Managing information security in healthcare

  • Velibor BOŽIĆ General Hospital Koprivnica, Croatia
Keywords: healthcare sector, information systems, risk, risk management, COBIT, ISO 27799


Smart city consists of: waste management, smart energy, education, smart communications, smart transportation, traffic management, smart parking, smart streetlights and smart healthcare. All of these areas require management of information safety. Here, the topic is management of information safety in healthcare. The objective is to show the new approach to management of information safety, which involves all employees in this process. Whether manufacturing or service, public or private, organizations increasingly depend on information and communication technology (ICT). ICT presents in such extent that its users are not even aware of its influence. It is a usual part of any organization. However, the dependence on ICT holds a potential hazard for organization’s performance. Some issues about the ICT safety should be addressed in every organization. First, does the management of an organization is aware of the potential risks and problems in the ICT area, such as potential ICT unavailability (risk culture) or accidental damage? Is there a systematic approach to threat identification, vulnerability exploration, and evaluation of the impact of realized threats on the business? Is an organization aware of the value of ICT, which should be treated in the organization as any other asset influencing business efficiency and effectiveness? Preventive and corrective actions (system of controls) are warranted for mitigating the risk of destruction or abuse of ICT. In this paper, we discuss these questions and suggest possible solutions. There are many works about the topic but these are stressed only one segment in management of information safety. We used case study, observation and structure analysis in our exploration. The results will be presented here. The results will be useful for everybody who is worried about information security in organizations. Value of this paper is showing the need of multidisciplinary approach in management of information safety.