INFORMATION SECURITY RISKS INVOLVING FUNSOFT AS A HEALTH MANAGEMENT INFORMATION SYSTEM

Abstract

This study looked at the various information security risks brought about by the implementation
of funsoft which is a health management information system with a view of managing and
mitigating the risks in a coherent and systematic manner. The study has used a positivist
approach with a research design that employed quantitative descriptive study of funsoft users and
focus group discussions with system administrators and records officers. The study population
was eighty five with a sample size of forty six calculated using Yamane’s formula with a
precision of ten percent. The study reviewed current risk management practices used within the
HMIS and IT in general and using a case study of three public hospitals in Kisumu county that
are at different implementation levels of funsoft, it further explored current potential obstacles
encountered in the implementation of systemic risk management strategy. This study finally
implemented a strategy for managing risk within funsoft in a systematic and continuous manner
which was enriched by material documented in the literature. It was unearthed in the study that
all the three health facilities have no focal person to coordinate information security, lack
policies and procedures on computer and information security and had never undertaken a risk
assessment of the funsoft HMIS platform since its deployment.