization ◽  
Information Security Management ◽  
Health Related

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).

scholarly journals Method for assessing efficiency of the information security management system

2018 ◽  
Vol 210 ◽  
pp. 04011 ◽  
Author(s):  
Maciej Kiedrowicz ◽  
Jerzy Stanik
Keyword(s):  
Information System ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Security System ◽  
Information Security Management ◽  
Efficiency Assessment ◽  
Information Security Management System ◽  
System Information ◽  
Security Configuration

The article addresses the issue of efficiency assessment of the security system (SS) in terms of the Information Security Management System (information resources of the information system in an organization). It is assumed that the purpose of such security system is to achieve a declared level of protection of the information system resources. Therefore, the level of security of information system in a given organization shall be determined by the efficiency assessment of the security system. The efficiency of the security system mainly depends on the functional properties of its components and other factors occurring in its environment. The article mainly focuses on security configuration, i.e. technical configuration and security organization configuration. The thesis was adopted that the efficiency of the security system may be considered as a set-theoretic efficiency sum of the security configurations invoked in such system. Additionally, it was assumed that a prerequisite for the desired measures (indicators) of the efficiency assessment of the SS shall be to propose such measures and develop appropriate ways (methods) of their calculation. The efficiency measure for the SS as well as two methods of efficiency assessment of the SS were proposed in the article.

Sign in / Sign up

Export Citation Format

Share Document