Information Security Standards for Health Information Systems: The Implementer’s Approach

Information Security Standards for Health Information Systems: The Implementer’s Approach

Evangelos Kotsonis (Adacom SA, Greece) and Stelios Eliakis (Athens University of Economics and Business, Greece)
DOI: 10.4018/978-1-61692-895-7.ch006
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Current developments in the field of integrated treatment show the need for IS security approaches within the healthcare domain. Health information systems are called to meet unique demands to remain operational in the face of natural disasters, system failures and denial-of-service attacks. At the same time, the data contained in health information systems are strictly confidential and, due to the ethical, judicial and social implications in case of data loss, health related data require extremely sensitive handling. The purpose of this chapter is to provide an overview of information security management standards in the context of health care information systems and focus on the most widely accepted ISO/IEC 27000 family of standards for information security management. In the end of the chapter, a guide to develop a complete and robust information security management system for a health care organization will be provided, by mentioning special implications that are met in a health care organization, as well as special considerations related to health related web applications. This guide will be based on special requirements of ISO/IEC 27799:2008 (Health informatics — Information security management in health using ISO/IEC 27002).
Chapter Preview
Top

Background On Standards And Certifications

“Standardization is the process of developing and agreeing upon technical standards. A standard is a document that establishes uniform engineering or technical specifications, criteria, methods, processes, or practices” (Tsohou, 2009). Standards may fall into one of the following categories: International standard (a standard adopted by an international standards organization and made available to the general public), European standard (a standard adopted by a European standards organization and made available to the general public), and National standard (a standard adopted by a national standards organization and made available to the general public) (Guijarro, 2009).

Complete Chapter List

Search this Book:
Reset