@Article{info:doi/10.2196/30050,作者="Yeng, Prosper Kandabongee and Fauzi, Muhammad Ali and Sun, Luyi and Yang, Bian",标题="评估三个国家医疗保健信息安全要求的法律方面:范围审查和框架开发",期刊="JMIR Hum Factors",年="2022",月=" 5",日="25",卷="9",数="2",页="e30050",关键词="法律要求";信息安全;医疗保健;背景:医疗保健领域的网络攻击造成的人命损失不再是一个概率量化问题,而是一个已经开始的现实。此外,威胁范围也在扩大,包括对国家安全的威胁,导致医疗保健部门的数据泄露激增。就此而言,已经有了各种立法、法规和信息安全治理工具(如政策、标准和指令)的规定,以增强医疗保健信息安全——用户之间有意识的护理行为。同时,在研究场景中,没有全面的必要安全实践作为评估卫生保健安全实践的标准。此外,对需要更多集中管理、最终用户或两者的需求的整体视图的分析还没有得到全面的发展。因此,安全实践研究有可能会遗漏至关重要的要求。目的:本研究的目的是系统地识别、评估和分析医疗保健领域最新的信息安全需求。 These requirements can be used to develop a framework to serve as a yardstick for measuring the future real security practices of health care staff. Methods: A scoping review was, as a result, adopted to identify, assess, and analyze the information security requirement sources within health care in Norway, Indonesia, and Ghana. Results: Of 188 security and privacy requirement sources that were initially identified, 130 (69.1{\%}) were fully read by the authors. Subsequently, of these 188 requirement documents, 82 (43.6{\%}) fully met the inclusion criteria and were accessed and analyzed. In total, 253 security and privacy requirements were identified in this work. The findings were then used to develop a framework to serve as a benchmark for modeling and analyzing health care security practices. Conclusions: On the basis of these findings, a framework for modeling, analyzing, and developing effective security countermeasures, including incentivization measures, was developed. Following this framework, research results of health care security practices would be more reliable and effective than relying on incomprehensive security requirements. ", issn="2292-9495", doi="10.2196/30050", url="https://humanfactors.www.mybigtv.com/2022/2/e30050", url="https://doi.org/10.2196/30050", url="http://www.ncbi.nlm.nih.gov/pubmed/35612891" }