Abstract
M.Comm.
The present study was undertaken in a bid to meet an urgent need uncovered in
medical-information systems (MIS) for a formal process whereby risks posing a
threat to patients in medical institutions could be identified and controlled by
means of the appropriate security measures. At the time of the study, however, no
such formal risk-analysis model had yet been developed specifically for
application in MIS. This gave rise to the development of RAMMO, a riskanalysis
model specifically aimed at the identification of risks threatening the
patient in his or her capacity as an asset in a medical institution. The author,
therefore, managed to achieve her object with the study, namely to initiate a riskanalysis
model that could be applied to medical environments.
Following, an overview of the research method used in order to achieve the
objectives of the study:
Firstly, background information regarding the issues and problems to be
addressed was obtained, and they provided the well-founded motivation for the
study.
Secondly, the development and importance of MIS in medical environments came
under consideration, as well as the applicability of information security in an MIS.
In the third instance, general terms and concepts used in the risk-management
process were defined, by means of which definitions existing risk-analysis models
were investigated and critically evaluated in a bid to identify a model that could
be applied to a medical environment. Fourthly, a conceptual or draft design was suggested for a risk-analysis model
developed specifically for medical environments. In doing so, the first two stages
of the model, namely risk identification and risk assessment, were given special
emphasis. The said model was then illustrated by means of a practical application
in a general hospital in South Africa.
The study culminated in a summation of the results of and the conclusions
reached on the strength of the research. Further problem areas were also touched
upon, which could become the focus of future research projects.