의료기관 개인정보관리 수준 평가모델 연구 : 전문병원 중심으로

The personal healthcare information(PHI) could be more critical and serious if it leaked. The financial and mental damage of PHI leakage could threaten our society as well as individuals. The widespread concern for the privacy issues have been increasing since 2012 in South Korea. In this study, we propose the assessment model for PHI targeting medium-sized and specialty hospitals. The model is composed of the processes for handling PHI life-cycle and measurements according to PDSA(plan-do-see-action) cycle. This study investigates the law and guidelines relating to privacy - PIMS (Personal Information Management System), PIPL(Personal Information Protection Level), PIA (Privacy Impact Assessment), and KOIHA(Korea Institute for Healthcare Accreditation) - to build a new assessment model. The new model is adapted to a Korean specialty hospital (C hospital) which is a medium-sized healthcare institution. The results show that the hospital gets relatively higher scores in ‘do’ process than in ‘plan’, ‘see’, and ‘action’ processes. The assessment model shows usability, comprehensiveness, and concreteness in the exploratory case. Future research should focus on emerging technology and global standards resulting in improving assessment’s effectiveness.