Adaptación de las normas ISO 27001 e HIPPA para la reducción de riesgos en la seguridad en hospitales nivel I del IESS.

Abstract

An adaptation of ISO 27001 and HIPAA (HIPPA) Standards was generated for the reduction of information security risks in the IESS level I hospitals, with the aim of ensuring the confidentiality, integrity and availability of digital clinical history that uses this institution. This adaptation was developed taking into account of current legislation in force, in addition to a comparison between the standards ISO 27001 and HIPAA; this adaptation has been implemented in the Hospital of level 1 of the IESS in Guaranda, with an assessment in two circumstances; The first assessment was before implementing the adaptation of the norm, where it established itself and pondered the risks to be focused on the confidentiality, integrity, and privacy of information, proving the most critical risks; under the same criteria and methodology, it was evaluated after the implementation of the standard adapted. The study could evidence coincidences between the standards ISO 27001 and HIPAA (HIPPA) based on the information collected from its features to protect information assets of the organization by setting their individual advantages. In addition to their disadvantages as a generalization in the case of the ISO standard and guidance to the health insurance in the USA related to the HIPAA, it has substantially reduced the average probability weighting that the risks occur in a 61.86% compared to the initial situation. For that reason, its implementation in hospitals of level 1 of the ISSE it is recommended previous a risk assessment for each Hospital in order to properly identify the most critical risks, generating individual security policies according to the processes of each hospital unit.