How Do they Manage Personal Information in Hospital? - A Survey Study for IT Governance in Hospitals - (의료기관의 IT 거버넌스를 위한 병원 직원의 개인정보 관리 현황 조사연구)

정혜정; Nam-Hyun Kim (김남현)

How Do they Manage Personal Information in Hospital? - A Survey Study for IT Governance in Hospitals -

Crisisonomy
Abbr : KRCEM
2013, 9(8), pp.47-66
Publisher : Crisis and Emergency Management: Theory and Praxis
Research Area : Social Science > Public Policy > Public Policy in general

정혜정 ¹, Nam-Hyun Kim ¹

¹연세대학교

Accredited

ABSTRACT

IT governance aims at risk mitigation and business value delivery. Human resources are important assets of organization but also can be key factor of the threat and vulnerability which may harm that system. Personal information has two sides as the most valuable asset of organization and the target to be protected by the privacy law. The law strictly restricts use of personal identifiable information and sensitive information within narrow limits. To achieve the primary goal, medical treatment, healthcare organizations must deal with personal information. This study is to investigate inherent vulnerability through research survey of hospital staffs who manage information and to examine whether personal health information is safe from threat. 70% of respondents use weak password and one third of them share their password with others. 50.6% of respondents set password for access operating system and only 31.2% log out when not in use. 48.5% save confidential information in their personal storage and only one fourth execute encryption.

KEYWORDS

risk management, vulnerability assessment, access control, healthcare organization, health information, password, protect persional information

Citation status

* References for papers published after 2023 are currently being built.

[other] / 2013 / 시행 2013. 3. 23. 법률 제11690호 / 개인정보 보호법

[other] / 2013 / 시행 2013. 3. 23. 대통령령 제24425호 / 개인정보 보호법 시행령

[other] 방송통신위원회 / 2012 / 고시 제2012-50호. 개인정보의 기술적ㆍ관리적 보호조치 기준

[other] / 2013 / 시행 2013. 1. 1. 법률 제10387호 / 의료법

[other] / 2013 / 시행 2013. 4. 17. 보건복지부령 제193호 / 의료법 시행규칙

[other] 전자신문 / 2012 / 올 하반기 개인정보ㆍ내부정보 유출이 가장 큰 보안 위협

[confproc] 한국정보보호진흥원(現 한국인터넷진흥원) / 2009 / 개인정보의 기술적ㆍ관리적 보호조치 기준 개정(안)의 추진방향 및 주요내용 / i-PIN 정책 설명회 및 개인정보의 기술적ㆍ관리적 보호조치 기준 개정(안)공청회

[other] 행정안전부 / 2011 / 고시 제2011–제43호, 개인정보의 안전성 확보조치 기준

[other] BankInfoSecurity / 2013 / Impact on Data Breach Costs. 2013. 6. 11

[journal] Barki, H. / 1993 / Toward an Assessment of Software Development Risk / Journal of Management Information Systems 10(2) : 203~225

[other] ISACA. / 2013 / 2013 CISA Review Manual(Korean translated) / ISACA

[other] ISACA. / 2009 / The Risk IT Framework / ISACA

[other] ISO/IEC 13335-1 : 2004. / 2004 / Information Technology-Security Techniques-Management of Information and Communications Technology Security-Part 1: Concepts and Models for Information and Communications Technology Security Management

[book] Ponemon Institute. / 2013 / 2013 Cost of Data Breach Study: Global Analysis / Ponemon Institute

[book] Yates, J. Frank / 1992 / The Risk Construct in Risk-Taking Behavior / John Wiley & Sons

KJCKorea
Journal Central

Crisisonomy 2023 KCI Impact Factor : 0.64