Information Security and Privacy Policy Situation in Thai Public Healthcare Organizations

This research focuses on a study of information security issues in Thailand’s public healthcare organizations. Lacking of security and privacy awareness by healthcare staffs may result in security violation of information systems. The objective of this work is to create guidelines for implementing security and privacy procedures to minimize security risk when utilizing Electronics Medical Records (EMRs) and deploying National Health Information System (NHIS) for ministry of public health in Thailand. In fi rst stage, this study applies mixed methods research on medical staffs in order to determine their levels of awareness and attitude in protecting patients’ privacy. The middle stage of this research involves determining security situation and collects related information on actual procedures when handling patient’s data. In the fi nal stage, this research recommends a set of measures to raise the awareness and to effectively secure the National Health Information System.