Suranarong Kamtasila MEng, Presenter: Nothing to Disclose

Krongrat Kangwanklai BS, MS, Abstract Co-Author: Nothing to Disclose

Piyasuda  Pokaitanes BA, Abstract Co-Author: Nothing to Disclose

The overlap between IT and Medical Imaging Technology leads to the difficulty to manage HR. The proposed matrix is the solution to manage people in a right way. All defined job roles and responsibilities and methods of working are critical success factors for the organization to meet ISO/IEC 27001, JCI, and HIPAA requirements.

ISO/IEC 27001 is an International Standard providing guidance to build, review, and improve an Information Security Management System (ISMS). This ISMS can be applied in Healthcare Informatics Infrastructure that adequate level of security care is required. This is resulted from several audit and security requirements set forth by legislation such as the HIPAA and JCI. This paper outlines the Human Resources (HR) security requirements which is an integral part of ISO/IEC 27001. It presents how to standardize job roles, security responsibilities, required skill sets. Our aim is to provide guidance for hospitals to achieve their goal and security requirements by selecting right people for the jobs.

ISO/IEC 27001 ISMS mandates several obligations such as the existence of information security policy and responsible internal department, operational procedures, network security, access control, and many more. Running an effective RIS/PACS is a challenge but running in compliance with ISO/IEC 27001 is even harder. To deliver the successful RIS/PACS, HR needs to be well formalized. It is crucial to hire the right people for the right jobs so the organization should define basic qualification and skill sets matrix as one of the supporting information. A set of policies, standards, and procedures for staff to do day-to-day operations must also be carefully defined and communicated so everyone has a clarity of expected work method and outputs.

The matrix allows the organization to effectively fill people in the positions or do outsourcing. For example, a candidate for PACS administrator should have system administration and RIS/PACS skill. They should be able to conduct initial assessment to fix problems and understand RIS/PACS workflow so they know how mistakes will impact the flow. They should receive appropriate training for more advanced skills.

Kamtasila, S, Kangwanklai, K, Pokaitanes, P, Building an Information Security Management System in RIS/PACS Based on Human Resources Security Specification Framework in ISO/IEC 27001.  Radiological Society of North America 2010 Scientific Assembly and Annual Meeting, November 28 - December 3, 2010 ,Chicago IL. http://archive.rsna.org/2010/9002267.html