Information Security / Information Security Management

 

Information is an essential asset for companies and authorities and must therefore be adequately protected. Information Security aims to protect information. Information can be stored on paper, in (IT) systems or in people's heads.

Information Security comprises the three general protection objectives of confidentiality, availability and integrity with regard to data, information and information processing systems, with the aim of ensuring these in an appropriate manner. In addition, the protection goals of patient safety and treatment effectiveness are given high priority in healthcare.

  • Confidentiality: Is guaranteed, provided that data and information are only disclosed to the respective authorized persons.
  • Availability: Is guaranteed, provided that data, information and information systems can be used as intended.
  • Integrity: Is guaranteed, provided that data, information and information systems are not altered without authorization.
  • Patient safety: Is guaranteed, provided that unjustifiable risks to human health are avoided.
  • Treatment effectiveness: Is guaranteed, provided that the effective treatment of the patient is ensured.

The information security management system (ISMS) and the information security processes at MHH strive for continuous improvement and are based on the international standard ISO / IEC 27001 and the standards of the German Federal Office for Information Security (BSI).

 

Contact details Information Security

Tony Retschei - (external) Information Security Officer

E-mail: Information Security@mh-hannover.de

 

The Information Security Officer is a person appointed by the authority or company management who coordinates and promotes Information Security on behalf of the management level. Their tasks also include

  • Central point of contact for Information Security issues
  • Setting up an information security management system (ISMS)
  • Creating security guidelines and regulations
  • Raising awareness and educating employees about Information Security

The Information Security Officer works closely with the central Data Protection Officer, the IT Department (MIT) and the decentralized IT Security Coordination.

 

Abbildung des ISO/IEC 27001:2022 Zertifikats der MHH
Abbildung des ISO/IEC 27001:2022 Zertifikats der MHH

ISMS in accordance with ISO/IEC 27001:2022

The central IT basic infrastructure of MHH (data center operation, incl. support processes) is successfully certified according to ISO/IEC 27001:2022(show certificate).