Security Risk Management in Healthcare: A Case Study

We investigated the effectiveness of a security risk management (SRM) program at a large healthcare institution. Using a survey, we explored how nine critical success factors (CSFs): executive management support (EMS), organizational maturity (OM), open communication (OC), risk management stakeholders (RMS), team member empowerment (TME), holistic view for an organization (HVO), security maintenance (SM), corporate security strategy (CSS), and human resource development (HRD) impacted SRM effectiveness. Implementing a mixed research method, we found that employees had a positive perception of SRM toward all CSFs but one―team member empowerment (TME). Both medical professionals and staff had a negative perception of how TME was implemented at the institution

Ubiquitous Healthcare Information System: Toward Crossing the Security Chasm

Ubiquitous healthcare information system is increasingly seen as a viable option for reducing the inherent time lag and inaccuracies in the traditional model of healthcare and promoting the delivery and practice of evidence-based healthcare―as and when needed―without any location and time constraints. Although promising, the realization of ubiquitous healthcare information system brings several threats and risks rooted in real-time collection, analysis, storage, transmission, and access of critical medical data. In this research, we address information security concerns pertaining to the paradigm of ubiquitous healthcare information system. To accomplish this we use National Institute for Standards and Technology’s (NIST’s) system development lifecycle model (SDLC) as the underlying framework to explore the current state of ubiquitous healthcare from the perspective of security. We then leverage the model to propose future research directions in this area. By implementing the NIST’s SDLC model in such a manner, we offer a different dynamic of healthcare security that has not been addressed in literature before