TY - JOUR
T1 - Developing and Validating a Healthcare Information Security Governance Framework.
AU - Mahncke, Rachel
AU - Williams, Patricia
PY - 2014
Y1 - 2014
N2 - General medical practices' in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner's (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance.
AB - General medical practices' in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner's (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance.
KW - Action Research
KW - Focus Group Interviews
KW - General Practice
KW - Information Security Governance
KW - ISO/IEC 27014:2013
KW - RACGP CISS (2013)
UR - http://www.ejhi.net/ojs/index.php/ejhi/article/view/256/165http://www.ejhi.net/ojs/index.php/ejhi/article/view/256/165
UR - http://www.ejhi.net/ojs/index.php/ejhi/article/view/256/165
UR - http://www.scopus.com/inward/record.url?scp=84925399065&partnerID=8YFLogxK
M3 - Article
SN - 1446-4381
VL - 8
SP - Art: e12
JO - e-Journal of Health Informatics
JF - e-Journal of Health Informatics
IS - 2
M1 - e12
ER -