Research on the impact of introducing HIPAA-based information security policies into Taiwan's healthcare industry

• Main Authors: HUA-LIN HSIEH, 謝華麟
• Other Authors: none
• Format: Others
• Language: zh-TW
• Published: 2007
• Online Access: http://ndltd.ncl.edu.tw/handle/42145082125796822367

碩士 === 國立中正大學 === 會計與資訊科技所 === 96 === As the government introduces a series of programs on the digitization of health information, how healthcare institutions build a secure environment for the exchange of information and prevent personal health information from being stolen, altered, or forged while protecting the privacy of each individual, requires the stringent evaluation, research, and establishment of governance regulations and operating procedures on top of its technical feasibility. This research is based on (1) the governance of information security set out in Note 23 of “Security and Privacy – Security Standards for the Protection of Electronic Protected Health Information (EPHI)” – 20 required implementation specifications in chapter: “Administrative Simplification” under the Health Insurance Portability and Accountability Act (HIPAA) (foreign law) and (2) Note 2.4 – “Information Management” in the second chapter: “Rational Hospital Management” of the New Hospital Accreditation System (domestic law). On the groundwork of these two laws on medical safety, we intend to determine the impact of introducing information security related regulations of the HIPAA into Taiwan’s current healthcare environment so as to provide a reference for healthcare institutions on the security and privacy of electronic health information during their application of such information. After taking all information security related factors of the HIPAA into our discriminant analysis, we found that the enforcement of information security by the sample hospitals is inadequate despite the fact that they all had dedicated departments for information management. Factors included in the analysis consisted of support from top management, organizational characteristics, coordination of resources, and the relevant knowledge of top management, etc.