Content area
Full Text
Abstract: This paper gives a detailed review of security system assessment tools suitable for eHealth system in Namibia's public health sector. Like many other countries that adopted the use of eHealth system in public health sectors, Namibia has as well embraced such technology as a driver of the health service provision where by the use of Integrated HealthCare Management System (IHCMS) was introduced in 2011 to address challenges of traditional health delivery services in public hospitals. The use of eHealth systems allows for better provision of health services to the community and the entire nation; however, it also brings security challenges such as cyber security incidents. Cyber security incidents can compromise the Confidentiality, Integrity and Availability (CIA) of health information. In order to minimize the likelihood of these incidents from happening, appropriate and effective security measures need to be in place. Therefore, there is a need to conduct security assessments to identify any possible security gaps that could exist, to facilitate remediation. With the aid of desktop review this paper aims at discussing some of the eHealth security issues, eHealth security mechanisms as well as security standards that can be implemented to ensure safety of patients' personal health record. The paper ends with the discussion on how an assessment of security requirements on eHealth systems can be implemented in Namibian Government Hospitals. Conclusion has been reached that ISO 27799 is the best assessment tool to assess security requirements on eHealth systems implemented in Namibian government hospitals for as long as it is implemented together with ISO 27001. Hence it is very imperative that the Namibian public health sector can make use of international standards with the aid and good reputation of ISO 27001 to implement the ISO 27799 security control in order to protect patient's electronic health records. In future, as future work the ISO27002 controls will be evaluated in the hospitals and the findings will inform development of standard security assessment tool for Namibian eHealth systems.
Keywords: Cyber security, EHealth, EHealth security, EHealth security assessment, Privacy, Security assessment
1.Introduction
E-health is a term that defines the management of health care services electronically using Information Communication Technology (Kabede, 2010. It is a known fact that the health care used to be provided in conditions...