• J Eval Clin Pract · Sep 2024

    Evaluating applied security controls for safeguarding medical device-integrated electronic medical records.

    • Aeshah Alhammad, Maryati Mohd Yusof, and Dian Indrayani Jambari.
    • Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Bangi, Malaysia.
    • J Eval Clin Pract. 2024 Sep 19.

    Rationale, Aims, And ObjectivesMedical device-integrated electronic medical records (MDI-EMR) pose significant challenges in ensuring effective usage, data security and patient safety. The complexities of MDI-EMR necessitate applying various security mechanisms to safeguard against cyber threats. Therefore, we evaluated cyber threats to MDI-EMR and the effectiveness of applied security controls using a proposed framework from sociotechnical and risk assessment perspectives.MethodWe conducted a qualitative case study evaluation in a general hospital in Saudi Arabia using interviews, observation, and document analysis from the perspectives of major MDI-EMR stakeholders, including healthcare providers, IT professionals and cybersecurity specialists.ResultsThe results showed the interplay among physical, technical and administrative security controls that maintained a secure posture of MDI-EMR. The effectiveness of security controls is highly influenced by the staff's cybersecurity awareness and training. The perceived effectiveness of security controls varied among users, with some expressing satisfaction with the ease of use and reliability, while others highlighting challenges such as password complexity and access procedures. Understanding these diverse perspectives is crucial for tailoring security measures to meet the needs of different stakeholders effectively.ConclusionCollaboration among the key stakeholders is crucial for implementing security controls for MDI-EMR. Balancing security measures with usability concerns is essential, as highlighted by challenges in implementing technical controls. A comprehensive approach encompassing physical, technical and administrative controls, continuous education and awareness initiatives are significant to empower staff in recognising and mitigating cyber threats effectively to safeguard medical data and ensure the integrity of healthcare systems.© 2024 John Wiley & Sons Ltd.

      Pubmed     Copy Citation     Plaintext  

      Add institutional full text...

    Notes

     
    Knowledge, pearl, summary or comment to share?
    300 characters remaining
    help        
    You can also include formatting, links, images and footnotes in your notes
    • Simple formatting can be added to notes, such as *italics*, _underline_ or **bold**.
    • Superscript can be denoted by <sup>text</sup> and subscript <sub>text</sub>.
    • Numbered or bulleted lists can be created using either numbered lines 1. 2. 3., hyphens - or asterisks *.
    • Links can be included with: [my link to pubmed](http://pubmed.com)
    • Images can be included with: ![alt text](https://bestmedicaljournal.com/study_graph.jpg "Image Title Text")
    • For footnotes use [^1](This is a footnote.) inline.
    • Or use an inline reference [^1] to refer to a longer footnote elseweher in the document [^1]: This is a long footnote..

    hide…