Research Toward the Practical Application of a Risk Evaluation Framework: Security Analysis of the Clinical Area within the German Electronic Health Information System
Proceedings of International Bled eConference (Bled 2011), Bled, Slovenia, June 12-15, 2011, pp. 156-168
Posted: 29 Sep 2012
Date Written: 2011
Abstract
The following study provides a risk analysis of the forthcoming nationwide healthcare information system in Germany. Based on the information security audit methodology of the Federal Office for Information Security (BSI), we evaluated the introduction of the new system in hospitals with respect to security. Conceptually, the study focuses explicitly on an organizational level; specifically the use of healthcare telematics components such as electronic health card and health professional card. A dual approach of both security process and risk analysis thereby established an adequate level of information security. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail. Based on these perceptions it is possible to precisely check the workflows “patient admission” and “prescription of medicine” for inherent organizational threats. The aim of this paper is to propose appropriate steps to mitigate potential risks before German healthcare telematics comes into use.
Keywords: electronic health card, eHealth, organizational risk analysis, information security management
Suggested Citation: Suggested Citation