Investigating the Security of Health-care Information in Iranian Hospitals in Confronting with Threatening Risks-Reference-Cited by-同舟云学术

Investigating the Security of Health-care Information in Iranian Hospitals in Confronting with Threatening Risks

Published:2023 Issue:4 Volume:2 Page:224-229
ISSN:2949-6594
Container-title:Journal of Preventive, Diagnostic and Treatment Strategies in Medicine
language:en
Short-container-title:

Author:

Hassanzad Maryam¹,Arian Mahdieh²,Mollaei Roghayeh³,Ansari Masoumeh³,Khaledian Mehrdad⁴,Valinejadi Ali⁵,Velayati Ali Akbar⁶

Affiliation:

1. Pediatric Respiratory Disease Research Center, National Research Institute of Tuberculosis and Lung Disease, Shahid Beheshti University of Medical Sciences, Tehran, Iran

2. Nursing and Midwifery Care Research Center, Mashhad University of Medical Sciences, Mashhad, Iran

3. Student Research Committee, School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran

4. Human Resources Management, Kurdistan University of Medical Sciences, Sanandaj, Iran

5. Social Determinants of Health Research Center, Semnan University of Medical Sciences, Semnan, Iran

6. Mycobacteriology Research Center, National Research Institute of Tuberculosis and Lung Diseases, Shahid Beheshti University of Medical Sciences, Tehran, Iran

Abstract

BACKGROUND: Like other organizations, hospitals are at risk of information security threats. The implementation and use of various kinds of electronic health records and information systems challenge the privacy and security management of personal care as well as health-care organizations. OBJECTIVE: This survey aims to evaluate information security by focusing on the differences among hospitals based on their size and type. MATERIALS AND METHODS: We conducted a survey, as a cross-sectional study, in 2023. The chief information officers of 165 hospitals in Iran were invited to participate. Furthermore, we designed an online questionnaire based on the ISO/IEC 27002. The scores of the hospitals were analyzed for significant differences in terms of seven factors of this questionnaire with respect to the size and type of hospitals. RESULTS: The 165 participating hospitals had a score of <55% of the maximum possible score (100%). The hospitals with more than 200 beds had the highest level of information security, and the lowest level of information security was far hospitals with 150–200 beds. In all studied hospitals, the highest score was related to the component “Backup and security zones,” and the lowest score was related to the component “Encryption and staging.” Even the analysis based on the number of beds did not change this result. Furthermore, the private and university hospitals were weaker than other hospitals in terms of “organization and risk management” and “protection against attacks.” CONCLUSION: All participating hospitals in this study in Iran had an average score. Therefore, due to the importance of confidentiality of information in the health-care system, it is essential to provide a secure platform for information retention in hospitals. The causes of these threats should also be identified and controlled before experiencing harmful effects. We thus suggest that managers of health-care information and information technology departments in hospitals take appropriate corrective measures in policy development, user training, access control, risk management, as well as physical standards and protection against attacks.

Publisher

Medknow

Reference15 articles.

1. Information security and privacy in hospitals:A literature mapping and review of research gaps;Ahouanmenou;Inform Health Soc Care,2023

2. Security and privacy of electronic health records:Concerns and challenges;Keshta;Egypt Inform J,2021

3. Use of health information technology in patients care management:A mixed methods study in Iran;Askari-Majdabadi;Acta Inform Med,2019

4. Privacy, confidentiality, security and patient safety concerns about electronic health records;Bani Issa;Int Nurs Rev,2020

5. Factors affecting hospital information system acceptance by caregivers of educational hospitals based on technology acceptance model (TAM):A study in Iran;Alipour;Iioab J,2016