Keywords
Security control
Information Security Management
Electronic Health Record (EHR)
How to Cite
Abstract
Protecting information based on physical boundaries and firewall technologies are outdated and inadequate in this area. Today the more efforts to establish a successful information security practice by developing rules regulating and making the users understand how to follow the prescribed information security rules and policies also is not likely to be successful. Thus, a better understanding on holistic process of information security protection in healthcare industry is very important to manage information security management. Nowadays, the increasing role of information technology platform in organizing health information has led to the need of review on the confidentiality, privacy, and security of electronic information. The widespread use of electronic health records (EHRs) in healthcare industry is prevailing. Once information is electronically stored and shared, it opens the door for hackers and other malicious attackers to access the records.. Therefore, this paper is to scrutinize the landscape of security management elements that contribute on successful of implementing security management in healthcare industry. This paper also includes overview on identifying the simple process of security management that will helps any organization in healthcare industry to formulate, implement and manage any medical or hospital information system.
References
Acharya, D. (2010). Security in Pervasive Health Care Networks: Current R & D and Future Challenges. In Eleventh international Conference on Mobile Data Management Security (pp. 305-306), doi:10.1109/MDM.2010.38
Ahmad, A., Hadgkis, J., & Ruighaver, a. B. (2012). Incident response teams – Challenges in supporting the organizational security function. Computers & Security, 31(5), 643-652, doi:10.1016/j.cose 2012 04,001
Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare; current state of research International Journal of Internet and Enterprise Management, 6(4), 279 doi:10.1504/JJIEM.2010.035624
Asri, M., Stambul, M., & Razali, R, (2011). An Assessment Model of Information Security Implementation Levels. In International Conference on Electrical Engineering and informatics.Bandung, Indonesia; IEEE
Atay, S., & Masera, M, (2011). Challenges the security analysis of Next Generation Networks. Information Security Technical Report, 16(1), 3-11. doi:10.1016/j.istr.2010.10.010
Boehmer, W. (2008). Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001. 2008 Second International Conference on Emerging Security Information, System and Technologies, 224-231. doi:10.1109/SECURWARE.2008.7
Cheng, L., Li, Y., Li,W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security,39, 447-459. doi:10.1016/j.cose.2013.09.009
Cox, J. (2012) Information system user security: A structured model of the knowing-doing gap. Computers in Human Behavior, 28(5), 1849-1858. doi:10.1016/j.chb.2012.05.003
Cresswell, K., & Seikh, A. (2013). Organizational issues in the implementation and adoption of health information technology innovations: an interpretative review. International Journal of Medical Informatics, 82(5), e73-86 doi:10.1016/j.ijmedinf.210210.007
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future direction for behavioral information security research. Computers & Security, 32, 90-101. doi: 10:1016/j.jbi.2010.05.003 Cushman, R., Froomkin, a M., Cava, A., Abril, P., & Goodman, K. W. (2010). Ethical, legal and social issuesfor personal health records and aplications Journal of Biomedical Informatics, 43(5 Suppl), S51-5 doi:10.1016/j.jbi.2010.05.003
Da Veiga, a., & Eloff, J.H.P (2010). A framework and assessment instrument for information security culture. Computers & Security, 20(2), 165-172. Doi: 10.1016/S0167-4048(01)00209-7
Dhillon, G.(2001). Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns. Computers & Security, 20(2), 165-172. doi: 10.1016/S0167-4048(01)00209-7
Existing, W., & From, C.(2012). Assesment Of Cobit Maturity Level With Exiting Conditions From Auditor,10(6), 41-50.
Fernandez-Aleman, J. L., Sensor, I.C., Lozoya, P.A.O., & Toval, A.(2013). Security and privacy in electronic helath record; a systematic literature review. Journal of Biomedical Informatics, 46(3), 541=62.doi:1016/j.jbi.2012.12.003
Fernando, J.I., & Dawson, I. I (2009). The health information system security threat lifestyle an informatics theory. International Journal of Medical informatics, 78(12). S 15-26.doi:10.1016/j.ijmedinf.2009,08.006
Ferralolo,D. F., Sandhu, R., Gavrilla, S., Kuhn. D.R., & Chandramouli, R R. (2001). Proposed NIST standard for role-based access control. ACM Transactions on information and System Security, 4(3) 324-374. doi: 10.1145/501978.501980
Fielden, K (2010). Information Security Framework. IEEE SECURITY & PRIVACY, 25-30
Fuchs, L.Pernul. G., & Sandhu, R.(2011). Roles in Information security – A survey and classification of the research area. Computers & security, 30(8), 748-769. doi:10.1016/j.cose. 2011.08.002.
Fuchsberger, A. (2005). Intrusion Detection System and Intrusion Prevention Systems. Information Security Technical Report, 10(03), 134-139. doi:10.1016/j.istr.2005.08.001
Furnell,S., & Rajandran, A . (2012). Understanding the influences on information security behavior. Computer Fraud & Security, 2012(3), 12-15,doi: 10.1016/SI361-372(12)70053-2
Ghazvini, A., & Shukur, Z., (2013). Security Challenges and Success Factors of Electronic Healthcare System Procedia Technology, 11(Iceei), 212-219.doi:10.1016/j.protcy.2013.12.183
Guo,K.H.(2012). Security-Related Behavior in Using Information System in the Workplace: A Review and Synthesis. Computers & Security, (1), 1-10. doi:10.1016/j.cose.2012.10.003
Guo,K.H.(2012). Security-Related Behavior in Using Information System in the Workplace: A Review and Synthesis. Computers & Security, 32 (1), 242-251.doi:10.1016/j.cose.2012.10/003
Has, S., Wohlgemuth, S., Echizen, I., Sonehara, N., & Muller, G. (2011). Aspects of privacy for electronic health records, International Journal of Medical Informatics, 80(2), e26-31 doi:10.1016/j.ijmedinf.2010.10.001
Hayrinen, K., Saranto, K., & Nykanen, P,(2008). Definition, structure, content, use and impacts of electronic health records: a review of the research literature. International Journal of Medical Informatics, 77(5), 291-304, doi:10.1016/j.ijmedinf.2007.09.001
Huang, L.-C., Chu, H.-C., Lien, C.-Y., Hsiao, C.-H., & Kao,T. (2009). Privacy preservation and information security protection for patients’ portable electronic health records Computer in Biology and Medicine, 39(9), 743-50, doi:10.1016/j.compbiomed.2009.06.004
Humaidi, N. (2013). Exploratory Factor Analysis of User’s Compliance Behavior towards Health Information System’s Security. Journal of Health & Medical Informatics, 04(02), 2-9 doi:10.4172/2157-7420.1000123
Ifineedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialization, influence, and cognition. Information and Management, 51(1), 69-79 doi:10.1016/j.im.2013.10.001
Ismail, A., Jamil, A, T., Rahman, A. F. A., Madihah,J., Bakar, A., & Saad, N. M. (2010). Original Article The Implementation of Hospital Information System (His) in Tertiary Hospitals In Malaysia: A Qualitative Study, Malaysian Journal of Public Health Medicine, 10(2), 16-24
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright (c) 2022 Mohd Shamim