• P-ISSN 0974-6846 E-ISSN 0974-5645

Indian Journal of Science and Technology


Indian Journal of Science and Technology

Year: 2018, Volume: 11, Issue: 14, Pages: 1-14

Original Article

Risk Management Framework and Evaluation: Detail Site Study and Governance of Information Security Risk Management in Medical Information Technology Infrastructure in Hospitals


Objectives: This research has focused on exploring the risk factors involved in hospital medical IT infrastructure risk factor while carry out the software and hardware deployment (i.e. field study) and proposed a risk management framework and assessments for managing the risk. The main objective of the research is to propose an information security risk management framework for a hospital domain as part of use-case in this research. In this paper, we have identified possibilities of risk that might happen anytime, carried out risk analysis in university hospital, and provided risk contingency plans. Methods: Information security is very important for the organization, but very particular for hospital domain, due to patient information is involved and it is very sensitive. While delivering the information, need to be producing the right information at right time with the effective care. The availability of information is very important in medical systems where most of the providers are from cross-border healthcare domain. The methodology followed is a qualitative approach of interview, collecting data, analysis the data, evaluate and provide recommendations. Findings: The expected outcome from this work is a recommendation of risk managing framework for hospital domain on a global context. The risk assessment evaluates the IT plan reports for hospitals and the involved parties to identify the sensitivity, threats, vulnerabilities, and risks that surround the whole medical IT infrastructure. The identified risks are analysed, prioritized and mitigated by providing relevant control plan and recommendationswere provided toavoid or minimize the risk factors in the medical domain. Improvements: Based on field study and risk evaluation reports, IT infrastructure can be improved and risk factors would be forecasted in future and minimized with effective contingency plans. 

Keywords: Information Security, Medical Hospital, Risk Assessment, Risk Management, Risk Mitigation


Subscribe now for latest articles and news.