Upravljanje podacima i informacijama u zdravstvenim informacijskim sustavima Republike Hrvatske - sigurnost, zaštita i odgovornost

Every provider of electronic services in the Republic of Croatia as well as in the European union, including healthcare services providers, is exposed to the risk of data and information disclosure on a daily basis. In accordance with the General Data Protection Regulation and the Law on Data and Information in Health of the Republic of Croatia, they must implement technical and organizational measures to increase the level of data protection. The author in this paper emphasizes the methodology of security and data protection and liability in risk management in health information systems by applying international standards, ISO 27799: 2016 in particular in accordance with the applicable legal framework in the field of protection of personal data and information in health care, which ensures a high level of protection, with a clear identification of the liability of supervisory entities in the management of data and information in health care.