The Study on Integrating the New ISO 27002 & ISO 27799 and the New Personal Information Protection Act to apply Medical Institutions-An Empiric Evidence of Regional Hospital of I-Lan Distric

• Main Authors: Yao-Ching Huang, 黃耀慶
• Other Authors: Lin,I-Long
• Format: Others
• Language: zh-TW
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/ek8xr4

碩士 === 國立宜蘭大學 === 多媒體網路通訊數位學習碩士在職專班 === 104 === With the development and progress of information technology, information security issues has become an important topic of great importance to medical institutions, after the Personal Data Protection Act 2010, the third reading, how to enhance the quality of medical institutes, information security is becoming increasingly important. Currently the medical industry has begun to pay attention to information security management system (ISMS), but operating practices also need the support and guidance of academic and empirical research, in order to give hospital administrators specific proposals, therefore investigate medical institutions Information Security Management System (ISMS) have its necessity and importance. In this study, ISO 27002 : 2013, based on aggregated a new version of the ISO 27002 management to entry (114) with a special attribute health care industry, especially the development of ISO 27799 : 2008, integrated in a capital protection and a funding law Enforcement Rules XII Article "maintain appropriate security measures" necessary measures in 11 on the technical or organization; then use the P-D-C-A cycle process and proposed Professor Lin I long PLSE Model of four dimensions, the establishment of personal data protection management to work safety measures for medical items Memberships integration. After the formal Delphi method to repair expert questionnaire, obtain an expert evaluation of the consistency of the project, the construction of this study "a medical evaluation and follow-finance institutions protect the job table." Finally, through the case of this study were hospital substantive evaluation terminal operations to verify the construction of this Institute, "a medical evaluation and follow-funded protection work table" its availability and effectiveness, provide a complete coverage of a medical institution law Enforcement Rules Article XII of funding required to maintain 11 security measures of the Plan-Do-Check-Act followed a capital protection processes. For imported ISMS of medical institutions, ISMS can also be given with reference to adaptation, financing and conduct a review of protective measures, for the evaluation of medical institutions to take a table for early detection of security funding gap.