How addressing implementation issues can assist in medical information security governance

Research has shown that multiple factors affect the implementation of effective information security in general medical practices. These relate to trust, capability, costs, time, knowledge level, poor implementation, attitude and inconsistencies in objectives. This paper discusses these issues, their affect on medical information security practice and their solutions as part of an information security governance process. At present there are more questions than answers to these issues, however identification of them is the first step to improve security practice in the medical environment.

[1]  Patricia A. H. Williams Information Governance: A Model for Security in Medical Practice , 2007, J. Digit. Forensics Secur. Law.

[2]  Guido Boella,et al.  Coordination and Organization: Definitions, Examples and Future Research Directions , 2006, CoOrg@COORDINATION.

[3]  Douglas M. Stetson Achieving Effective Medical Information Security: Understanding the Culture , 2005 .

[4]  Sebastiaan H. von Solms,et al.  Information Security governance: COBIT or ISO 17799 or both? , 2005, Comput. Secur..

[5]  F. Baum,et al.  Participatory action research , 2006, Journal of Epidemiology and Community Health.

[6]  Steven Furnell,et al.  Risk and restitution: Assessing how users establish online trust , 2006, Comput. Secur..

[7]  A. B. Ruighaver,et al.  Organisational security culture: Extending the end-user perspective , 2007, Comput. Secur..

[8]  Patricia A. H. Williams The effects of IT on information culture in general medical practice , 2007 .

[9]  Patricia Williams,et al.  A practical application of CMM to medical security capability , 2008, Inf. Manag. Comput. Secur..

[10]  Annette Braunack-Mayer,et al.  Why protect confidentiality in health records? A review of research evidence. , 2004, Australian health review : a publication of the Australian Hospital Association.

[11]  Patricia A. H. Williams When trust defies common security sense , 2008, Health Informatics J..

[12]  A. Halligan,et al.  Implementing clinical governance: turning vision into reality , 2001, BMJ : British Medical Journal.

[13]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[14]  Dieter Hutter,et al.  Security of multi-agent systems: A case study on comparison shopping , 2007, J. Appl. Log..

[15]  R. Cushman,et al.  n Serious Technology Assessment for Health Care Information Technology , 2022 .

[16]  Dinesh Kallath Trust in trusted computing – the end of security as we know it , 2005 .

[17]  Michael D. Myers,et al.  A Set of Principles for Conducting and Evaluating Interpretive Field Studies in Information Systems , 1999, MIS Q..

[18]  Patricia A. H. Williams,et al.  The issues in securing electronic health information in transit , 2007 .

[19]  Vinod Kumar,et al.  A strategic modeling technique for information security risk assessment , 2007, Inf. Manag. Comput. Secur..

[20]  W. Whyte,et al.  Participatory Action Research , 1989 .

[21]  Vladimiro Sassone,et al.  A Bayesian Model for Event-based Trust , 2022 .