Penerapan Kerangka Kerja Keamanan Informasi di Rumah Sakit: Tinjauan Literatur Sistematis
Abstract
Hospitals are organizations that manage vital and complex data such as medical information and patient personal data that must be protected. The purpose of this paper is to analyze how IT security standards are implemented in hospitals in order to measure the level of maturity. Systematic Literature Review is the method used in this research. Of the 25 hospitals discussed in this paper, there are 3 standards and 8 models applied, namely ISO 27000 Family, COBIT, NIST, HDM, C2M2, HISMM, MD3M, PCMM, AHIMA, IMA and Fuzzy-ANP-TOPSIS integrated model. It was found that the implementation of models and standards for IT security has the same pattern, namely data collection, measuring the level of IT maturity and then providing recommendations for improvements based on measuring the level of IT maturity. While the difference between one model and another is in the domain, maturity attributes and the level or level of maturity used.
Keywords: IT security standards; IT security model; Maturity level; Hospital
Abstrak
Rumah sakit merupakan organisasi yang mengelola data vital dan kompleks seperti informasi medis dan data pribadi pasien yang harus dilindungi. Tujuan utama penulisan paper ini adalah untuk menganalisis bagaimana standar keamanan TI diimplementasikan di rumah sakit dalam rangka mengukur level kematangan. Systematic Literature Review adalah metode yang digunakan dalam penelitian ini. Dari 25 rumah sakit yang dibahas pada paper ini, terdapat 3 standar dan 8 model yang diterapkan, yaitu ISO 27000 Family, COBIT, NIST, HDM, C2M2, HISMM, MD3M, PCMM, AHIMA, IMA dan model terpadu Fuzzy-ANP-TOPSIS. Didapatkan temuan bahwa implementasi model maupun standar keamanan TI memiliki pola yang sama yaitu pengumpulan data, mengukur tingkat kematangan TI selanjutnya memberikan rekomendasi perbaikan berdasarkan pengukuran tingkat kematangan TI. Sedangkan perbedaan antara model yang satu dengan yang lainnya adalah pada domain, atribut kematangan dan level atau tingkat kematangan yang digunakan.
Keywords
References
A. Sardi, A. Rizzi, E. Sorano, and A. Guerrieri, “Sustainability-12-07002-V2.Pdf,” Sustainability, pp. 1–16, 2020.
Fortified Health Security, "2022 Mid-Year Horizon Report," 2022. [Online]. Tersedia: https://fortifiedhealthsecurity.com/wp-content/uploads/2022/07/2022-Mid-Year-Horizon-Report.pdf. [Diakses: 21 Mei 2023].
A. Mahfuth, S. Yussof, A. A. Baker, and N. Ali, “A systematic literature review: Information security culture,” Int. Conf. Res. Innov. Inf. Syst. ICRIIS, pp. 1–6, 2017, doi: 10.1109/ICRIIS.2017.8002442.
Boonstra, A., Versluis, A. & Vos, J.F.J., “Implementing electronic health records in hospitals: a systematic literature review”, BMC Health Serv Res, vol. 14, no. 370, September 2014.
D. Maček, I. Magdalenić, and N. B. Ređep, “A systematic literature review on the application of multicriteria decision making methods for information security risk assessment,” Int. J. Saf. Secur. Eng., vol. 10, no. 2, pp. 161–174, 2020, doi: 10.18280/ijsse.100202.
P. W. Handayani, A. N. Hidayanto, A. A. Pinem, I. C. Hapsari, P. I. Sandhyaduhita, and I. Budi, “Acceptance model of a Hospital Information System,” Int. J. Med. Inform., vol. 99, pp. 11–28, 2017, doi: 10.1016/j.ijmedinf.2016.12.004.
S. Rachmawati, R. Rosidin, and M. Lubis, “Information Technology Governance at Rachmi Dewi Gresik Hospital Using the Cobit 5 Framework,” 2022 1st Int. Conf. Inf. Syst. Inf. Technol. ICISIT 2022, pp. 301–305, 2022, doi: 10.1109/ICISIT54091.2022.9873099.
J. V. Carvalho, Á. Rocha, and A. Abreu, “Maturity Models of Healthcare Information Systems and Technologies: a Literature Review,” J. Med. Syst., vol. 40, no. 6, 2016, doi: 10.1007/s10916-016-0486-5..
D. Tranfield, D. Denyer, and P. Smart, “Towards a Methodology for Developing Evidence-Informed Management Knowledge by Means of Systematic Review* Introduction: the need for an evidence- informed approach,” Br. J. Manag., vol. 14, pp. 207–222, 2003.
C. Ariati and D. Juandi, “Kemampuan Penalaran Matematis: Systematic Literature Review,” LEMMA Lett. Math. Educ., vol. 8, no. 2, pp. 61–75, 2022.
I. K. Raharjana, D. Siahaan, and C. Fatichah, “User Stories and Natural Language Processing: A Systematic Literature Review,” IEEE Access, vol. 9, pp. 53811–53826, 2021, doi: 10.1109/ACCESS.2021.3070606..
H. Setiawan, K. Mukhoyyaroh, M. D. Fauzi, and B. Sugiantoro, “Hospital Information System Audit Using The ISO 27001 Standard (Case Study In RSU PKU Muhammadiyah Bantul),” Int. J. Informatics Dev., vol. 3, no. 1, pp. 2–5, 2014.
A. D. Yaner, H. Tanuwijaya, and E. Sutomo, “Audit Keamanan Sistem Informasi Pada Instalasi Sistem Informasi Management (Sim-Rs) Berdasarkan Standar Iso 27002,” e-conversion - Propos. a Clust. Excell., vol. 27002, pp. 1–8, 2018.
A. A. Rahman, P. G. Dharma, R. M. Fatchur, A. N. Freedrikson, B. P. Ari, and Y. Ruldeviyani, “Master data management maturity assessment: A case study of a Pasar Rebo Public Hospital,” 2019 Int. Conf. Adv. Comput. Sci. Inf. Syst. ICACSIS 2019, pp. 497–504, 2019, doi: 10.1109/ICACSIS47736.2019.8979656.
W.R. Danastri, H. Tanuwijaya, and E. Sutomo, “Audit Keamanan Sistem Informasi Oada Instalasi Sistem Informasi Manajemen RSUD Bangil Berdasarkan ISO 27002,” vol. 3, no. 2, pp. 1–2, 2016.
R. S. A. Gusni, K. Kraugusteeliana, and I. W. W. Pradnyana, “Analisis Tata Kelola Keamanan Sistem Informasi Rumah Sakit Bhayangkara Sespima Polri Jakarta Menggunakan COBIT 2019,” Konf. Nas. Ilmu Komput. 2021, no. September, pp. 434–439, 2021, [Online]. Available: https://prosiding.konik.id/index.php/konik/article/view/92
Setiyowati and S. Siswanti, “Penilaian Kematangan Proses Keamanan Sistem Informasi Pendaftaran Pasien Menggunakan Framework Cobit 4.1,” SATIN - Sains dan Teknol. Inf., vol. 7, no. 1, pp. 123–133, 2021, doi: 10.33372/stn.v7i1.694.
A. Ambarwati and F. Zulkarnain, “Analisis Implementasi Teknologi Informasi Pada IT Process DS5 ( Ensure System Security ) di RS UHS,” Pros. Semin. Nas. Teknol. dan Rekayasa Inf., vol. 5, no. November, pp. 7–11, 2017.
W. W. Widiyanto and Z. Arifin, “Manajemen Rumah Sakit Menggunakan Framework Cobit 4 . 1 ( Studi Kasus Di Rs Mata Undaan Surabaya ),” J. Manaj. Inf. dan Adm. Kesehat., vol. 5, no. 24, pp. 1–8, 2022.
T. Natanael, L. W. Santoso, and A. Noertjahyana, “Analisa Keamanan Sistem Informasi RSUD Dr . Soetomo Dengan Framework COBIT,” J. INFRA, vol. 6, no. 2, pp. 1–4, 2018.
N. Agitha, S. E. Anjarwani, M. I. Azizah, I. R. Yunus, and R. W. Witjaksono, “Implementation of COBIT 4.1 to Define and Maintain Infrastructure of Information Technology at Regional Public Hospital in West Nusa Tenggara,” 2020 Int. Conf. Adv. Data Sci. E-Learning Inf. Syst. ICADEIS 2020, pp. 5–9, 2020, doi: 10.1109/ICADEIS49811.2020.9277015.
Rusadi, B. Helpiono. “Analisis Tingkat Kematangan Sistem Informasi Manajemen Rumah Sakit Menggunakan Cobit 4.1 (Studi Kasus: Rumah Sakit Universitas Muhammadiyah Malang).” Diss. University of Muhammadiyah Malang, 2018.
I. B. L. M. Suta and M. Sudarma, “Application of COBIT 5 for Hospital Services Management Information System Audit,” Int. J. Eng. dan Emerg. Technol., vol. 3, no. 2, pp. 18–23, 2018.
K. Nistrina and H. A. T. Bin Bon, “Information security for hospital information system using COBIT 5 framework,” Proc. Int. Conf. Ind. Eng. Oper. Manag., vol. 2019, no. MAR, pp. 3369–3374, 2019.
N. Made, N. Putri, I. G. Juliana, E. Putra, I. G. Putu, and K. Juliharta, “Analisis Tata Kelola dan Audit Sistem Informasi pada Rumah Sakit Umum ‘ XYZ ’ Menggunakan Kerangka Kerja COBIT 5,” vol. 5.
M. F. Cobit and D. S. S. Framework, “Audit keamanan sistem informasi pada rs mata dr.yap yogyakarta menggunakan framework cobit 5,” vol. 1, no. September, 2017.
T. Ç. Şahika Eroğlu, “Enterprise Information Systems within the Context of Information Security: A Risk Assessment for a Health Organization in Turkey,” in Procedia Computer Science, 2016, p. 8.
B. Barnes and T. Daim, “Information Security Maturity Model for Healthcare Organizations in the United States,” IEEE Trans. Eng. Manag., vol. PP, pp. 1–12, 2021, doi: 10.1109/TEM.2021.3139836.
J. Armas-aguirre, E. Fabrizzio, and P. Valencia, “Cybersecurity maturity model for the protection and privacy of personal health data,” pp. 1–4, 2022, doi: 10.1109/ICALTER57193.2022.9964729.
M. Lubis, “Information Systems Maturity Level Assessment using the HISMM Framework : Case Study of State Hospital in Jakarta,” 2022 Int. Conf. Sci. Technol., no. 6, pp. 1–6, 2019, doi: 10.1109/ICOSTECH54296.2022.9829143.
A. Aditya Rahman, P. Gusman Dharma, R. Mohamad Fatchur, A. Nala Freedrikson, B. Pranata Ari, and Y. Ruldeviyani, “Master data management maturity assessment: A case study of a Pasar Rebo Public Hospital,” 2019 Int. Conf. Adv. Comput. Sci. Inf. Syst. ICACSIS 2019, pp. 497–504, 2019, doi: 10.1109/ICACSIS47736.2019.8979656.
M. H. Yarmohammadian, N. Tavakoli, a Shams, and F. Hatampour, “Evaluation of organizational maturity based on people capacity maturity model in medical record wards of Iranian hospitals,” J. Educ. Health Promot., vol. 3, no. June, pp. 54-9531.134743. eCollection 2014, 2014, doi: 10.4103/2277-9531.134743.
H. Kwan, M. Riley, N. Prasad, and K. Robinson, “An investigation of the status and maturity of hospitals’ health information governance in Victoria, Australia,” Heal. Inf. Manag. J., vol. 51, no. 2, pp. 89–97, 2022, doi: 10.1177/1833358320938309.
P. A. H. Williams, B. Lovelock, T. Cabarrus, and M. Harvey, “Improving digital hospital transformation: Development of an outcomes-based infrastructure maturity assessment framework,” JMIR Med. Informatics, vol. 7, no. 1, 2019, doi: 10.2196/12465.
R. Kumar, M. T. Jamal Ansari, A. Baz, H. Alhakami, A. Agrawal, and R. A. Khan, “A multi-perspective benchmarking framework for estimating usable-security of hospital management system software based on fuzzy logic, ANP and TOPSIS methods,” KSII Trans. Internet Inf. Syst., vol. 15, no. 1, pp. 240–263, 2021, doi: 10.3837/TIIS.2021.01.014
How To Cite This :
Refbacks
- There are currently no refbacks.
