评估用于保护医疗设备集成电子病历的应用安全控制。

IF 2.1 4区医学 Q3 HEALTH CARE SCIENCES & SERVICES

Journal of evaluation in clinical practice Pub Date : 2024-09-19 DOI:10.1111/jep.14140

Aeshah Alhammad, Maryati Mohd Yusof, Dian Indrayani Jambari

{"title":"评估用于保护医疗设备集成电子病历的应用安全控制。","authors":"Aeshah Alhammad, Maryati Mohd Yusof, Dian Indrayani Jambari","doi":"10.1111/jep.14140","DOIUrl":null,"url":null,"abstract":"Rationale, aims, and objectives: Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.Method: We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.Results: The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.Conclusion: Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.","PeriodicalId":15997,"journal":{"name":"Journal of evaluation in clinical practice","volume":null,"pages":null},"PeriodicalIF":2.1000,"publicationDate":"2024-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluating applied security controls for safeguarding medical device-integrated electronic medical records.\",\"authors\":\"Aeshah Alhammad, Maryati Mohd Yusof, Dian Indrayani Jambari\",\"doi\":\"10.1111/jep.14140\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Rationale, aims, and objectives: Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.Method: We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.Results: The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.Conclusion: Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.\",\"PeriodicalId\":15997,\"journal\":{\"name\":\"Journal of evaluation in clinical practice\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.1000,\"publicationDate\":\"2024-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of evaluation in clinical practice\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://doi.org/10.1111/jep.14140\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"HEALTH CARE SCIENCES & SERVICES\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of evaluation in clinical practice","FirstCategoryId":"3","ListUrlMain":"https://doi.org/10.1111/jep.14140","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"HEALTH CARE SCIENCES & SERVICES","Score":null,"Total":0}

引用次数: 0

摘要

理由、目的和目标：医疗设备集成电子病历（MDI-EMR）在确保有效使用、数据安全和患者安全方面提出了重大挑战。由于 MDI-EMR 的复杂性，有必要应用各种安全机制来防范网络威胁。因此，我们从社会技术和风险评估的角度出发，利用一个建议的框架评估了 MDI-EMR 所面临的网络威胁以及所应用的安全控制措施的有效性：方法：我们在沙特阿拉伯的一家综合医院开展了一项定性案例研究评估，从医疗服务提供者、IT 专业人员和网络安全专家等 MDI-EMR 主要利益相关者的角度，采用访谈、观察和文件分析等方法进行评估：结果：研究结果表明，物理、技术和管理安全控制之间存在相互作用，从而维护了 MDI-EMR 的安全态势。员工的网络安全意识和培训对安全控制的有效性有很大影响。用户对安全控制有效性的认识各不相同，有些用户对其易用性和可靠性表示满意，有些用户则强调了密码复杂性和访问程序等挑战。了解这些不同的观点对于调整安全措施以有效满足不同利益相关者的需求至关重要：主要利益相关者之间的合作对于实施 MDI-EMR 安全控制至关重要。平衡安全措施与可用性之间的关系至关重要，实施技术控制所面临的挑战就凸显了这一点。包括物理、技术和行政控制在内的综合方法，以及持续教育和提高认识的举措，对于增强员工识别和有效缓解网络威胁的能力，以保护医疗数据和确保医疗保健系统的完整性具有重要意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Evaluating applied security controls for safeguarding medical device-integrated electronic medical records.

Rationale, aims, and objectives: Medical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.

Method: We conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.

Results: The results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.

Conclusion: Collaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of evaluation in clinical practice 医学-卫生保健

CiteScore

4.80

自引率

4.20%

发文量

143

审稿时长

3-8 weeks

期刊介绍： The Journal of Evaluation in Clinical Practice aims to promote the evaluation and development of clinical practice across medicine, nursing and the allied health professions. All aspects of health services research and public health policy analysis and debate are of interest to the Journal whether studied from a population-based or individual patient-centred perspective. Of particular interest to the Journal are submissions on all aspects of clinical effectiveness and efficiency including evidence-based medicine, clinical practice guidelines, clinical decision making, clinical services organisation, implementation and delivery, health economic evaluation, health process and outcome measurement and new or improved methods (conceptual and statistical) for systematic inquiry into clinical practice. Papers may take a classical quantitative or qualitative approach to investigation (or may utilise both techniques) or may take the form of learned essays, structured/systematic reviews and critiques.