Russian Classification of Professions by Education 38.00.00
Russian Library and Bibliographic Classification 65
Russian Trade and Bibliographic Classification 77
Based on the conducted research and data from various sources, this article suggests possible measures to improve the regulatory framework governing the work of management personnel on information security (IS) in the healthcare sector. The analysis revealed that the current regulatory framework governing the activities of management personnel on IS in domestic healthcare is based on federal laws, decrees of the President of the Russian Federation and resolutions of the Government of the Russian Fed eration. However, the existing legal acts in this area do not contain specific provisions that take into account the specifics of the healthcare sector. It emphasizes the need to detail these issues in the legal acts of the Ministry of Health of the Russian Federation and other sectoral bylaws. Taking into account the requirements of legislation and the analysis of various sources, simplified options for making changes to some sectoral regulations concerning the regulation of management personnel on IS in healthcare are proposed. Undoubtedly, the presented list of possible improvements to the regulatory framework governing the work of management personnel on IS in healthcare is not completely exhaustive. However, the authors believe that the integrated application of the proposed measures may contribute to improving the situation in this area in the future. The conclusions and recommendations obtained can be useful to experts involved in the development of qualification requirements for management personnel on IS in the healthcare system, as well as to heads of medical organizations and specialists on IS working in these institutions.
management personnel, information security, healthcare, normative regulation, improvement.
1. Deming W.E. New Economy. Moscow: Eksmo; 2006. 208 p.
2. Kapger I.V., Shaburov A.S. Information security management. Perm: Perm National Research Polytechnic University Publishing House; 2023. 91 p.
3. Mazein A.V. Legal regulation of management activities. Moscow: Yurayt; 2025. 189 p.
4. Mikhailova Yu.V., Miroshnikova Yu.V., Knyazev A.A. Leading personnel of health authorities and institutions (sociological research). Bulletin of Roszdravnadzor. 2014; (6): 71–77.
5. Naigovzina N.B., Son I.M., Zimina E.V. Approaches to assessing the number of health care management personnel. Modern problems of health care and medical statistics. 2022; (4): 537–558. DOI:https://doi.org/10.24412/2312-2935-2022-4-537-558
6. Model of competencies of the head in the field of health protection / O.V. Kungurtsev, D.S. Tyufilin, O.B. Pavlenko [et al.]. Social aspects of public health. 2024; (S5): 1–8. DOI:https://doi.org/10.21045/2071-5021-2024-70-5S-7
7. Federal Law of 26.07.2017 No. 187-FZ "On the Security of the Critical Information Infrastructure of the Russian Federation". URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
8. Decree of the President of the Russian Federation of 01.05.2022 No. 250 "On additional measures to ensure information security of the Russian Federation". URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
9. Decree of the Government of the Russian Federation of 15.07.2022 No. 1272 "On approval of the standard regulation on the deputy head of the body (organization) responsible for ensuring information security in the body (organization), and the standard regulation on the structural unit in the body (organization) ensuring information security of the body (organization)". URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
10. Maksimova E.A. Models and methods for assessing the information security of a subject of critical information infrastructure under destructive impacts of infrastructure genesis: dis. ... Dr. Tech. sciences. St. Petersburg; 2023. 448 p.
11. Influence of Human Factors on Cyber Security within Healthcare Organizations: A Systematic Review / S. Nifakos, K. Chandramouli, C.K. Nikolaou [et al.]. Sensors. 2021; (21): 1–25. DOI:https://doi.org/10.3390/s21155119
12. What happens to rural hospitals during a ransomware attack? Evidence from Medicare data / Hannah T. Neprash, Claire C. McGlave, Katie Rydberg, Carrie Henning-Smith. The Journal of Rural Health. 2024; (I. 4): 728–737. DOI:https://doi.org/10.1111/jrh.12834
13. Zone of infection: cybercriminals began to attack hospitals more often. URL: https://iz.ru/1734712/dmitrii-bulgakov/zona-zarazheniia-kiberprestupniki-stali-chashche-atakovat-bolnitcy (accessed date: 14.04.2025).
14. Alarm signal. URL: https://www.connect-wit.ru/trevozhnyj-signal.html (accessed date: 14.04.2025).
15. Letter of the Ministry of Health of the Russian Federation of 04.06.2022 No. 18-4/I/2-9129 "On increasing the stability and safety of the functioning of information resources of the Russian Federation". URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
16. Gavrishev A.A. Study of certain issues of personnel management on information security in medical institutions. Scientific Journal NRU ITMO. Series: Economics and Environmental Management. 2024; (1): 31– 14. DOI:https://doi.org/10.17586/2310-1172-2024-17-1-31-41
17. Gavrishev A.A. State of the labor market in the segment of management personnel on information security of healthcare institutions. Scientific journal NRU ITMO. Series: Economics and Environmental Management. 2025; (1): 123–133. DOI:https://doi.org/10.17586/2310-1172-2025-18-1-123-133
18. Bibarsova G.Sh. Legal support of information technologies. Stavropol: Publishing House SGPI; 2010.100 p.
19. ualification directory of positions of managers, specialists and other employees (approved by Decree of the Ministry of Labor of Russia of 21.08.1998 No. 37). URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
20. Order of the Ministry of Health and Social Development of the Russian Federation of 22.04.2009 No. 205 "On approval of the Unified Qualification Directory of Positions of Managers, Specialists and Employees, section “Qualification Characteristics of Positions of Managers and Specialists in Ensuring Information Security in Key Information Infrastructure Systems, Countering Technical Intelligence and Technical Information Protection”. URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
21. Order of the Ministry of Health of the Russian Federation of 09.06.2003 No. 230 "On approval of staff standards for employees and workers of state and municipal health care institutions and employees of centralized accounting departments at state and municipal health care institutions". URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
22. Methodological recommendations on the formation of an information technology service in medical organizations (approved by FSBI "TsNIIOIZ" of the Ministry of Health of Russia 04.03.2022). URL: http://www.consultant.ru/ (accessed date: 14.04.2025).
