보고서 정보
주관연구기관 |
한국원자력의학원 Korea Institute of Radiological & Medical Sciences |
연구책임자 |
이규영
|
참여연구자 |
최원영
,
이선미
,
허인선
,
임준호
,
정재우
,
박정아
,
최부용
,
이현욱
,
윤용희
,
편상훈
,
김오중
|
보고서유형 | 최종보고서 |
발행국가 | 대한민국 |
언어 |
한국어
|
발행년월 | 2017-02 |
과제시작연도 |
2016 |
주관부처 |
미래창조과학부 Ministry of Science, ICT and Future Planning |
등록번호 |
TRKO201700004029 |
과제고유번호 |
1711045545 |
사업명 |
한국원자력의학원연구운영비지원 |
DB 구축일자 |
2017-09-20
|
키워드 |
정보기술아키텍처.개인정보 영향평가.정보보호.망분리.OCS/EMR.EA(Enterprise Architecture).PIA(Privacy Impact Assessment).IS(Information Security).Network Separation.
|
DOI |
https://doi.org/10.23000/TRKO201700004029 |
초록
▼
원자력의학 종합정보시스템 고도화운영을 통하여 법·제도 변경, 업무개선, 프로그램 기능 개선 및 추가 요구사항을 반영하여 사용자 편의성을 향상시키고 정보화 서비스를 원활히 제공하도록 수행하였다.
2016년 한국원자력의학원 의료기관인증 조사기준을 충족하는 내부규정 제정 및 개정활동을 통하여 내부업무를 현행화 하였으며, 현행화에 따른 원자력의학 종합정보시스템 개선사항을 도출하고 시스템을 개선·보완하였다. 그 결과 의학원은 보건복지부로부터 향후 4년간 유효한 의료기관인증평가 승인을 공식 인증 받게 되었으며 그밖에 의학원 전체의 정보화
원자력의학 종합정보시스템 고도화운영을 통하여 법·제도 변경, 업무개선, 프로그램 기능 개선 및 추가 요구사항을 반영하여 사용자 편의성을 향상시키고 정보화 서비스를 원활히 제공하도록 수행하였다.
2016년 한국원자력의학원 의료기관인증 조사기준을 충족하는 내부규정 제정 및 개정활동을 통하여 내부업무를 현행화 하였으며, 현행화에 따른 원자력의학 종합정보시스템 개선사항을 도출하고 시스템을 개선·보완하였다. 그 결과 의학원은 보건복지부로부터 향후 4년간 유효한 의료기관인증평가 승인을 공식 인증 받게 되었으며 그밖에 의학원 전체의 정보화 업무 신규개발 및 기능개선·보완을 위하여 3,609건의 프로그램을 신규개발 또는 보완하고 이런 고도화 활동을 통하여 타 시스템과의 연계 기능개선, 마약류 등 약물반응 모니터링 개선, 진료부서별 부위별 세부 암DB 구축 등의 실적을 이룰 수 있게되었다
전자정부법에 의한 EA도입‧운영과 개방‧공유‧협업‧소통의 정부3.0실현을 위한 정보서비스 연계‧통합정책에 맞춰 범정부 메타모델 v1.8과 성숙도 모델 v3.5를 한국원자력의학원 정보기술아키텍처(EA)에 적용하여 국가정보화 방향성과 일치된 사업계획 수립과 효율적인 정보자원 현황이 파악될 수 있도록 수행하여 자원관리, 연계‧통합지원, 활용성과 영역 전반에서 공공기관 평균 대비 정보시스템 연계‧통합 역량이 높은 수준으로 측정되었다.
공공기관 개인정보 영향평가 의무화에 따라 의료정보시스템에 대한 개인정보 영향평가를 수행하여 대량으로 보유하고 있는 개인정보에 대한 단계별 처리절차 등에 대한 위험도 및 침해요인을 분석하여 개선계획을 수립하고 이행하여 개인정보 보호체계를 강화하였다.
정보보안/보호를 위하여 2015년 구축한 망분리 인프라 구축을 바탕으로 한 2016년 망분리 고도화로 인터넷망과 업무망의 설계를 변경하여 물리적으로 망을 변경하였고 약 600 유저에 대한 인터넷PC 배분과 보안솔루션 배포로 망분리를 시행 완료하였다. 망분리 완료에 따라 사이버 침해사고와 내부정보 불법 유출 위협, 불법소프트웨어 설치 차단, PC바이러스 감염경로 차단 등의 효과가 극대화되었으며 의학원의 정보보안/보호 정책을 강력히 유지하고 강화할 수 있었다.
(출처 : 보고서 초록)
Abstract
▼
Ⅳ. Project Performance Outcome
1. Enhancement of the Integrated Information System of Radiological and Medical Sciences
By upgrading the integrated information system for radiological and medical sciences, it was possible to improve user convenience by reflecting the modified provisions of law
Ⅳ. Project Performance Outcome
1. Enhancement of the Integrated Information System of Radiological and Medical Sciences
By upgrading the integrated information system for radiological and medical sciences, it was possible to improve user convenience by reflecting the modified provisions of laws and regulations, improved business processes, program functionalities and additional requirements. In addition, to provide services successfully within their deadlines, performance indicators for system enhancement were set and used to measure the performance. The results showed that the operations were completed at 97.5%, which exceeded the original goal of 95%.
The system was designed to extract targets for the year and to check their personnel information, and to compare, analyze and confirm their compensation levels. In this way, it was possible to minimize the occurrence of errors and omissions of data, and to improve operational efficient of the staff in charge, as well as to improve reliability of the data.
The internal operations rules were also refurbished up to date by establishing and revising internal regulations to meet the certification and investigation standards for medical institutions. In addition, the goal of system enhancement was attained by extracting issues to improve in the integrated information system for radiological and medical sciences. As a result, the KIRAMS has received the official certification of accreditation evaluation for a medical institution from the Ministry of Health and Welfare valid for four years from now on.
When requested by an affiliated hospital, a doctor in charge is allowed to check whether a patient is requested by an affiliated hospital and the identification of the affiliated hospital. For a patient to return, a return order would be prescribed at the time when the return is required. The system is designed that when a return order is issued, it notifies the department in charge of the collaboration in real time to allow them to prepare the return before the patient visits.
A screen used to enter data of patients with colorectal cancer and thyroid cancer including age and gender, as well as physiological data and information on surgical operations and recurrences was also developed, and the tracking management which is an important factor in building a cancer DB was also developed by interlinking with EMR. It is expected that the safety of patients and the quality of medical services could be improved by managing adverse drug reactions (ADR: harmful and unintentional reactions occurred when administering or using drugs normally) systematically; thus, a system used to cope with external evaluations such as accreditation and evaluation of medical institutions was also prepared.
Records of taking-over of narcotic drugs were also computerized, and a software program used to query the taking-over history was developed and distributed to any relevant departments. Through this measure, it was possible to minimize the possibility of human errors which might occur in the taking over process and to secure stability on the narcotics management.
Activities of estimating the scale of software development plays an important role in continual growth of software industry and upbringing competitiveness of the industry. Function points are to be used as basic materials used for quality improvement by redeveloping any aging information system, and become an objective indicator used to measure the results of software management and maintenance quantitatively. By applying standardized estimation procedures, as well as defined procedures and rules on the integrated information system for rational and effective management of function points, it became possible to improve the quality of developed software.
In 2016, the government-wide EA maturity level of the KIRAMS was measure as Level 5 in the resource management domain, Level 5 in the informatization management system domain, and Level 3 in the usability (4.56). The result was somewhat higher than the average maturity level of other public institutions (2.70), and showed that the institute maintained higher level in overall domains of resource management, informatization management system and usability. Likewise, along with the promotion of enhanced EA, the institute could secure systems for preemptive provision, sharing of knowledge-based resource, promotion of overall collaboration, and opening of information and data.
2. Stable operation of the Integrated Information System of Radiological and Medical Sciences
In the process of enhancing the integrated information system and that of managing and maintaining computing equipment and software by integrating them, as both the program development and maintenance sector and the system sector were operating together unlike the legacy systems, it was possible to run more organically than before.
Especially, when any trouble occurs, the efficiency of operations improved as the issue could be recognized and solved along with the resident PM in a shorter timeframe than before.
It was possible to protect precious personal data of patients by recording access history logs against operations system (EM) and by blocking anomalous redundant logins of unauthorized personnel. A single-use temporary password was sent to every newly joined personnel and any staff member who lost his password via cellphone to enhance the user authentication function of the medical information system.
3. Strengthening information safety and privacy protection
It was possible to prevent any serous security incident in advance by performing inspections and troubleshooting against any potential infringements notified by the Science and Technology Security Center. In addition, through inspection on the ‘Day of Diagnosing Cyber Security’ implemented every month, it was possible to enhance the security of user PCs and to drop the infection rate of malicious codes drastically.
Furthermore, external inspections and evaluations hosted by the Ministry of Government Administration and Home Affairs and the Ministry of Science, ICT and Future Planning performed to check and enhance any personal data protection and management systems and implementation systems including the status evaluation of personal data protection management in the first and second halves and the diagnosis of management level.
Also, the personal data files registered on the “Comprehensive Personal Information Protection Support System” of the government were also updated. In addition, various other activities were performed including inspection of personal data on user PCs through a personal data encryption solution, compulsory training programs for staff in charge of personal data protection designed to enhance the consciousness on personal data protection, and training programs by sector for staff in charge of collecting personal data.
The latest version of harmful website blocking system (WebKeeper) was acquired to process the blocking with existing policies (e.g., P2P, Web hard, file sharing, stock exchange websites, and malicious code distribution sites), as well as to handle selective blocking of commercial mail, remote access, and HTTPS, and that of the latest NetApps in an easy and convenient way. In addition, a DB of credit card numbers and account numbers owned by the KIRAMS was encrypted, which contributed to stable operations of the integrated information system of radiological and medical sciences by complying with the laws and regulations such as the ‘Personal information protection act’ and the ‘Act on facilitating use of information communication network and protection of information’
For the medical information system, the protective measures by life cycle of personal data of the systems were inspected based on 67 evaluation items in 22 evaluation sectors in five evaluation domains selected by taking into account the impact evaluation items listed in the guideline of personal data impact evaluation issued by the Ministry of Government Administration and Home Affairs and the current status of personal data protection in the KIRAMS. In addition, the technological protective measures of the target systems were inspected and an implementation plan was established based on infringement factors.
By completing the external network separation and upgrade project in the KIRAMS, the goal of company-wide physical network separation was attained including the blocking of leakage of inside materials and personal data. In addition, by providing redundancy to the network connection system, it became possible to cope with troubles more effectively and to provide additional inspection procedures against information sending to the outside, which enhanced the information security.
At present, some of Windows servers operating in the KIRAMS are based on Windows Server 2003 with EOS by MS, so there has been issues of security on OS. In addition, in terms of hardware, most servers have been using for around ten years, which could cause troubles and problems in terms of performance. Now, by building high-end server virtualization system and transferring the legacy Windows servers to the server virtualization system, it becomes possible to solve the issues of security and performance.
(출처 : Summary)
목차 Contents
- 표지 ... 1제 출 문 ... 3보고서 초록 ... 5요 약 문 ... 7Summary ... 14C O N T E N T S ... 25목차 ... 26제1장 사업의 개요 ... 27 제1절 사업 목적 ... 27 제2절 사업의 필요성 ... 27제2장 국내외 현황 ... 31제3장 사업내용 및 수행결과 ... 33 제1절 원자력의학 종합정보시스템 고도화 운영 ... 33 제2절 정보보안 및 개인정보보호 강화 ... 73제4장 사업목표 달성도 및 관련 분야에의 기여도 ... 103 제1절 사업목표 달성도 ... 103 제2절 관련 분야에의 기여도 ... 105제5장 사업수행결과의 활용계획 ... 107끝페이지 ... 109
※ AI-Helper는 부적절한 답변을 할 수 있습니다.