Pages:8 (2462 words)
Document Type:Term Paper
Managing Medical Records and the Implementation of Tools and Safeguards Required within HIS
Few practices are more important in managing health information systems than managing medical records, safeguarding patients’ medical history, and ensuring that all end users of medical information technology are approved and trained. Some of the biggest factors in security breaches are end users themselves (Rhee, Kim & Ryu, 2009). This is why training of staff on how to use equipment and the importance of protecting passwords is so important (Jackson, 2018). However, the system itself should have system protections built-in that can protect against end user mistakes—protections such as double security via multi-factor authentication (Crossler & Posey, 2017). This paper will discuss the programming language and relational databases that should be used to accommodate security needs for the HIS, the information tools and safeguards required to protect it, the security needed for electronic health records, an applicable code of ethics, and proposals for training staff.
HIS Programming Language and Relational Databases to Accommodate the Task
As Prince (2013) notes, “some programming languages are more susceptible to specific security flaws than others”—which means that some programming languages need to be avoided when it comes to HIS. Those languages include C and C , even though they are commonly used elsewhere. Their commonality is actually part of the problem. Because so many people are familiar with them, it is easier to hack one’s way into systems written in those languages. The issue with them systematically is that they are not type safe languages. In other words, the programmer is responsible for where the type and data go, how information is compiled and arranged, and so on. This makes it far more likely that errors will creep into the programming, errors that can then be exploited by hackers (Prince, 2013). For HIS, a type safe language should be used that reduces the likelihood of such errors occurring. A type safe language is one in which the language itself tracks integers, strings and space amount allotted to information inputs. Languages like .Net are much more preferable for HIS than C because .Net is type safe and thus provides buffers for programmers (Prince, 2013). If HIS security is going to be improved, the programming language has to be one that has improved since C was first unveiled, and that is the case with .Net. The language itself will not solve all the problems—developers will still bear some responsibility in developing a program that is secure; but starting with a language that can help minimize the risk of human error is preferable.
As for databases, the most common database used in health care is the relational database (Campbell, 2004). These are the most commonly used because they allow for the tracking of patient care, such as treatments, outcomes, heart rate, and so on. The relational database can connect to various other systems already in place—i.e., they are compatible with other systems—so, for example, patient information entered into the system in the emergency department can be linked to billing and so on. Or the registration system can be linked to it so that immediately upon registering a patient’s information is available to the nurses in the department he or she will be accessing at the facility (Campbell, 2004). The good thing about relational databases is that it means data only has to be entered in once.
Information Tools and Security Safeguards Needed for the HIS
Reeder, Ion and Consolvo (2017) point out that there is no single, universal way to guarantee 100% security of health information systems. While end user training is really the first line of defense against data breaches, there are other ways that the system can be developed to ensure protection. One of the most important ways is through multi-factor authentication, which offers at least two layers of protection of data whenever it is being accessed by end users. However, even this level of protection is not 100% guaranteed, as there are other ways for hackers to steal data. Data breaches can occur by hacking into the centralized identity repository; surveillance can be conducted of all data and patients’ privacy can be compromised (Crossler & Posey, 2017). Denial of service attacks can occur, eavesdropping, spoofing and tampering can all be ways that hackers meddle, and there are virtually myriad other ways that hackers can penetrate a system—and most of them rely upon end user negligence or upon the end user not being trained to recognize suspicious activity (Vanguard Communications, 2015).
…use of this technology can include team work exercises that focus on helping members to understand the importance of system security, protecting passwords, and not leaving sticky notes on consoles with passwords written on them for everyone to see.
Building a security culture is important of course, and one way to do that is through interesting training exercises like a weekly security trivia, in which workers can earn points for their team. Points could be redeemed for a pizza party or some other prize. The trivia would focus on understanding security issues and increasing workers’ security intelligence. The weekly trivia contest could be like the trivia games played in restaurants and pubs, only here it would focus on security questions. This type of training is more interesting, generally, to workers—and more meaningful and effective ultimately—than mundane Power Point presentations or computer-animated videos that are watched for five minutes and then forgotten about. The goal here is to get the workers thinking about what matters in terms of security and then using that energy to keep them engaged and knowledgeable.
HealthIT.gov (2018) offers privacy and security training games that staff can play to build up their knowledge of how to ensure that systems are kept safe and secure. As Health IT.gov (2018) notes, “the use of gamification by ONC is an innovative approach aimed at educating health care providers to make more informed decisions regarding privacy and security of health information.” Training does not always have to seem like a chore or a bore. It can take the form of something fun that trainees actually enjoy. The more fun they have doing the exercises, the more likely they are to be engaged with the learning material. And the more engaged they are, the more likely they will acquire a deep down understanding of the essential information they need to keep the system safe and patient data secure.
Managing health information systems effectively is important for the successful usage and storage of patient information as well as for the linking of various departmental information needs throughout a facility. Patients have the right to expect that their health information is protected, and end users have a duty to ensure that they follow the ethical principles regarding electronic health…
Campbell, R. J. (2004). Database Design: What HIM Professionals Need to Know.
Perspectives in Health Information Management 2004, 1:6 (August 4, 2004). Retrieved from http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_024637.hcsp?dDocName=bok1_024637
Crossler, R. E., & Posey, C. (2017). Robbing Peter to Pay Paul: Surrendering Privacy for Security's Sake in an Identity Ecosystem. Journal of The Association for Information Systems, 18(7), 487-515.
Donovan, F. (2018). Judge Gives Final OK to $115M Anthem Data Breach Settlement. Retrieved from https://healthitsecurity.com/news/judge-gives-final-ok-to-115m-anthem-data-breach-settlement
HealthIT.gov. (2018). Health Information Privacy, Security, and Your EHR. Retrieved from https://www.healthit.gov/providers-professionals/ehr-privacy-security
The IMIA Code of Ethics for Health Information Professionals. (n.d.). Retrieved from http://www.imia medinfo.org/new2/pubdocs/Ethics_Eng.pdf
Jackson, R. (2018). Pulling strings. Retrieved from https://iaonline.theiia.org/2018/Pages/Pulling-Strings.aspx
Prince, B. (2013). Programming Languages Susceptible to Specific Security Flaws: Report. Eweek, 12. Retrieved from https://www.eweek.com/security/programming-languages-susceptible-to-specific-security-flaws-report
Health Information Technology (HIT) is technology that is used to help make health care easier for all stakeholders—both patients and care providers. Examples of HIT include electronic health records, personal health records, e-prescribing, and online communities. HIT allows information to be communicated, stored and shared among people in the industry, whether they are patients providing care givers with access to information or care givers sharing information with other care givers.
A1. Advantages and Disadvantages of a System
All health information systems (HIS) come with great advantages and some disadvantages that must be taken in account to keep patients safe. A HIS is a system that captures, retains information, and helps manage it. A HIS can be used to send health information within an organization and outside of the organization. Several items within a healthcare organization have interoperability with the HIS
Protection of Digital Health Information With increase health information technology store access patient information, likelihood security breaches risen. In fact, Canadian Medical Association Journal (CMAJ): In United States, a whopping 97% increase number health records breached 2010-2011 Ensuring that patient information is protected at all times is vital for any health care institution. Patient information records contain sensitive information that can be used for malicious purposes like identity theft, credit card fraud,
Optimizing Merged Health Information Systems
Although the merger of two comparably sized companies competing in the same industry is a relatively commonplace business strategy, the process is fraught with obstacles and challenges and a significant percentage of merged entities fail outright because of these problems (Murphy, 2019). These types of problems are further compounded when there are sophisticated information systems involved that must also be merged successfully. The purpose of
Medical Information System Upgrade Proposal The information system currently relied upon by this practice is extremely outdated; it is incapable of assuring information security, and highly inefficient. Current information management practices in this office are significantly outdated and will eventually have to be upgraded to maintain any capacity to coordinate with other offices and to process ordinary transaction because digital systems are already the standard throughout modern American healthcare and business
Ethics, Values and Decision-Making in Nursing Practice RIGHT FROM WRONG A nurse's primary tasks are monitoring the patient's vital signs, administering medications, and helping doctors treat and perform procedures (Williams, 2012). Oftentimes and in many cases, these technical skills must be guided by certain and pertinent moral and ethical principles. This ethical and moral component of her overall responsibility is so important and critical that a code of ethics was created by