An organizational view on formulating information security policies in hospitals
DOI: 10.15343/0104-7809.20113278289
Keywords:
Information Technology. Health Management. Health Manager.Abstract
This research aimed at understanding the participation of the managers in the process of devising strategies of a policy
on information security, identifying the guiding elements to make an analysis structure about hospitals. The object of this research
was composed by five hospitals, chosen according to the following criteria: type, duration and position in the market, and easy access
to data. This research used a multi-case and cross-section study design of a contextual and process and exploratory and descriptive
nature to create a categorical classification to develop a theory based on data. This research conducted the development of an analysis
structure that was named as “Continuous Follow-up Cycle for the Development of a Policy on Information Security about Hospitals”.
With this structure, it was possible to identify the duties about the information security in the different organizational levels, defining
responsibilities as to the compliance, evaluation and audit verification and implementation and establishing guidelines needed for all
the protection measures that will be implemented. As a result, it was observed that the studied hospitals in their different natures
showed clear deficiencies to formulate a policy on information security due to the need for clear definitions in the roles of the several
organizational groups and for guiding elements for the perception in the decision-making of the managers.
Downloads
