摘要: | 隨著資訊科技不斷創新與演進,醫療資訊系統發展也日益受到重視。醫療服務業亦不斷採用數位產品作為輔助,如:電子病歷系統、RFID(無線射頻辨識)、遠距監控、PHS簡訊系統等等,都不斷被廣泛應用於醫療服務流程之上。因此,近來各醫療院所不斷導入新資訊技術。但鑑於醫療與資訊原屬於不同知識領域,各有重點議題。然而醫療是非常勞心及勞力的產業,需長時間為病患服務。要不斷追求醫學新知下,在心有餘力於追求資訊科技發展與應用之際,絕大多數醫療人員常疏忽資訊安全這方面訊息!另一面在招聘熟悉醫療與資訊知識之資訊部門人員,而資訊人員常因醫院工作繁重等因素離職率高,所以醫療資訊系統資訊安全方面有很多疑慮空間,因此本研究針對醫療資訊系統之資訊安全危安因素探討。 本研究以個案醫院進行人員訪談、實地觀察、現有文件查閱及資訊系統測試等方式,對現況及潛在資安問題加以分析後,提出相關建議,後續可作為其它醫院精進資安作為參考。 With the constant innovation and progress of information technology, the development of medical information system has been paid more attention to day by day. The industry of medical service also follows the trend to adopt digital products as assistants, such as electronic anamnesis system, radio frequency identification (RFID), off-site monitoring, short message system (SMS) of PHS, etc. All these related techniques are now widely applied to the procedures of medical service. Therefore, almost all medical institutions nowadays keep introducing new information techniques. However, medical industry and information science are two quite different knowledge domains with different focus issues. Medical service is an industry that requires both mental and physical efforts to take care of patients. In addition, in order to pursue up-to-date medical knowledge, most medical staffs cannot take too much time to look after the development and application of information technology, therefore, they may ignore the updated status about information security. On the other hand, as to the recruitment of workers of IT department in medical institutions, we must notice that the turnover rate is usually very high due to heavy loading in the department. This may result in the concern of information insecurity. Therefore, this research is aimed to explore those factors that threaten the security of medical information system. The research is a case study based on the interviews of medical staffs, observation on field, documental analysis, and the testing of medical information system of a large public hospital in Taiwan. The author finally proposed some recommendations for further improvement of medical information security. |