An Audit Model for Information Security of Hospital Information System

병원정보시스템에서의 정보보호를 위한 감리모형

  • Yu, Wan Hee (Dept. of Support Center, Tobetech) ;
  • Han, Ki Joon (Dept. of Computer Engineering, Konkuk University) ;
  • Kim, Dong Soo (Graduate School of Information and Telecomunications, Konkuk University) ;
  • Kim, Hee Wan (Dept. of Computer Engineering, Shamyook University)
  • Received : 2014.05.02
  • Accepted : 2014.07.20
  • Published : 2014.07.28


Recently, Hospital information systems have the large databases by wide range offices for hospital management, health care to improve the quality of care. However, hospital information systems for information security measures are insufficient. Therefore, when we construct the hospital information system, we have to audit the information security measures for them, and we have to manage the ISMS(Information Security Management System) to maintain the information protection level through the risk managements. In this paper, we suggested the hospital information security audit model for the protection of health information privacy by the current hospital information systems, information security management system(ISMS), and hospital information security requirements and threats. We derived the check items compared with ISO27799 reflected the characteristics of the hospital. We classified the security domains as the physical, technical, administrative domain, and derived the check items for information security. We also designed the check lists by mapping the ISO27799 risk management process to improve the security and efficiency simultaneously. Our model by the five-point scale survey of IT experts was verified the suitability with the average of 4.91 points.


Supported by : 삼육대학교


  1. Dae-Won Moon, Si-Young Jang, Information System Managements-Business Managements, System Development and Audit Practices, Seoul: Myungkungsa, 1998.
  2. B. C. Mun, D. S. Kim, H. W. Kim, The Audit Model for efficient Hospital Information System Construction, Korea Society of IT Services, Vol. 11, No. 2, pp.197-211, 2012.
  3. Korea National Information Society Agency, Information System Audit Guideline Manual V3.0, Korea National Information Society Agency, 2008.
  4. ISO/IEC 27799, Health informatics - Information security management in health using ISO/IEC 27002, ISO, 2008.
  5. Sung-Hyun Park, The Suggestion of the Medical ISMS for the Small and Medium Hospitals and the Study on the Consulting Method Regarding to the Technical Protection, Master of Engineering dissertation, Graduate School of International Information of Dongguk University, 2013.
  6. Hye-Jung Kim, A Study on Indicator Development to Evaluate Hospital Information System : based on Balanced Scorecard Method, Master of Public Health dissertation, Graduate School of Public Health of Yonsei University, 2006.
  7. Hyung-Goo Kang, A Study on the Personal Health Information Security in Hospitals, Master of Engineering dissertation,, Graduate School of Information Communication of Konkuk University, 2012.
  8. Hyung-Ae Kim, Nursing Information System Development for Improving Nursing Work, Master of Nursing dissertation, Graduate School of Chungang University, 2004.
  9. Ki-Ho Yeo, A study of ISMS application in health organization using ISO 27799, Master of Engineering dissertation,, Graduate School of Information Communication of Konkuk University, 2012.
  10. J. Y. Lee, D. S. Kim, H. W. Kim, A Design on the Inforamtion Security Auditing Framework of the Information System Audit, Korea Society of Digital Industry and Information Management, Vol. 6, No. 2, pp.233-245, 2010.
  11. H. S. Hwang, G. H. Lee, A Study on the Mobile Security for Secure Smartwork Improvements, Korea Institute of Information Security and Cryptology, Vol. 21, No. 3, pp.22-34, 2011.
  12. H. C. Lee, J. H. Yi, K. W. Sohn, Smartwork Security Threats and Measures, Review of Korea Institute of Information Security and Cryptology, Vol. 21, No. 3, pp.12-21, 2011.
  13. Hojun Jegal, Juhyung Lee and Taekgu Kim., Scaling software agility : best practices for large enterprises., Euiwang.: Euiwang Publishing Inc, 2008.