A study on Integrating ISO27001 and ISO27799 to Apply Healthcare Information System

• Main Authors: HSIEH,Tsung-Han, 謝宗翰
• Other Authors: Lin,I-Long
• Format: Others
• Language: zh-TW
• Online Access: http://ndltd.ncl.edu.tw/handle/zj25jm

碩士 === 元培科技大學 === 數位創新管理研究所 === 102 === Information Center of the Department of Health in 2005, the announcement "Medical Information System Specification 2.0" as the medical institutions to build quasi-medical information system data, and the bill was passed HIPPA information security infrastructure construction, however, the recent succession of international information security standards launch, and the National Health Insurance Bureau in response to e-government to promote, build NHI IC cards and electronic medical records exchange technology, supplemented by information security training hospital personnel seeds provide ISO 27001:2005 information Security management International standard authentication services. Therefore, this study, "Medical Information System Specification 2.0," based on the use of literature analysis as a research strategy of this study in the literature end use analysis compiled the ISO 27001 management to entry (133) and for the health care industry's special attributes especially developed ISO 27799:2008, integrated information systems used in medical, at 11 on the measures necessary technical or organizational; then use the proposed PDCA cycle processes and Professor Lin Yilong PLSE Model four dimensions, the establishment of medical institutions of medical information Systems security management Measures to Do List. After further modified Delphi method through expert questionnaires to obtain consistency of expert evaluation project to construct this study, "Medical Information Systems Security 3.0 specification draft version of" job evaluation sheet and import flow chart. Finally, through a case study of the hospital accreditation process conducted practical side to verify constructed in this study, "Medical Information Systems Security 3.0 specification draft version of ` job evaluation sheet and import flowchart its availability and effectiveness' of medical institutions to provide a line with Plan-Do-Check-Act the trend information security information security standard operating procedures to follow. For imported ISMS medical institutions, ISM can also be adapted to give a reference, and information security protection measures carried out a review of medical institutions to take this evaluation table for the early detection of information security gaps.