Skip to main content

Table 4 The mean score of security service requirements and the HIS evaluation results

From: Technical requirements framework of hospital information systems: design and evaluation

 ItemDelphiEvaluation
Mean ScoreYesNo
1Automatic and periodic backup options3.8915 (93.8)1 (6.2)
2Observing all the protection and security issues when accessing the database on the network3.8615 (93.8)1 (6.2)
3Providing user identity by placing username and password based on the user access level3.8416 (100)
4Defining the access level based on layering data to preserve valuable information3.7816 (100)
5Security in web applications3.736 (37.5)10 (62.5)
6Logging user performance and reporting it to the system administrator, log management3.7112 (75)4 (25)
7Automatic retrieval of information whenever necessary3.7114 (87.5)2 (12.5)
8Equipping servers and clients with the antivirus employed by users3.6815 (93.8)1 (6.2)
9Providing a program for electronically storing and archiving information at specific intervals3.6810 (62.5)6 (37.5)
10Not displaying encryption as text3.6516 (100)
11Supporting a standard locking mechanism to prevent updates by unauthorized individuals3.639 (56.2)7 (43.8)
12Setting the password as text/number3.612 (75)4 (25)
13Forming a personal information file including user characteristics required for determining the security service level3.613 (81.2)3 (18.8)
14Defining functional roles and relationships with access levels3.614 (87.5)2 (12.5)
15Recording and reporting all logins and logouts from the software and accessing all the appropriate features for registration such as username, workstation IP and MAC3.612 (75)4 (25)
16Manual retrieval of information whenever necessary3.5515 (93.8)1 (6.2)
17Defining sections of the specific and confidential information3.5511 (68.8)5 (31.2)
18Resetting a password used3.515 (93.8)1 (6.2)
19Application functionality in workstations under domain3.4714 (87.5)2 (12.5)
20Lack of access to the database except for the interface3.4211 (68.8)5 (31.2)
21Remote monitoring and control technology3.366 (37.5)10 (62.5)
22Compatibility with hardware firewalls3.3412 (75)4 (25)
23Restricting user access to other operating system resources3.2813 (81.2)3 (18.8)
24Manual backup options3.2816 (100)
25Supporting digital signatures3.232 (12.5)14 (87.5)
26Lack of a random port use3.235 (31.2)11 (68.8)
27Not requiring local administrators3.2113 (81.2)3 (18.8)
28Authentication via domain3.1811 (68.8)5 (31.2)
29Providing access to the system using different IPs and routing capabilities3.156 (37.5)10 (62.5)
30Using name (as defined in DNS) and not depending on IP and computer name3.159 (56.2)7 (43.8)
31Supporting the biosensor technology for logon3.025 (31.2)11 (68.8)
Total3.5 ± 0.39359 (72.4)137 (27.6)