Interpreting international governance standards for health IT use within general medical practice
Document Type
Conference Proceeding
Publisher
IOS Press
Faculty
Faculty of Health, Engineering and Science
School
School of Computer and Security Science / eHealth Research Group
RAS ID
19335
Abstract
General practices in Australia recognise the importance of comprehensive protective security measures. Some elements of information security governance are incorporated into recommended standards, however the governance component of information security is still insufficiently addressed in practice. The International Organistion for Standardisation (ISO) released a new global standard in May 2013 entitled, ISO/IEC 27014:2013 Information technology - Security techniques - Governance of information security. This standard, applicable to organisations of all sizes, offers a framework against which to assess and implement the governance components of information security. The standard demonstrates the relationship between governance and the management of information security, provides strategic principles and processes, and forms the basis for establishing a positive information security culture. An analysis interpretation of this standard for use in Australian general practice was performed. This work is unique as such interpretation for the Australian healthcare environment has not been undertaken before. It demonstrates an application of the standard at a strategic level to inform existing development of an information security governance framework.
DOI
10.3233/978-1-61499-427-5-86
Access Rights
subscription content
Comments
Mahncke, R. J., & Williams, P. A. (2014). Interpreting international governance standards for health IT use within general medical practice. Proceedings of National Health Informatics Conference. (pp. 86-91). Melbourne, VIC. IOS Press. Available here