Journal of Digital Convergence (디지털융복합연구)

The Society of Digital Policy and Management (한국디지털정책학회)
권호 표지
DOI QR코드

DOI QR Code

An Audit Model for Information Security of Hospital Information System

병원정보시스템에서의 정보보호를 위한 감리모형

  • Yu, Wan Hee (Dept. of Support Center, Tobetech) ;
  • Han, Ki Joon (Dept. of Computer Engineering, Konkuk University) ;
  • Kim, Dong Soo (Graduate School of Information and Telecomunications, Konkuk University) ;
  • Kim, Hee Wan (Dept. of Computer Engineering, Shamyook University)
  • Received : 2014.05.02
  • Accepted : 2014.07.20
  • Published : 2014.07.28
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.

최근 병원정보시스템은 병원 경영을 위한 다양한 서비스, 진료 활성화와 진료의 질 향상을 위하여 대용량의 데이터베이스를 보유하게 되었다. 하지만, 병원정보시스템에 대한 정보보호대책은 미흡한 편이다. 따라서, 병원정보시스템 구축할 때, 정보보호에 대한 대책을 적절하게 마련하여 정보보호 감리를 수행하여야 하며, 위험관리를 통한 정보보호 수준을 유지할 수 있도록 정보보호 관리체계(ISMS)를 수립하고 관리해야 한다. 본 논문에서는 병원정보시스템, 정보보호관리체계, 병원정보 보호 요구사항 및 위협요소를 근거로 병원정보시스템에 적합한 정보보호 감리모형을 제안하였다. 감리모형에서는 의료기관의 특성이 잘 반영되어 있는 ISO27799와 비교하여 점검항목들을 도출하였다. 보안영역은 물리적, 기술적, 관리적 영역으로 분류하고 각각에 세부적으로 정보보호 항목들을 도출하였다. 또한 ISO27799의 위험관리 절차에 따라 점검항목을 매핑함으로써 보안성과 효율성을 동시에 향상시킬 수 있도록 설계하였다. 제안한 감리모형은 IT 전문가들의 5점 척도 설문 조사 결과 평균 4.91점으로 나타나 적합하다는 결론이 도출되었다.

Keywords

References

  1. Dae-Won Moon, Si-Young Jang, Information System Managements-Business Managements, System Development and Audit Practices, Seoul: Myungkungsa, 1998.
  2. B. C. Mun, D. S. Kim, H. W. Kim, The Audit Model for efficient Hospital Information System Construction, Korea Society of IT Services, Vol. 11, No. 2, pp.197-211, 2012.
  3. Korea National Information Society Agency, Information System Audit Guideline Manual V3.0, Korea National Information Society Agency, 2008.
  4. ISO/IEC 27799, Health informatics - Information security management in health using ISO/IEC 27002, ISO, 2008.
  5. Sung-Hyun Park, The Suggestion of the Medical ISMS for the Small and Medium Hospitals and the Study on the Consulting Method Regarding to the Technical Protection, Master of Engineering dissertation, Graduate School of International Information of Dongguk University, 2013.
  6. Hye-Jung Kim, A Study on Indicator Development to Evaluate Hospital Information System : based on Balanced Scorecard Method, Master of Public Health dissertation, Graduate School of Public Health of Yonsei University, 2006.
  7. Hyung-Goo Kang, A Study on the Personal Health Information Security in Hospitals, Master of Engineering dissertation,, Graduate School of Information Communication of Konkuk University, 2012.
  8. Hyung-Ae Kim, Nursing Information System Development for Improving Nursing Work, Master of Nursing dissertation, Graduate School of Chungang University, 2004.
  9. Ki-Ho Yeo, A study of ISMS application in health organization using ISO 27799, Master of Engineering dissertation,, Graduate School of Information Communication of Konkuk University, 2012.
  10. J. Y. Lee, D. S. Kim, H. W. Kim, A Design on the Inforamtion Security Auditing Framework of the Information System Audit, Korea Society of Digital Industry and Information Management, Vol. 6, No. 2, pp.233-245, 2010.
  11. H. S. Hwang, G. H. Lee, A Study on the Mobile Security for Secure Smartwork Improvements, Korea Institute of Information Security and Cryptology, Vol. 21, No. 3, pp.22-34, 2011.
  12. H. C. Lee, J. H. Yi, K. W. Sohn, Smartwork Security Threats and Measures, Review of Korea Institute of Information Security and Cryptology, Vol. 21, No. 3, pp.12-21, 2011.
  13. Hojun Jegal, Juhyung Lee and Taekgu Kim., Scaling software agility : best practices for large enterprises., Euiwang.: Euiwang Publishing Inc, 2008.