Background: Availability of information in hospitals is an important prerequisite for good service. Significant resources have\r\nbeen invested to improve the availability of information, but it is also vital that the security of this information can be guaranteed.\r\nObjective: The goal of this study was to assess information security in hospitals through a questionnaire based on the International\r\nOrganization for Standardization (ISO) and the International Electrotechnical Commission (IEC) standard ISO/IEC 27002,\r\nevaluating Information technology ââ?¬â?? Security techniques ââ?¬â?? Code of practice for information-security management, with a special\r\nfocus on the effect of the hospitalsââ?¬â?¢ size and type.\r\nMethods: The survey, set up as a cross-sectional study, was conducted in January 2011. The chief information officers (CIOs)\r\nof 112 hospitals in German-speaking Switzerland were invited to participate. The online questionnaire was designed to be fast\r\nand easy to complete to maximize participation. To group the analyzed controls of the ISO/IEC standard 27002 in a meaningful\r\nway, a factor analysis was performed. A linear score from 0 (not implemented) to 3 (fully implemented) was introduced. The\r\nscores of the hospitals were then analyzed for significant differences in any of the factors with respect to size and type of hospital.\r\nThe participating hospitals were offered a benchmark report about their status.\r\nResults: The 51 participating hospitals had an average score of 51.1% (range 30.6% - 81.9%) out of a possible 100% where all\r\nitems in the questionnaire were fully implemented. Room for improvement could be identified, especially for the factors covering\r\nââ?¬Å?process and quality managementââ?¬Â (average score 1.3 Ã?± 0.8 out of a maximum of 3) and ââ?¬Å?organization and risk managementââ?¬Â\r\n(average score 1.3 Ã?± 0.7 out of a maximum of 3). Private hospitals scored significantly higher than university hospitals in the\r\nimplementation of ââ?¬Å?security zonesââ?¬Â and ââ?¬Å?backupââ?¬Â (P = .008).\r\nConclusions: Half (50.00%, 8588/17,177) of all assessed hospital beds in German-speaking Switzerland are in hospitals that\r\nhave a score of 49% or less of the maximum possible score in information security. Patient data need to be better protected because\r\nof the data protection laws and because sensitive, personal data should be guaranteed confidentiality, integrity, and availability.
Loading....