dc.description.abstract | Sri Lanka is embarking on the process of digital health transformation resulting accumulation of wide variety of sensitive health information in digital format. Real time information
is critical for decision making. Securing integrity and confidentiality of information while
preserving the availability is a challenging process. This research is aimed to assess the
knowledge and practices of information system administrators related to the information
security of state-sector health information systems. An online questionnaire was emailed
to all the system administrators of state sector health institutions with functional health
information systems and collaborating with the Ministry of Health through focal points.
Responses were recorded over a period of three weeks. Interviews were carried out
with the participants who responded to the online questionnaire. A descriptive analysis
was carried out afterward. The response rate for the online questionnaire was 50%
(n = 40). Out of the responded, 55% of the information systems contain information
classified as “confidential”. Among the system administrators, 57.8% are aware of at
least three standards, guidelines, or policies relevant to health information security. The
majority of institutes (84.2%) were not practicing the recommended information security
practices. Fifteen system administrators consented and participated in the key informant
interviews. The majority of health information systems contain confidential information.
The current level of health information security practices is not adequate to confront the
constantly changing information security threats. Enhancing knowledge and practices
related to health information security guidelines, standards, and policies will lead to
secured healthcare delivery by ensuring confidentiality, integrity, and availability of health
information | |