RESEARCH ARTICLE


Information Security Risk Assessment in Hospitals



Haleh Ayatollahi, Ghazal Shagerdi*
Department of Health Information Management, School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran


Article Metrics

CrossRef Citations:
0
Total Statistics:

Full-Text HTML Views: 1717
Abstract HTML Views: 1312
PDF Downloads: 656
ePub Downloads: 474
Total Views/Downloads: 4159
Unique Statistics:

Full-Text HTML Views: 1038
Abstract HTML Views: 832
PDF Downloads: 329
ePub Downloads: 208
Total Views/Downloads: 2407



© 2017 Ayatollahi et al.

open-access license: This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International Public License (CC-BY 4.0), a copy of which is available at: https://creativecommons.org/licenses/by/4.0/legalcode. This license permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

* Address correspondence to this authors at Department of Health Information Management, School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran; Tel: 0098-21-88794301; E-mails: sharafsh90@yahoo.com, ghshagerdi@gmail.com


Abstract

Background:

To date, many efforts have been made to classify information security threats, especially in the healthcare area. However, there are still many unknown risks which may threat the security of health information and their resources especially in the hospitals.

Objective:

The aim of this study was to assess the risks threatening information security in the hospitals located in one of the northwest cities of Iran.

Method:

This study was completed in 2014. The participants were information technology managers who worked in the hospitals (n=27). The research instrument was a questionnaire composed of a number of open and closed questions. The content validity of the questionnaire was confirmed, and the reliability of the closed questions was measured by using the test-retest method (r =0.78).

Results:

The results showed that among the information security risks, fire found to be a high probability/high impact risk factor. Human and physical/environmental threats were among the low probability risk factors. Regarding the information security safeguards used in the hospitals, the results showed that the use of the technical safeguards was the most frequent one (n =22, 91.7%) compared to the administrative (n =21, 87.5%) and the physical safeguards (n =16, 66.7%).

Conclusion:

The high probability risk factors require quick corrective actions to be taken. Therefore, the underlying causes of such threats should be identified and controlled before experiencing adverse effects. It is also important to note that information security in health care systems needs to be considered at a macro level with respect to the national interests and policies.

Keywords: Hospital Information System, Computer security, Risk, Risk assessment, Information system, Medical informatics.