本研究目的探討醫療雲端服務的風險因素之影響程度。採用量化研究方法,經由結構式問卷方式,針對目前服務於醫學中心、區域醫院及地區醫院等三種不同層級醫療院所醫療資訊人員為研究對象。問卷內容包含五大部分:資訊的風險、供應商的風險、預算的風險、自主性的風險及醫療機構的隱憂。資料以SPSS20.0處理,透過T-TEST 與ANOVA兩種方式,設定醫療資訊人員的社經學歷為自變數與五大風險因素為依變數的相互影響程度。研究結果顯示:(1)在資訊風險方面,資訊人員對於個資隱私安全性與被駭客攻擊的風險比較重視。(2)在供應商的風險方面,會因為供應商存放於雲端上的資料是否有完善的備份機制與當醫療雲端服務系統資料產生問題時,是否快速回復正常較為重視。(3)在預算的風險方面,醫療院所會因在訂定合約時,沒有估算到隱藏成本,造成執行上有過多繁複的行政程序及時間與醫療雲端服務系統導入費用與預算管控較為重視。(4)在自主性風險方面,醫療院所會因雲端服務的系統效能與對服務廠商進行稽核之能力較為重視。(5)在醫療機構的隱憂方面,會因為在雲端服務所提供的環境與組織原本的環境產生衝突的風險與提供的軟體是否有經過合法授權而有所擔憂。而本研究結果所找出的重要風險因素,可供醫療院所與政府主管機關之決策參考。 The purpose of this study was to investigate the extent of the risk factors for medical cloud services. Using quantitative research methods, through the structured questionnaire method, the medical information personnel of three different levels of medical institutions currently serving medical centers, regional hospitals and regional hospitals are studied. The content of the questionnaire consists of five parts: the risk of information, the risk of suppliers, the risk of budget, the risk of autonomy and the concerns of medical institutions. The data was processed by SPSS 20.0. Through T-TEST and ANOVA, the social economy and education of medical information personnel were set as the independent variables to investigate their associations with the five risk factors.The research results show the following five findings. (1) In terms of information risk, information personnel pay more attention to the security of personal information and the risk of being attacked by hackers. (2) In terms of the supplier's risk, it is more important to check whether the information stored in the cloud has a perfect backup mechanism and whether the system can quickly recover when the medical cloud service system was down. (3) In terms of budgetary risks, because medical institutions usually do not estimate hidden costs when setting contracts, they emphasize on medical cloud service system introduction costs and budget control. (4) In terms of risks of autonomy, medical institutions will pay more attention to the system performance of cloud services and the ability to audit service providers. (5) In the concerns of medical institutions, the conflict between the environment provided by the cloud service and the organization's original environment, and whether the software provided is legally authorized are the issues. The findings of this study can support the decision-making of cloud service introduction of the medical institutions or government authorities.
