An action framework for compliance and governance-Reference-Cited by-同舟云学术

An action framework for compliance and governance

Published:2014-09-30 Issue:4 Volume:19 Page:342-359
ISSN:1477-7274
Container-title:Clinical Governance: An International Journal
language:en
Short-container-title:

Author:

O’Neill Allen

Abstract

Purpose – The purpose of this paper is to propose a framework for clinical governance, in particular, the compliance of data privacy in a healthcare organisation. Design/methodology/approach – The approach of the research was to highlight problem areas in compliance and governance risk management (governance, risk and compliance (GRC)) in general, and then identify knowledge in other domains that could be combined and applied to improve GRC management, and ultimately improve governance outcomes. Findings – There is a gap in the literature is respect of systems and frameworks to assist organisations in managing the complex minutiae associated with compliance. This paper addresses this gap by proposing a “compliance action framework” which builds on work existing in other domains in relation to education, process control and governance. Research limitations/implications – The present research provides a starting point for an implementation of the framework within a number of organisations, and opens questions for further research in the field. Originality/value – The GRC framework proposed in this paper contributes to the state of the art, by proposing processes for improving the governance capability and compliance outcomes within an organisation for governance of data privacy risk and data protection.

Publisher

Emerald

Subject

Health Policy

Reference63 articles.

1. AICPA (2014), “Comparison of international privacy concepts”, American Institute of Certified Public Accountants, New York, NY, available at: www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/GenerallyAcceptedPrivacyPrinciples/Pages/InternationalPrivacyConcepts.aspx (accessed 9 July 2014).

2. Appari, A. and Eric Johnson, M. (2010), “Information security and privacy in healthcare: current state of research”, Int. J. Internet and Enterprise Management, Vol. 6 No. 4, pp. 279-314.

3. BBC (2010), “Zurich insurance fined £2.3 m over customers’ data loss”, available at: www.bbc.co.uk/news/business-11070217 (accessed 5 March 2014).

4. Bennett, C. (1992), Regulating Privacy: Data Protection and Public Policy in Europe and the United States, Cornell University Press, Itheca, NY.

5. Benner, P. (1984), From Novice to Expert: Excellence and Power in Clinical Nursing Practice, Addison Wesley, Menlo Park, CA.

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Bibliometric Analysis of Using IT-GRC for Corporate Resilience and Sustainability;2024 2nd International Conference on Software Engineering and Information Technology (ICoSEIT);2024-02-28

2. An SQWRL-Based Method for Assessing Regulatory Compliance in the Pharmaceutical Industry;Applied Sciences;2022-10-28

3. Are we done with business process compliance: state of the art and challenges ahead;Knowledge and Information Systems;2018-01-22

4. Getting it Right: A Model for Compliance Assessment;IFIP Advances in Information and Communication Technology;2018

5. Conversion of Legal Text to a Logical Rules Set from Medical Law Using the Medical Relational Model and the World Rule Model for a Medical Decision Support System;Informatics;2016-02-26