Journal of International Information Management


The reliance on information systems forces the health care organizations to consider two security management issues: information control and security policy. The objective of this article is to examine a direction to effectively support and enhance the health care delivery through information systems in hospitals. An integrated focus is provided through an information control framework for analyzing the three control elements: accessibility, confidentiality, and integrity. The security policy involves three aspects: prevention of unauthorized access into the system, controlling the input and output of the system, and monitoring the health care information systems. The framework has implications for research beyond the case of health care information systems. Specifically, we suggest that any information control and security policy founded on the system context approach will not be adequate unless organizational context is also considered. Hospital managers should see themselves as the key actors in monitoring the dynamic information systems environment, assessing organizational risk, coordinating with functional areas in hospitals, and disseminating appropriate information.