Implement B3S. Increase patient safety.
Cyberattacks, system failures, data leaks - what already has extremely unpleasant consequences in the private sphere can, in the worst case, threaten human lives in health care facilities. IT security must therefore always be considered when it comes to digitalisation in the health sector!
The legislator is also increasingly pushing the issue: §75c SGB V obliges hospitals to take appropriate measures in the area of IT security according to the "state of the art". For the first time, the strict IT security requirements of the BSI outside the critical infrastructure (KRITIS) come into play with the Patient Data Protection Act. The implementation of §75c is mandatory as of 01.01.2022.
NEXUS / ISMS with a lot of practicality and pragmatism
The topic of IT security can be a massive challenge for hospitals, rehabilitation facilities as well as nursing homes in everyday life. The industry-specific security standard (B3S) for healthcare in hospitals comes from practice and was developed together with the German Hospital Association. It is therefore a practical way of addressing the important and complex issue of IT security.
With the risk-oriented information security management system NEXUS / ISMS, which is oriented towards the B3S, it is possible to establish a lean and clear management system, which uses existing structures and links IT security with the processes and risk catalogues of your institution.
- NEXUS / ISMS records the B3S catalogue of requirements with over 160 requirements systematically, in a structured and integrated manner.
- The catalogue as a whole and the individual requirements can be accessed comprehensibly and intuitively.
- The dashboard offers a clear presentation of the requirements, various filter options as well as a cockpit with information on the degree of penetration
- The B3S requires an overview of the emergency-relevant processes including a function assignment, which can be easily mapped with process modelling
- In the detailed view of a requirement, tasks can be defined, assigned responsibilities and relevant documents can be stored.
Secure hospital IT needs sensitised employees
In addition to the necessary technical prerequisites, a sustainable IT security policy also requires preventive measures that contribute to anchoring IT security in the organisation. In the organisational area, creating awareness among staff or documenting the hospital's IT landscape are important for prevention. Through the automatic publication of information security guidelines on the intranet, through comment functionalities, read receipts, news reports or an anonymous reporting portal, you sensitise staff to IT security and make employees part of the solution.
Arrange a non-binding appointment with our experts! We will show you our pragmatic ISMS solution!
You might also be interested in
Since 17 December 2021, all companies with 50 or more employees without exception are obliged to set up an internal reporting system for whistleblowers in accordance with the EU Whistleblower Directive. In addition, violations of national (German) law are to be recorded in a reporting system in the future. The draft for a national Whistleblower Protection Act (HinSchG) is already available. Its entry into force can therefore be expected soon. The consequence: Hospitals that have not yet established a suitable whistleblowing system must become active urgently. NEXUS / QM offers you the solution!
Structure your processes by implementing a quality management system with integrated audit and risk management.