Evaluating the Security Safeguards in Hospital Information Systemaccording to the Health Insurance Portability and Accountability Act of University Hospitals in Shiraz University of Medical Sciences

One of the main characteristics of a hospital information system (HIS) is confidentiality. Studies have shown that the security requirements on electronic health records are not fully met in Iran. This study was conducted to determine the percentage of HIPAA (health insurance portability and accountability act) security safeguard application in university hospitals of Shiraz University of Medical Sciences in 2010. This was a cross-sectional descriptive study. The study population included university hospitals of Shiraz University of Medical Sciences equipped with HIS. Data were collected by a checklist through interview with the IT authorities of the hospitals. The checklist was in accordance with HIPAA security standard rules. Tool validity was checked by the content validity method. Data were analyzed using descriptive statistics. The risk management and data backup plan، two out of seven required administrative security safeguards (i. e. risk analysis، risk management، sanction policy، information system activity review، data backup plan، disaster recovery plan، and emergency mode operation plan)، were fully applied in all the hospitals. Both of two required physical security safeguards، disposal and media reuse، were applied in the majority of the hospitals. Of the two required technical security safeguards، unique user identifications، and emergency access procedure were applied only in one of the hospitals. Operational planning must be implemented in order to increase the application of required administrative security safeguards. Full application of the required physical security safeguards، which are close to reach، and the required technical security safeguards could be the main steps in promoting security of the HIS.