ISO27001/CNS27001 Information Security Declaration
The ultimate purpose of the information security work at the Republic of China Kaohsiung Armed Forces General Hospital (hereinafter referred to as the Hospital) is, through the management of personnel, operations, and information technology, to ensure that the Hospital's medical information processing operations can operate safely and effectively, to prevent security incidents that affect the confidentiality, integrity, and availability of medical information during processing, with the premise of protecting the public's personal medical information privacy rights, integrating the service provision of grassroots medical information systems, thereby building a comprehensive view of the medical system.
The Hospital's information security work is based on systematic risk assessment and risk management, with a principle of balancing management and technology in implementing risk control measures, and is carried out by all staff in daily work, jointly striving to achieve the following objectives to realize the Hospital's information security goals:
Protection of medical information and privacy fully complies with legal requirements.
The completeness and accuracy of medical and administrative information processing procedures and outcomes.
Uninterrupted information system and information processing service.
The roles, responsibilities, and related regulations that Hospital staff should assume in information security shall be detailed in procedural documents, work instructions, or relevant operation manuals. Through an announcement procedure, operational managers are required, before performing duty-related management tasks, to first understand and become familiar with the Hospital's information security operational specifications, to facilitate compliance and implementation.
All personnel involved in the Hospital's information security management, including staff, contract employees, outsourced vendors, contracted vendors for system hardware and software maintenance, or any parties doing business with the Hospital that fall within the scope of information security management concerning the integrity and confidentiality of information assets, shall sign a confidentiality agreement, acknowledging that all information obtained during their work at the Hospital is the Hospital's asset and is not permitted for any unauthorized use, thereby demonstrating the Hospital's commitment to safeguarding medical information security.
If any violation of this policy or any action that jeopardizes the Hospital's information security is discovered, it shall be addressed in accordance with the Hospital's internal disciplinary regulations or subject to appropriate penalties or legal action.
To reflect the latest developments in government information security policies, laws, technologies, and agency operations, the Hospital will timely revise this declaration to ensure the feasibility, effectiveness, and continuous improvement of information security practices.
