A Survey of Security Standards Applicable to Health Information Systems-Reference-Cited by-同舟云学术

A Survey of Security Standards Applicable to Health Information Systems

Published:2013-10 Issue:4 Volume:7 Page:22-36
ISSN:1930-1650
Container-title:International Journal of Information Security and Privacy
language:en
Short-container-title:

Author:

Akowuah Francis¹,Yuan Xiaohong²,Xu Jinsheng¹,Wang Hong³

Affiliation:

1. Department of Computer Science, North Carolina A&T State University, Greensboro, NC, USA

2. Department of Computer Science, Center for Cyber Defense (a CAE/IAE), North Carolina A&T State University, Greensboro, NC, USA

3. Department of Management, North Carolina A&T State University, Greensboro, NC, USA

Abstract

The information maintained by Health Information Systems (HIS) is often faced with security threats from a wide range of sources. Some government's regulations require healthcare organizations and custodians of personal health information to take practical steps to address the security and privacy needs of personal health information. Standards help to ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted. In this paper, the authors survey security standards applicable to healthcare industry including Control OBjective for Information and related Technology (COBIT), ISO/IEC 27002:2005, ISO/IEC 27001:2005, NIST Special Publication 800-53, ISO 27799:2008, HITRUST Common Security Framework (CSF), ISO 17090:2008, ISO/TS 25237:2008, etc. This survey informs the audience currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.

Publisher

IGI Global

Subject

Information Systems

Reference33 articles.

1. Akowuah, F., Yuan, X., Xu, J., & Wang, H. (2012). An overview of laws and standards for health information security and privacy. In Proceedings of the Security & Management International Conference (pp. 403-408). Las Vegas: CSREA Press.

2. Boehmer, W. (2009). Cost-benefit trade-off analysis of an ISMS based on ISO 27001. In Proceedings of the International Conference on Availability, Reliability and Security (ARES '09) (pp. 392- 399). Fukuoka: CPS.

3. Fraser, R. (2006, June 6). Canada health infoway. Retrieved September 16, 2012, from http://sl.infoway-inforoute.ca/downloads/Ross_Fraser_-_ISO_27799.pdf

4. Freedman, L. F. (2009, February). The Health Information Technology for Economic and Clinical Health Act (HITECH Act): Implications for the adoption of health information technology, HIPAA, and privacy and security issues. Retrieved March 3, 2012, from http://www.nixonpeabody.com/publications_detail3.asp?ID=2621

5. Heminger, A. R., & Chessman, J. (2009). A study of U.S. battlefield medical treatment/evacuation. Compliance with HIPAA requirements. In Proceedings of the 42nd Hawaii International Conference on System Sciences.

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. DeTER Framework;Research Anthology on Securing Medical Systems and Records;2022-06-03

2. An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks;Information Systems Frontiers;2022-02-28

3. DeTER Framework;International Journal of Intelligent Information Technologies;2021-04

4. The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda;The TQM Journal;2021-03-16

5. Identity Authentication Security Management in Mobile Payment Systems;Research Anthology on Securing Mobile Technologies and Applications;2021