Summary: | Health service organizations are increasingly required to deliver quality healthcare services without increasing costs. The adoption of health information technologies can assist these organizations to deliver a quality service; however, this again exposes the health information to threats. The protection of personal health information is critical to ensure the privacy of patients in the care of health service organizations. Therefore both quality and information security are of importance in healthcare. Organisations commonly use management system standards to assist them to improve a particular function (e.g. quality or security) through structured organizational processes to establish, maintain and optimise a management system for the particular function. In the healthcare sector, the ISO 9001, ISO 9004 and IWA 1 standards may be used for the purpose of improving quality management through the establishment of a quality management system. Similarly, the ISO 27001 and ISO 27799 standards may be used to improve information security management through the establishment of an information security management system. However, the concurrent implementation of multiple standards brings confusion and complexity within organisations. A possible solution to the confusion is to introduce an integrated management system that addresses the requirements of multiple management systems. In this research, various standards relevant to the establishment of management systems for quality and security are studied. Additionally, literature on integrated management systems is reviewed to determine a possible approach to establishing an IMS for quality and information security in healthcare. It will be shown that the quality management and information security management standards contain commonalities that an integration approach can be based on. A detailed investigation of these commonalities is done in order to present the final proposal of the IMSQS, the Integrated Management System for Quality and Information Security in healthcare.
|