An Exploration of Risk Factors Selecting for Hospital Information Security through NGT Method

Identifying the risks associated with the self-assessed security management in healthcare organizations can be a major challenge for managers, clinicians, and IT specialists. For the rapid change in the healthcare environment and health insurance regulations, the healthcare providers of Taiwan are facing a lot of managerial challenges and problems. An integrated security management can not only improve weakness but also decrease the damaging situation of risk. The main goal of this paper is to show how the nominal group technique (NGT) works as a management tool when an initiative is planned to be developed. In addition, the paper also provides insights how risk factors selecting can affect the future hospital information security management infrastructure development. We adopt the ISO17799 practical standard with the eleven controls items and experts´ opinions with Failure Mode Effect Analysis (FMEA). The primary data was collected in the NGT and uses a structured group process to elicit and prioritize answers to a carefully articulated question. The chosen expert panel consists of the following interest groups: Developers of information security system, Industrial experts and Representatives of academic institutes. Based on the result of this study, we found that NGT represents a workable research tool in hospital information security management to capture multifaceted and enriched view about risk factors selecting. Finally, it not only can realize the more accurate potential risk incident by utilize the ISO17799, but also achieved the objective for self-assessed management of hospital information security.