StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Analysis of Information Security of Health Record Systems - Term Paper Example

Cite this document
Summary
"Analysis of Information Security of Health Record Systems" paper takes a look at the importance of these technologies how applicable they are in medical institutions and if there are any recommendations that should be kept to ensure security and confidentiality of a patient's records…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93.6% of users find it useful

Extract of sample "Analysis of Information Security of Health Record Systems"

EHR Review Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Name Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Course Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Lecturer Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx August 13th, 2012. Introduction With the introduction of technology in the healthcare sector, confidentiality, consent and privacy have been a major concern to individuals. Through the introduction of technology, it has been easy for medical institutions to easily store and retrieve patient’s data (Lemaire et al 2006, pp. 216). Using electronic health records (EHR), it has been easy to increase efficiency and accessibility while reducing threats in accessing patient’s data. The thesis statement that is going to guide us through this report is: Are current information security technologies adequate for electronic health records? To cover this report we are going to take a look at the importance of these technologies how applicable they are in medical institutions and if there is any recommendations that should be kept to ensure security and confidentiality of a patients records. Background Consent, Privacy and Confidentiality are key principles observed by medical professionals in the recording of medical data and in this case we are going to take a deeper look at the definition of each of the terms. Consent is classified in two broad terms: the ethical dimension and the legal dimension. Consent has been emphasised for many years in medical institutions as a health policy as it strengthens the relationship between health professionals and the public. It therefore gives individuals the right to decide on the actions they would like taken by the professionals while treating them as consent emphasises on individual information (Win and Fulcher 2007, pp.94). Consent takes an ethical dimension when any consequence or alternative of a medical procedure is to be communicated first to an individual. The law also recognises that consent be applicable by all regulatory bodies in the processing of individual medical data. This has been supported by various Acts in the United Kingdom government that promotes human rights and data protection. This human rights act supports the rights to respect an individual‘s privacy using eight principles summarised that personal data should be made lawfully and fairly and there should be a lawful reason why individual data should be retrieved from the data banks. Consent as applicable in electronic data involves auditing purposes of patient’s records. This has mostly been used in cancer patients to check on their progress (Clark and Findlay 2005, pp.1007). Using the electronic form of storing their information, it becomes easy to identify the patient and quickly analyse the conditions thereby having the right recommendation. To ensure that there is much individual consent, the feedback of any examination should be done electronically and at the same time medical professionals should keep up to date records to ensure that correct information is passed to the patients. Privacy can be regarded as a situation where someone’s information is not disclosed or in other situations kept to secret. In medical institutions, privacy has been highly upheld through different legislations that protect any information belonging to a patient from being disclosed. Privacy can be associated to space of an individual, place in which a person stays and the physical location. The Australian standard for palliative provision states that there should be an awareness of privacy in order to maintain a friendly environment for patients and their families (Perera et al 2011, pp.96). In this case it is observed that space represents home and the physical location relates to where they rest after they die. Privacy also includes free interaction of the patient and their family members hence creating space outside from interference. Confidentiality and privacy goes hand in hand where storage of patient information in electronic manner is broadly based. Data being stored in random places ensures confidentiality because this kind of system provides little or no access to records. Information being confident prevents threats from both internal and external access of data and more importantly easy retrieval and storage of data. For there to be easy storage, security has to be a major concern and that way confidentiality will be enhanced in health institutions (Street and Love 2005, pp.1799). Issues that will be accompanied by confidentiality will include authentication which involves the right person to get the information from electronic sources and how the data gotten should be delivered to the required centres. The need to share health records In deed there is an importance on why health records should be shared. This is in regard to maintaining and improving the health situation of the patient. Following the security principles, patients are allowed to share their records with medical practitioners so that they can be aware of their progress and how the patient is to be treated in cases of being transferred to another hospital. In the exchange of data, privacy should be maintained as safe methods are applied in retrieving of information by authorised users (Elahi 2009, pp.117). It should also be noted that a lot of exchanging of information would lead to inefficiency leading to insecurity and thereby breaching confidentiality on the side of the patient. Perspectives of Different group on Sharing of EHR Medical professionals think that security should be greatly regarded so long as it is to the benefit of the patient (Whiddett et al 2006, pp.539). With the introduction of computers, security has been enhanced by encryption of any relevant information and through a system called random computing. Medical practitioners say that with technology, there is an increased chance of keeping records in a confidential manner. Patients express less concern about the threat of security of their EHR records as the benefit of clinical use computerised systems far outweighs the security risk involved (Elahi 2009, pp. 116). In a study carried out in Canada it was found out that 90 per cent of patients approve the use of computer systems in management of health records (Willison et al 2007, pp. 709). However, 48 per cent want the usage of EHR to be limited to their own personal physicians. Concerns about the intention of outsiders in accessing the information of patients was highest if the secondary access were to be allowed by groups who stood to gain an economic advantage from them (Perera et al, 2011 pp. 96). 67 per cent of the respondents would consider their rights violated if insurance companies could access their health information, while only 22% felt that it was wrong for universities to make secondary use of EHR. Most patients feel that the highest security risk to EHR is if it transverses the internet (Beebe et al 2011, pp.706-9). A similar study also support that majority of patients are willing to allow their records to be used in research but are concerned about the privacy of the information stored in ERP’s. Most patients however expressed increasing concern about the security of EHRP as advances in computing continue to be made (Civelek 2009, pp. 298). The concern of privacy of information is brought about by the struggle to by institutions to gain control over information against the patient’s desire to freedom. One of the largest concerns of patients when giving consent for usage of their health record is anonymity. In () patients were more willing to give consent to use of health records if the records could not be identified with them later. However, 60% of the respondents’ still felt that even anonymous information should only be used by health professionals only. Why EHRs need to be reviewed The need to enhance security of EHR has increased with the use of handheld devices to store and transmit data. An EHR system that consists of mobile devices has multiple levels of security vulnerability (Susilo and Win 2007, pp 218). The records can be compromised at the internet level, at the wireless application level, at the wireless network level, the mobile device level and finally on the user level. The increased susceptibility to attacks brought about by the incorporation of Mobile devices into EHR systems means security has to be improved at each of these levels. Secondly, patients do not give unlimited consent for use of their EHR information but they express a number of reservations over the usage information collected about them. Current, EHR system do not consider the type of consent granted for use on information before determining who can access this information (Flores, Win and Susilo, W 2011, pp.17. Patients give consent for the usage of their health information based on whether they are sure who will be using it, on how many occasions the information will be used and on whether the information is anonymous. This brings about the need to create an EHR system that reflects the desire of patients over their EHR (Bergmann et al 2007, pp. 130–136). Finally, there have been increased cases of breaches of EHRs causing considerable distress to patients and exposing health institutions to legal action. For example the in August 2000, Kaiser Permanente sent private messages for 850 patients to 19 unintended recipients (Win 2005, pp. 13). A health worker for the Florida public health department also compromised the privacy of 4000 HIV positive patients when he sent their names to the local newspaper (Win 2005, pp. 13). Leakage of information in EHR has devastating consequences for both patients and the institutions charged with safeguarding the information. A patient may become severely embarrassed, have their lives or careers ruined, and lose the possibility of getting medical cover (O’Brien, William and Yasnoff 1999, pp. 749). The institution may be sued for the breach of privacy sometimes by multiple individuals in class action suits. Recommendations for security system User Authentication is one of the security mechanisms that EHRs can use to enhance the security of information. Although password and usernames and passwords have been used for a long-time to secure information system they have been seen to be vulnerable and need to be complimented using biometric based authentication and role –based access controls (Ohno-Machadoa et al 2004, pp. 602). Role-based access controls can be implemented according to four access mode suggested Porteri and Borry (2008) based on the levels of consent. Another access mechanism that can be very effective in ensuring security of EHR is an RFID chip which is inserted below the skin which allows the computer to uniquely identify users of the system (Win 2005, pp. 13). The use of Web Certificates and digital signatures can also be used to secure EHRs where the records have to be accessed over the internet. The implementation of the 128-bit certificates is used by the Canadian traumatic brain injury EHR system which allows secure web-based access of clinical information. Use of Public Key encryption and Kerberos are also methods that EHRS can use to enhance the integrity of information transmitted through the system. Conclusion The need to review EHR systems has become more urgent as the world become more interconnected and technology in the information systems become more sophisticated. While health records still need to be shared to enhance treatments and discover cures there must be a balance on the need to share and privacy of patient’s information depending on the level of consent granted by the patient. EHR systems can be reviewed to incorporate advance in computing technology to enhance sharing of information while at the same time ensuring security of information. References Beebe, T.J, Ziegenfuss,J.Y, Jenkins, S.M, Haa, L.R, Davern, M.E. 2011, Who Doesn’t Authorize the Linking of Survey and Administrative Health Data? A General Population-based Investigation, Ann Epidemiol, vol.21, no.19, pp.706-9. Bergmann J,. Bott, O.J Pretschner, D P. Haux R. 2007, An e-consent-based shared EHR system architecture for integrated healthcare networks, international journal of medical informatics, vol.7, no. 6, pp. 130–136. Civelek, C 2009, Patient safety and privacy in the electronic health information era: Medical and beyond, Clinical Biochemistry, vol. 42, pp. 298–299 Clark, A. M., Findlay, L.N 2005 Attaining adequate consent for the use of electronic patient records: An opt-out strategy to reconcile individuals’ rights and public benefit, Public Health, vol. 119, pp. 1003–1010. Elahi, E 2009 Privacy and consent in the digital era, Information security technical report, vol. 14 pp. 113–118. Flores, A.E., Win, K.T & Susilo, W 2011, Secure Exchange of Electronic Health Records, In: Chryssanthou, A., Apostolakis, I., Varlamis, I., Susilo, C.R ed, Certification and Security in Health-Related: Web Applications: Concepts and Solutions, Hershey , New York, pp.17. Lemaire, E. D., Deforge, D., Marshall, S & Curran, D 2006 A secure web-based approach for accessing transitional health information for people with traumatic brain injury, Computer methods and programs in biomedicine, vol. 81 PP. 213–219. O’Brien, D.G.,William A., & Yasnoff, M.D. 1999, Privacy, Confidentiality, and Security in Information Systems of State Health Agencies, American Journal of Preventive Medicine 1999; vol. 16, no.4. pp. 749 Ohno-Machadoa, L., Sérgio, P., Silveirab, P., & Vinterbo, S. 2004, Protecting patient privacy by quantifiable control of disclosures in disseminated databases, International Journal of Medical Informatics (2004) 73, 599—606. Perera, G., Holbrook, A., Thabane, L., Foster. & Willison, D.J 2011 Views on health information sharing and privacy from primary care practices using electronic medical records. International journal of Medical Information, vol. 80 pp. 94-101. Porteri, C, & Borry, P 2008, A proposal for a model of informed consent for the collection, Storage and use of biological materials for research purposes, Patient Education and Counseling vol.71, pp. 136–142. Street, A.F& Love, A 2005 Dimensions of privacy in palliative care: views of health professionals, Social Science & Medicine, vol. 60 pp. 1795–1804. Susilo, W., & Win K.T 2007, Securing Personal Health Information in Mobile, International Journal of Mobile Communication, vol.5, no.2, pp 215-224. Whiddett, R., Hunter, I., Engelbrecht, J. & Handy, J 2006 Patients’ attitudes towards sharing their health information, International Journal of Medical Informatics, vol. 75 pp. 530—541. Willison, D. Schwartz, L., Abelson, J. , Charles, C., Swinton, Northrup, D. & Thabane, L 2007, Alternatives to Project-specific Consent for Access to Personal Information for Health Research: What Is the Opinion of the Canadian Public?, J Am Med Inform Assoc. 2007 , vol.14, no.6, pp 706–712. Win, K.T 2005, A review of security of electronic health records, Health Information Management Journal, Vol.34, No.1,pp. 13. Win, K.T. & Fulcher, J.A 2007 Consent Mechanisms for Electronic Health Record Systems: A Simple yet Unresolved Issue, J Med System, Vol. 31, pp. 91–96. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Analysis of Information Security of Health Record Systems Term Paper - 1, n.d.)
Analysis of Information Security of Health Record Systems Term Paper - 1. https://studentshare.org/information-technology/2048046-review-of-information-security-of-health-record-systems
(Analysis of Information Security of Health Record Systems Term Paper - 1)
Analysis of Information Security of Health Record Systems Term Paper - 1. https://studentshare.org/information-technology/2048046-review-of-information-security-of-health-record-systems.
“Analysis of Information Security of Health Record Systems Term Paper - 1”. https://studentshare.org/information-technology/2048046-review-of-information-security-of-health-record-systems.
  • Cited: 0 times

CHECK THESE SAMPLES OF Analysis of Information Security of Health Record Systems

Health Information System

hellip; Migrating from one electronic health record system to another may be quite a hurdle especially given the different technologies, attitudes and economic effects that require proper analysis.... Bringing together systems such as the laboratory information system (LIS) and the health information system (HIS) may be quite a hassle but this can be eliminated only if the legacy applications are slowly eradicated and the new edge technology applied gradually (Latour and Maki, 2009)....
4 Pages (1000 words) Assignment

Information Systems Architecture

Adoption of information structure architecture enables availability of massive quantities of health care details that give precious facts.... Managing information security and Privacy in Healthcare Data Mining.... Utilization of information structure design results in distinction that information technology safety is of main significance to the current community.... A massive body of information exists that can be utilized to safeguard healthcare details....
2 Pages (500 words) Research Paper

Benefits and Challenges in the Implementation of Electronic Health Records

Electronic health record (EHRs) is a systematic and electronic collection of health information on individual patients or populations (Gunter and Terry 1).... Some of the perceived benefits of the application of the EHR system include improved communication between practitioners… Despite the potential benefits of EHRs, their implementation can be a challenge for an entire health care organization. Difficulty in Implementation of the new EHR systems requires the incorporation of older records into the patient's electronic health record....
2 Pages (500 words) Essay

Medical Errors and Losing Information of Patients

A medical error takes place when a health-care organization selects an inappropriate method of medical care or executes a suitable method of care in an improper way.... For instance, in this case, losing medical… Healthcare is reputable institutions that is also affectedaffected by data hacking and breaches more than the military and banking health care organizations expose patient's data or even it gets stolen.... In addition, they rarely encrypt all the data kept since even the Federal health Records Protection law and the health Insurance Accountability act does not demand encryption by the health care firms (Park, 2014)) Patient's data needs to be accessed at times for doctors and other medical physicians to be able to make decisions concerning the patient and how to improve patient care....
7 Pages (1750 words) Assignment

Why Electronic Health Record Adoption Was So Slow

Aspects of Electronic health record systems.... The Electronic health record system that is meant to assist health care workers in keeping record of their patients electronically without losing any data has been slow to be adopted because it is an expensive system to install.... he Electronic health record system that is meant to assist health care workers in keeping record of their patients electronically without losing any data has been slow to be adopted because it is an expensive system to install....
2 Pages (500 words) Assignment

The Dilemma of Internet-Related Privacy

Hospitals using these electronic systems for handling the patients' records have been alerted on the improper access of patients' records.... Illegal access to information on the health related website has been chosen.... Stakeholders include the individuals whose information is stored and who access their medical information and website.... nbsp;… Ethical principles of confidentiality, autonomy and non-maleficence oblige all stakeholders to secure the information of medical records....
5 Pages (1250 words) Coursework

Several Medical Record Formats at the Healthy Facility Record

 This essay discusses several medical record formats at the healthy facility record and they include; source oriented, integrated, mixed records and PORM.... HIM (health Information Management) department is concerned with both internal and external facilities.... he main reason for having a policy in any health facility is that this policy is intended to help the EMS agency in the development of the retention policy.... he following are the both physical and technical measures which should used to secure health records; there should be facility access controls such as alarms and locks, there should be proper policies in the workstation to make sure that there is proper access and use workstations, workstation security measures, such as computer privacy filters and cable locks, there should be a good plan on how to restore lost data....
6 Pages (1500 words) Assignment

Analysis of Security Plan

This essay discusses some beneficial security measures for the facility concerning the transition to an Electronic health record (EHR) system....   Analysis of Security PlanExecutive SummaryConcerning the upcoming transition to Electronic health record (EHR) system, it is necessary to implement security measures to ensure that all processes flow seamlessly.... The process involves a set of procedures that enable the continuation of service provision and transition to Electronic health record (EHR) system....
2 Pages (500 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us