Table 4 The mean score of security service requirements and the HIS evaluation results
From: Technical requirements framework of hospital information systems: design and evaluation
| Â | Item | Delphi | Evaluation | |
|---|---|---|---|---|
Mean Score | Yes | No | ||
1 | Automatic and periodic backup options | 3.89 | 15 (93.8) | 1 (6.2) |
2 | Observing all the protection and security issues when accessing the database on the network | 3.86 | 15 (93.8) | 1 (6.2) |
3 | Providing user identity by placing username and password based on the user access level | 3.84 | 16 (100) | – |
4 | Defining the access level based on layering data to preserve valuable information | 3.78 | 16 (100) | – |
5 | Security in web applications | 3.73 | 6 (37.5) | 10 (62.5) |
6 | Logging user performance and reporting it to the system administrator, log management | 3.71 | 12 (75) | 4 (25) |
7 | Automatic retrieval of information whenever necessary | 3.71 | 14 (87.5) | 2 (12.5) |
8 | Equipping servers and clients with the antivirus employed by users | 3.68 | 15 (93.8) | 1 (6.2) |
9 | Providing a program for electronically storing and archiving information at specific intervals | 3.68 | 10 (62.5) | 6 (37.5) |
10 | Not displaying encryption as text | 3.65 | 16 (100) | – |
11 | Supporting a standard locking mechanism to prevent updates by unauthorized individuals | 3.63 | 9 (56.2) | 7 (43.8) |
12 | Setting the password as text/number | 3.6 | 12 (75) | 4 (25) |
13 | Forming a personal information file including user characteristics required for determining the security service level | 3.6 | 13 (81.2) | 3 (18.8) |
14 | Defining functional roles and relationships with access levels | 3.6 | 14 (87.5) | 2 (12.5) |
15 | Recording and reporting all logins and logouts from the software and accessing all the appropriate features for registration such as username, workstation IP and MAC | 3.6 | 12 (75) | 4 (25) |
16 | Manual retrieval of information whenever necessary | 3.55 | 15 (93.8) | 1 (6.2) |
17 | Defining sections of the specific and confidential information | 3.55 | 11 (68.8) | 5 (31.2) |
18 | Resetting a password used | 3.5 | 15 (93.8) | 1 (6.2) |
19 | Application functionality in workstations under domain | 3.47 | 14 (87.5) | 2 (12.5) |
20 | Lack of access to the database except for the interface | 3.42 | 11 (68.8) | 5 (31.2) |
21 | Remote monitoring and control technology | 3.36 | 6 (37.5) | 10 (62.5) |
22 | Compatibility with hardware firewalls | 3.34 | 12 (75) | 4 (25) |
23 | Restricting user access to other operating system resources | 3.28 | 13 (81.2) | 3 (18.8) |
24 | Manual backup options | 3.28 | 16 (100) | – |
25 | Supporting digital signatures | 3.23 | 2 (12.5) | 14 (87.5) |
26 | Lack of a random port use | 3.23 | 5 (31.2) | 11 (68.8) |
27 | Not requiring local administrators | 3.21 | 13 (81.2) | 3 (18.8) |
28 | Authentication via domain | 3.18 | 11 (68.8) | 5 (31.2) |
29 | Providing access to the system using different IPs and routing capabilities | 3.15 | 6 (37.5) | 10 (62.5) |
30 | Using name (as defined in DNS) and not depending on IP and computer name | 3.15 | 9 (56.2) | 7 (43.8) |
31 | Supporting the biosensor technology for logon | 3.02 | 5 (31.2) | 11 (68.8) |
Total | 3.5 ± 0.39 | 359 (72.4) | 137 (27.6) | |