Avaliação do grau de conformidade às normas e recomendações em gestão da segurança da informação digital em hospitais. / Assessment of the level of conformity of hospitals to electronic information security standards and recommendations.
AUTOR(ES)
Heitor Neves Gottberg
DATA DE PUBLICAÇÃO
2010
RESUMO
CONTEXT: Confidentiality, integrity and availability of patient information are intrinsic to hospital services and nowadays computerization is growing in day to day operations of these institutions. OBJECTIVE: This work intends to assess the level of conformity to the standards and literature recommendations in Information Security of an exploratory group of hospitals using Electronic Health Records Systems (EHR-S). METHODS: From the study of international standards and of resolution 1821/07 of the Federal Council of Medicine (CFM), we have developed a ―gold standard‖ of information security management and electronic health record systems, elaborated a questionnaire and released it via the Internet where each hospital can achieve an ―estimated‖ degree of compliance with this standard and identify which areas are more (or less) compliant to this desirable level. RESULTS: From the replies obtained with a group of hospitals, we have seen an average a degree of compliance of 37% in information security management processes (on a scale from 0% to 100%) and 38% in compliance of EHR-S. CONCLUSION: We finalize showing that the issue of information security management (ISM) is incipient on concerns and investments of hospitals, and that even though specific knowledge and material is available, managers have not yet implemented solutions that meet the specific characteristics and information security demands of the healthcare industry.
ASSUNTO(S)
gestão hospitalar informática em saúde gestão da informação segurança da informação de saúde saude coletiva hospital management health informatics information management health information security
Documentos Relacionados
- Information management in hospitals:importance of electronic files for the integration of health information systems.
- Information security management: a look from the Information Science
- Implantação de ferramentas e técnicas de segurança da informação em conformidade com as normas ISO 27001 e ISO 17799
- SYSTEM FOR CONFORMITY ASSESSMENT OF ELECTROCARDIOGRAPHS
- Gestão da Segurança da Informação: Certificação Digital