Ethics code: IR.BUMS.REC.1403.012
1- Assistant Professor, Department of Health Information Technology, Ferdows Faculty of Medical Sciences, Birjand University of Medical Sciences, Birjand, Iran
2- Ph.D. Candidate in Health Information Management, School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran
3- Assistant Professor, Department of Health Information Technology, Ferdows Faculty of Medical Sciences, Birjand University of Medical Sciences, Birjand, Iran ,Farrahi1@bums.ac.ir
4- Bachelor of Sciences Student in Health Information Technology, Student Research Committee, Birjand University of Medical Sciences, Birjand, Iran
2- Ph.D. Candidate in Health Information Management, School of Health Management and Information Sciences, Iran University of Medical Sciences, Tehran, Iran
3- Assistant Professor, Department of Health Information Technology, Ferdows Faculty of Medical Sciences, Birjand University of Medical Sciences, Birjand, Iran ,
4- Bachelor of Sciences Student in Health Information Technology, Student Research Committee, Birjand University of Medical Sciences, Birjand, Iran
Abstract: (45 Views)
Background and Aim: With the digitalization of healthcare, hospital information systems handle vast amounts of sensitive data, making their protection crucial. This study aimed to assess the compliance of these systems in hospitals affiliated with Birjand University of Medical Sciences with the physical and technical safeguard standards of Health Insurance Portability and Accountability Act (HIPAA) in 2024.
Materials and Methods: This cross-sectional descriptive study was conducted in 15 hospitals affiliated with Birjand University of Medical Sciences. The study population consisted of Information Technology (IT) unit managers, who were selected using a census method (15 individuals). The research instrument was a researcher-developed checklist consisting of 56 items based on the physical and technical standards of HIPAA. The face validity of the checklist was confirmed by five experts in Health Information Management, Medical Informatics, and Health Policy, and its reliability was verified with a Cronbach’s alpha coefficient of 0.84. Data were analyzed using SPSS software and descriptive statistics, including frequency, percentage, mean, and standard deviation.
Results: A total of 15 information technology managers (14 men and 1 woman) from 15 hospitals, including 8 teaching and 7 non-teaching hospitals, participated in the study. The findings showed that the hospital information systems of Birjand University of Medical Sciences complied with the HIPAA physical and technical safeguard standards at rates of 81.7% and 86.7%, respectively. In the domain of physical safeguards, the workstation security standard demonstrated the highest level of compliance, with a mean score of 89.3%. Full compliance (100%) was observed for certain indicators, including emergency access procedures for facilities and physical access control procedures. In contrast, the lowest compliance in this domain was related to the device and media controls standard, with a mean score of 74.9%, particularly in the identification and tracking of hardware and electronic media. In the domain of technical safeguards, the overall mean compliance rate was 86.7%. Among these standards, person or entity authentication achieved the highest level of compliance, with all hospitals demonstrating full compliance (100%). In addition, access control (93.3%), audit controls (86.7%), and transmission security (85.3%) were all at desirable levels. However, the lowest compliance was observed for the integrity standard (50%), highlighting the need to strengthen technical infrastructure and implement more advanced electronic mechanisms to ensure data accuracy and integrity.
Conclusion: Although the overall level of compliance in the hospitals under study is satisfactory, significant gaps remain, particularly in device and media control and data integrity. These deficiencies may lead to breaches of patient privacy and undermine public trust in the healthcare system. It is recommended that senior hospital managers and health policymakers address these deficiencies by developing and implementing clear internal guidelines, investing in appropriate supportive technologies, and conducting continuous, targeted training programs for all personnel. In addition, periodic compliance monitoring is essential to ensure continuous improvement.
Materials and Methods: This cross-sectional descriptive study was conducted in 15 hospitals affiliated with Birjand University of Medical Sciences. The study population consisted of Information Technology (IT) unit managers, who were selected using a census method (15 individuals). The research instrument was a researcher-developed checklist consisting of 56 items based on the physical and technical standards of HIPAA. The face validity of the checklist was confirmed by five experts in Health Information Management, Medical Informatics, and Health Policy, and its reliability was verified with a Cronbach’s alpha coefficient of 0.84. Data were analyzed using SPSS software and descriptive statistics, including frequency, percentage, mean, and standard deviation.
Results: A total of 15 information technology managers (14 men and 1 woman) from 15 hospitals, including 8 teaching and 7 non-teaching hospitals, participated in the study. The findings showed that the hospital information systems of Birjand University of Medical Sciences complied with the HIPAA physical and technical safeguard standards at rates of 81.7% and 86.7%, respectively. In the domain of physical safeguards, the workstation security standard demonstrated the highest level of compliance, with a mean score of 89.3%. Full compliance (100%) was observed for certain indicators, including emergency access procedures for facilities and physical access control procedures. In contrast, the lowest compliance in this domain was related to the device and media controls standard, with a mean score of 74.9%, particularly in the identification and tracking of hardware and electronic media. In the domain of technical safeguards, the overall mean compliance rate was 86.7%. Among these standards, person or entity authentication achieved the highest level of compliance, with all hospitals demonstrating full compliance (100%). In addition, access control (93.3%), audit controls (86.7%), and transmission security (85.3%) were all at desirable levels. However, the lowest compliance was observed for the integrity standard (50%), highlighting the need to strengthen technical infrastructure and implement more advanced electronic mechanisms to ensure data accuracy and integrity.
Conclusion: Although the overall level of compliance in the hospitals under study is satisfactory, significant gaps remain, particularly in device and media control and data integrity. These deficiencies may lead to breaches of patient privacy and undermine public trust in the healthcare system. It is recommended that senior hospital managers and health policymakers address these deficiencies by developing and implementing clear internal guidelines, investing in appropriate supportive technologies, and conducting continuous, targeted training programs for all personnel. In addition, periodic compliance monitoring is essential to ensure continuous improvement.
Keywords: Hospital Information System, Data Security, Compliance, HIPAA, Privacy, Health Information Technology
Type of Study: Applied Research |
Subject:
Health Information Technology
Send email to the article author
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
