Adaptación de las normas ISO 27001 e HIPPA para la reducción de riesgos en redes corporativas de salud.

Abstract

The objective of this project was to adapt the ISO 27001 and HIPPA Standards to reduce security risks in the Corporate Health networks, allowing greater security such as: confidentiality, integrity and availability to the information used by the institution. For the development of the adaptation, the current legislation in force was used, the ISO 27001 and HIPPA Standards; This adaptation was done in two phases; Before implementing the adaptation, where it was possible to know the risks that affect the information that is handled within the institution and give their value according to the condition or damage that they may cause. In the second phase, the same evaluation was carried out and it could be evidenced that it had a percentage decrease with respect to the first phase; obtaining greater security in the information based on the confidentiality, integrity and privacy of the same; fundamental pillars that must be considered in any organization. Through the study carried out, it was possible to establish that the ISO 27001 and HIPAA Standards protect the assets, that is, the information of the organization, establishing their advantages and disadvantages; The average probability weighting of risks occurring has been substantially reduced by 90% in the initial situation versus 75% post-implementation. It is recommended that the implementation be applied in each of the hospitals of the different jurisdictions at the national level, with the aim of properly identifying risks and generating security policies to achieve adequate information management.