Table 1:
Components and sub-components of the proposed model.
| Components | Sub-components |
|---|---|
| Rules and regulations | Information and data confidentiality rules, data security rules, information and cyberspace, information management rules |
| Policies | Information and data confidentiality policy, data and information security policy, information and documents management policy |
| Standards | Health IG management standard, information and data confidentiality standard, data, and information security standard, information, and documents management standard, data and information quality control standard |
| Information management | Information design, creation, and gain, information analysis, information access and application, information dissemination, information storage, information disposal, information quality management, coding based on international coding books such as ICD (International Classification of Diseases) |
| Documents management | Documents design, creation, access, and application of documents, documents dissemination, documents storage, documents disposal, documents quality management |
| Data Governance | Definition of data elements, determination of data structure and architecture, data modeling, improvement of clinical documentation, data quality control and management, big data management, metadata management, data dictionary management |
| Information technology (IT) Management | Alignment of IT strategies with organization strategies, IT processes management and direction, development of an integrated approach to the selection, evaluation, and use of IT, application of technologies to manage and control information and documents, IT resources management such as information systems, hardware and software, network and database communications, financial and human resources, and data and information |
| IT Governance | IT processes management and direction, development of an integrated approach to the selection, evaluation, and use of IT, application of technologies to manage and control information and documents, monitoring IT resources such as information systems, hardware and software, network and database communications, financial and human resources, and data and information |
| Risk Management | Identification of the events threatening data, information and cyberspace, prevention and control of unwanted events such as distortion, data and information theft, and violation of the security and privacy of data, information, and cyberspace, analysis and evaluation of threats and damages, risk management through setting and enforcing data and information access and protection policies, development and implementation of post-disaster data recovery programs |
| Change Management | Planning for development of new structures, processes, and technologies, implementation of changes or reforms, occupational development and enrichment, change control,evaluation and fixation |
| Compliance Management | Identification of internal and external laws, policies and standards, compliance with internal and external laws, regulations and standards, responding to legal requests, evaluations, and audits |
| Human Resource Management | Identification, selection, and recruitment of employees, job design and analysis and assignment of roles and responsibilities, staff training and justification, compensation management,performance evaluation |
| Program monitoring and auditing | Definition and formulation of necessary criteria, criteria-based evaluation at specified intervals, provision of feedback for decision-making and program improvement |