Cybersecurity and privacy maturity assessment and strengthening for digital health information systems: web annex: assessment instrument

Overview

This document serves as an assessment instrument designed to evaluate the security and privacy measures of digital health information systems (d-HIS). It provides a comprehensive framework for information security management, cybersecurity, and privacy protection.

The cybersecurity assessment is guided by a questionnaire/checklist (Assessment questionnaire), which forms the basis of the evaluation. This checklist can be adapted to meet the specific needs, levels, and preferences of the assessment. The tool offers an overview of the security status of the entire d-HIS, including a set of standardized questions to gather information about the current settings. This helps assess whether the privacy, confidentiality, and security standards of the d-HIS are in place and if the systems are protected throughout service delivery and data management.

The assessment results can be summarized by reflecting the maturity of the cybersecurity status in the given settings using the maturity scoring instrument (Summary scoring sheet). The maturity scoring instrument includes six key areas of security: governance and policy, data management life cycle, transmission security, data disposal, monitoring, and user behavior. This information could be used to develop recommendations for improving the d-HIS security and privacy posture in the short, medium, and long term for the given settings.