Research On The Compliance Path Of Hospital Information Protection

ObjectivesThe introduction of compliance can not only help hospitals cope with the surging information security risks,avoid hospitals from bearing legal responsibilities,suffering economic losses and facing ethical controversies due to improper information handling behaviors,but also ensure the effective implementation of hospital information protection-related norms,thus helping hospitals to develop in a high quality manner and the construction of healthy China,digital China and rule of law China.This study aims to sort out the tasks of hospital information protection compliance through normative analysis,analyze the elements of information protection compliance using rooted theory,understand the current status of hospital information protection through questionnaire surveys,and on the basis of these studies,determine the main contents of hospital information protection compliance construction,explore the available paths of hospital information protection compliance construction,and provide countermeasure suggestions for hospitals to promote information protection compliance construction.Contents(1)Define the concepts related to hospital information protection compliance based on literature research.We searched relevant literature in Chinese and English databases which including CNKI,HeinOnline and PubMed to sort out the current status of research and clarify the connotation of concepts related to hospital information protection compliance.(2)Sort out the tasks of hospital information protection compliance based on normative analysis.After clarifying the object of hospital information protection compliance and systematically sorting out the relevant norms,we analyzed the content of norms according to the behavior pattern of "should","can" and "don’t",and we sorted out the tasks on hospital information protection compliance.(3)Analysis of information protection compliance elements based on the Grounded theory.Strictly following the four steps of Grounded theory,we analyze the information protection compliance elements and clarify the specific contents of those elements.(4)To understand the current status of hospital information protection compliance based on the questionnaire survey,including the three aspects compliance status of hospital personal information protection,data protection and network security management.And to revise and supplement the elements of hospital information protection compliance based on the survey results.(5)To discuss the countermeasure suggestions for the construction of hospital information protection compliance.Combining the task of hospital information protection compliance,the elements of hospital information protection compliance and the current situation of hospital information protection compliance,we analyze the specific contents of hospital information protection compliance construction and the available path of hospital information protection compliance construction,and propose countermeasures and suggestions for hospital information protection compliance construction.Methods(1)Literature research method:Define the connotation of concepts related to hospital information protection compliance through literature research.(2)Normative analysis method:Sort out the tasks of hospital information protection compliance through normative analysis.(3)Grounded theory research.Analyze the elements of information protection compliance by using the Grounded theory.(4)Questionnaire survey method:Investigate the status of hospital information protection compliance by using questionnaire survey method.Results(1)The increasingly improved legal system of information protection brings heavy information protection compliance tasks to hospitals.(2)Currently,the overall compliance of hospital information protection is average.Among them,in terms of hospital information security management compliance,hospital network security management compliance is good,data security management compliance is average,and personal information protection management compliance is poor.In terms of compliance with hospital information processing behavior,both personal information processing and data processing behavior have poor compliance.(3)Based on the Grounded theory and the survey of the current situation,hospital information protection compliance includes five basic elements:clarifying the principles of information protection compliance,improving the information protection compliance system,strengthening the supervision of information protection compliance,leveraging information protection compliance technology and creating an information protection compliance culture,Building an information protection compliance mechanism and emphasizing information compliance risk management are two operational elements,and ensuring compliance in information processing behavior and achieving compliance in information security management are two objective elements.The compliance construction of hospital information protection should revolve around those 9 elements.(4)In promoting the construction of hospital information protection compliance,hospitals can choose the"integrated" or "independent"pathway based on compliance costs,or the "comprehensive" or "scenario-based"pathway based on compliance tasks.Conclusion(1)Currently,hospitals bear many tasks of information protection compliance,and the overall compliance of hospital information protection is average.Therefore,hospitals urgently need to carry out or improve the compliance construction of hospital information protection.(2)Currently,hospitals have many advantages and challenges in carrying out or improving hospital information protection compliance construction.(3)The compliance construction of hospital information protection needs to be combined with the hospital’s own needs,clarify its own compliance tasks,and fully leverage the power of hospital staff and the role of compliance technology.(4)The construction of hospital information protection compliance should revolve around nine aspects:clarifying information protection compliance principles,improving information protection compliance systems,strengthening information protection compliance supervision,leveraging information protection compliance technology,creating information protection compliance culture,constructing information protection compliance mechanisms,emphasizing information compliance risk management,ensuring information processing behavior compliance,and achieving information security management compliance.(5)The available paths for hospital information protection compliance construction includethe "comprehensive" and "scenario based"information protection compliance pathways which are based on compliance tasks,and"integrated" and "independent" information protection compliance pathways which are based on compliance costs.Advice(1)Hospitals should carry out and improve the construction of hospital information protection compliance as soon as possible.(2)Hospital information protection compliance construction should implement hospital information protection compliance elements.(3)Hospitals should carry out information protection compliance construction with their own reality and choose the applicable information protection compliance construction pathway.(4)The hospital information protection compliance construction needs to solve the existing information protection compliance problems.