Information security standards in the information system of hospitals of Neyshabur University of Medical Sciences

Given the variety of risks that threaten information, it is necessary to strengthen the security and confidentiality of data and health information in health care organizations, given the breadth of hospital information systems in medical centers. The aim of this study was to investigate the security of the information system of Neyshabur University of Medical Sciences based on HIPAA and ISO / IEC27001 standards.

The present study was a descriptive cross-sectional study that was conducted in 2021. The study population was the hospital information system of Hakim and 22 Bahman hospitals of Neyshabur University of Medical Sciences. The collection tool in this study was a researcher-made checklist based on HIPAA and ISO / IEC27001 standards. Data collection was done by visiting the researchers in person and observing and reviewing the documents related to the standards and asking questions from HIS experts (4 people in each hospital).

The findings of the study showed that the technical standards of 100% in Bahman 22 Hospital and in Hakim Hospital had the highest standards of information security policy of 100% and information security organizations of 90%.

Despite the desirability of information security in the hospitals under study, because so much information is exchanged in hospitals on a daily basis, non-compliance with nano-level security can cause irreparable damage to hospitals. Therefore, the managers of health information management and information technology departments of hospitals should try to identify the vulnerabilities and plan to improve the shortcomings of hospital information security.