Aeshah Alhammad, Maryati Mohd Yusof, Dian Indrayani Jambari
{"title":"Evaluating applied security controls for safeguarding medical device-integrated electronic medical records.","authors":"Aeshah Alhammad, Maryati Mohd Yusof, Dian Indrayani Jambari","doi":"10.1111/jep.14140","DOIUrl":null,"url":null,"abstract":"<p><strong>Rationale, aims, and objectives: </strong>Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.</p><p><strong>Method: </strong>We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.</p><p><strong>Results: </strong>The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.</p><p><strong>Conclusion: </strong>Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.</p>","PeriodicalId":15997,"journal":{"name":"Journal of evaluation in clinical practice","volume":null,"pages":null},"PeriodicalIF":2.1000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of evaluation in clinical practice","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1111/jep.14140","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}
引用次数: 0
Abstract
Rationale, aims, and objectives: Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.
Method: We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.
Results: The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.
Conclusion: Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.
期刊介绍:
The Journal of Evaluation in Clinical Practice aims to promote the evaluation and development of clinical practice across medicine, nursing and the allied health professions. All aspects of health services research and public health policy analysis and debate are of interest to the Journal whether studied from a population-based or individual patient-centred perspective. Of particular interest to the Journal are submissions on all aspects of clinical effectiveness and efficiency including evidence-based medicine, clinical practice guidelines, clinical decision making, clinical services organisation, implementation and delivery, health economic evaluation, health process and outcome measurement and new or improved methods (conceptual and statistical) for systematic inquiry into clinical practice. Papers may take a classical quantitative or qualitative approach to investigation (or may utilise both techniques) or may take the form of learned essays, structured/systematic reviews and critiques.