Document Type

Journal Article

Publisher

electronic Journal of Health Informatics

Faculty

Faculty of Health, Engineering and Science

School

School of Computer and Security Science/eHealth Research Group

RAS ID

18776

Comments

This article was originally published as: Mahncke, R. J., & Williams, P. A. (2014). Developing and Validating a Healthcare Information Security Governance Framework. electronic Journal of Health Informatics, 8(2), Article no. e12. Original article available here

Abstract

General medical practices' in Australia are vulnerable to information security threats and insecure practices. It is well accepted in the healthcare environment that information security is both a technical and a human endeavour, and that the human behaviours, particularly around integration with healthcare workflow, are key barriers to good information security practice. The Royal Australian College of General Practitioner's (RACGP) Computer and Information Security Standards (CISS) 2013 are the best practice standards for general practices, against which information security is assessed during practice accreditation. With the release of ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security in May 2013, it is this governance component of information security that is insufficiently addressed within General Practice at present. This paper documents the development and validation of an information security governance framework for use within general medical practice. The aim of the proposed Information Security Governance Framework is to extend current best practice information security management to include information security governance.

Creative Commons License

Creative Commons Attribution 3.0 License
This work is licensed under a Creative Commons Attribution 3.0 License.

Share

 
COinS