By Topic

Information Technology Governance, Risk and Compliance in Health Care - A Management Approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Krey, M. ; Center of Bus. Inf. Syst., Zurich Univ. of Appl. Sci., Winterthur, Switzerland

Governance, Risk Management and Compliance (GRC) is an executive level concern in many enterprises today. It is an approach that addresses not only the establishment of business rules but more importantly how those rules are integrated into sensible organizational structures, embedded into the day-to-day business processes of the organization, communicated including ongoing training and monitored for compliance. In the first section of this paper, different focus areas for the GRC approach have been derived. The successful application of IT governance principles can provide a mechanism to increase the effectiveness of IT and, in turn, meet the increasingly high demands from business for IT. The purpose of a survey with several Swiss hospital CIOs was to reach members of the IT management to determine their sense of priority and actions taken relative to IT governance, as well as their need for tools and services to help ensure effective IT governance. This survey aims to give an overview of the common IT governance models already used in the healthcare sector and attempts to answer the question if they really meet the requirements of the healthcare sector as a complex and heterogeneous economic sector. To accomplish these aims, a maturity model has been developed to measure the extent to which the different GRC focus areas based on the Control Objectives for Information and related Technology (CobiT) Maturity Model have been selected and how they have been perceived.

Published in:

Developments in E-systems Engineering (DESE), 2010

Date of Conference:

6-8 Sept. 2010