The Recommendation of Controls for Hospital Information System Using CRAMM: Case Studies of Two Korean Hospitals

  • Moon, Song-Chul (Systec Cop.) ;
  • Han, In-Goo (Graduate School of management Korea Advanced Institute of Science and Technology) ;
  • Lee, Sang-Jae (Techno-Management Research Institute Korea Advanced Insitute of Science and Technology)
  • Published : 2000.05.01

Abstract

The medical records of diagnostic and testing information include sensitive personal information that reveals some of the most intimate aspects of an individual's life. The hospital information system (HIS) operates in a state of high risk which may lead to the possible loss to the IS resources caused by various threats. This research addresses twofold : (1) to perform asset identification ad valuation and (2) to recommend countermeasures for secure HIS network using case studies This paper applied a risk management tool CRAMM (Central Computer and Tele-communications Agency's Risk Analysis and Management Method) to assess asset values and suggest countermeasures for the security of computerized medical information of two large hospitals in Korea. CRAMM countermeasures are recommended at the reference sites from the network security requirements of system utilized for the diagnosis and treatment of patients. The results of the study will enhance the awareness of IS risk management by IS managers.

Keywords