Study on applying ISO/DIS 27799 to medical industry's ISMS

Abstract

At present, as medical care sites use more and more IT system, information systems have come to play an important role in the business operation of medical organizations. It is an important goal for management at medical organization in Taiwan to keep the security of medical informatics. HIPAA had been run about ten years in USA, thought its efficiency has still remained to be seen, HIPAA has become the benchmark of the information governance in the information security of medical industry. The Department of Health of Taiwan had adapted from HIPAA and issued the HISPP/GD that included 9 principles and 12 articles altogether. This text will probe into the ISO/DIS 27799, the feasibility of applying it to the management of domestic medical organization and the corresponding detail of ISMS. By this way, we hope that Taiwan's medical organization can build a medical information system and manageable environment that according with the security requirements of confidentiality, integrality and availability.