Wyniki wyszukiwania - BazTech

Ograniczanie wyników

1 Dobski Paweł

1 2024

Znaleziono wyników: 1

Liczba wyników na stronie

Wyniki wyszukiwania

Wyszukiwano:
w słowach kluczowych: incydenty związane z bezpieczeństwem informacji

Sortuj według:

Ogranicz wyniki do:

Information security management in the operations of healthcare entities

Dobski Paweł

Zeszyty Naukowe. Organizacja i Zarządzanie / Politechnika Śląska

2024

z. 192

179--197

Purpose: The primary purpose of the study is to indicate the threats faced by medical entities in the context of the growing scale of collection and processing of personal data, including sensitive data. Therefore, it seems justified to attempt to systemically secure the processes related to this. Specific objective: The main objective formulated in this way required further specification through the scientific and cognitive objective, which was to assess whether the implementation of the ISO 27001:2017 information security system in a medical entity allows for reducing the risk of information security incidents. Project/methodology: The scope of scientific research defined in this way required the author not only to conduct literature studies, but also to apply appropriate research methods. As part of the considerations, it was decided to use methods such as: statistical analysis of data on the scale of implementation of a standardized data security system in the world and in Poland and the method of scientific description. Results: The literature studies conducted and the research methods used allowed to demonstrate that the implementation of a standardized information security management system allows, by taking into account the requirements resulting from it, to increase the level of information security in medical entities. Identification of organizational, legal and ICT risks reduces the likelihood of information security incidents, and thus reduces the risk of exposing the healthcare entity to legal liability resulting from violation of the provisions of the Personal Data Protection Act (Journal of Laws of 2018, item 100) and the Regulation of the Parliament European Union and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). Limitations: A certain limitation faced by the author was the inability to take into account the number of ISO 27001:2017 certificates issued in medical entities both in the world and in Poland. This is due to the fact that certification bodies are not obliged to make such information public. Additionally, a certain limitation is the lack of reporting on compensation awarded by common courts to persons who have been harmed as a result of a breach of the protection of their personal data. Practical implications: The study proposes a method for estimating risks in the field of information security in the activities of organizations, including healthcare entities. Additionally, the main benefits resulting from the implementation of the ISO 27001:2017 information security management system were indicated and the barriers that the manager of an entity providing health services should take into account were demonstrated. Originality/value: There are a number of studies in both domestic and foreign literature on the information security system and its importance in organizations. Few authors make the effort to analyze this type of solutions in the context of providing medical services and the problems that must be solved by people managing medical entities.