dc.description.abstract | The health workforce distribution, efficiency and competence are a major concern in health
care delivery in Kenya. A well designed health workforce information system can inform
policy making to a great extent. However, if health workforce information systems are not
well secured, the information can be misleading. The purpose of this study was to assess the
level of security in the Regulatory Health Workforce Information System (rHIS) and develop
an information security plan for the rHIS. The rHIS is intended to streamline the operations
of the Health Regulatory Boards and Councils including routine tracking of training,
registration, practice and deployment of the health workforce to make the processes
consistent, efficient and effective.
The study assessed the security of rHIS deployment in four regulatory Boards and Councils
within the Ministry of Health in Kenya i.e. Nursing Council of Kenya (NCK), Clinical
Officers’ Council (COC), Kenya Medical Laboratory Technicians and Technologists Board
(KMLTTB), Medical Practitioners and Dentists Board (MPDB). The ISO/IEC 27002
standard was adopted as the best practice on information security management. The
assessment was based on ISO/IEC 17799:2005 audit checklist. A gap analysis applicability
matrix was developed to indicate which questions were asked to which category of
respondents in scope.
The results indicated that the system security compliance differed across the Boards and
Councils implying that the effectiveness of the security of rHIS is dependent upon the
environment on which the system is deployed. It was evident that the compliance level was
higher where an information security policy exists.
The study used the gaps identified as a basis to propose a security plan that would provide a
way forward in addressing the weaknesses and threats that exists in the various Boards and
Councils. | en_US |