Developing and Validating a Healthcare Information Security Governance Framework.

Rachel Mahncke, Patricia Williams

    Research output: Contribution to journalArticlepeer-review

    1 Citation (Scopus)


    General medical practices' in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner's (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance.

    Original languageEnglish
    Article numbere12
    Pages (from-to)Art: e12
    Number of pages13
    Journale-Journal of Health Informatics
    Issue number2
    Publication statusPublished - 2014


    • Action Research
    • Focus Group Interviews
    • General Practice
    • Information Security Governance
    • ISO/IEC 27014:2013
    • RACGP CISS (2013)


    Dive into the research topics of 'Developing and Validating a Healthcare Information Security Governance Framework.'. Together they form a unique fingerprint.

    Cite this