PricingBlogAbout Us

Information Security in Healthcare: Patient Data Protection Strategies

Verified

Added on  2022/08/21

|9
|2098
|37
Report
AI Summary
This report examines information security in the context of healthcare, focusing on the protection of patient data in a technologically evolving world. It delves into various security mechanisms, including the installation of antivirus software, the implementation of firewalls, system updates, and encryption techniques, to prevent data breaches and unauthorized access. The report also addresses administrative and personnel issues, such as employee awareness training, secure software purchasing, and the establishment of policies for handling sensitive patient information. Furthermore, it explores access control methods, differentiating between physical and logical access, and emphasizes the importance of user logs and authentication protocols. The report also highlights the significance of proper handling and disposal of confidential information, including employee training, secure shredding practices, and the use of access controls. Finally, the report underscores the need for continuous evaluation of security methods to ensure their effectiveness in mitigating risks and protecting patient privacy, concluding that a multi-faceted approach is essential for safeguarding patient data in the healthcare industry.
Document Page
Running head: INFORMATION SECURITY
Information Security in a world of Technology
Name
ID
Course
Unit lecturer
Date
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
INFORMATION SECURITY 2
Introduction
One of the fields that is growing day and night is the field of information technology. Despite
having the positive advances in the field, there are negative issues evident in the field. For
example, the constant hacking activities. However, hospital have been the area of target for many
hackers. The main goal of this assignment is to elaborate how organizations can protect patients’
information through the following mechanisms:
Security mechanisms
According to Baskerville, (2018), security mechanisms refers to the strategies that the
organization put in place within the computers that they use to protect patients’ information. The
first security strategy is to install antivirus software in their machines. Many hackers make use of
viruses to phish patients’ data from the computer. However, there are antiviruses which include a
vast and Bitdefender that can immunize the computer and notify the user. The effect of viruses
are severe. Some of the effects include deleting file from the organization machines. The second
security mechanism is use of computer firewall. Firewall can be software or hardware. The
purpose of the firewall is to prevent unauthorized access to the organization network. Entry of
unauthorized users may put at risk the user data. There are cases where the hackers can take
advantage of the unupdated software or operating systems of the machines in the organization.
The best security procedure in this scenario is to keep the operating systems updated according
to Biswas & Muthukkumarasamy, (2016). Most of the updated software comes with security
mechanisms that is difficult to outdo. Despite updating the systems, hackers also study the latest
trend on how to get other people’s data. Therefore, another security strategy is to insist on
encryption. Encryption refers to the act of hiding the meaning of the data that two people are
sharing. The act will prevent leak of the information by denying the hackers the real meaning of
Document Page
INFORMATION SECURITY 3
the information. The last security strategy is ensuring that the healthcare organization back up
their data from the main sources of the data. The reason for the backup is that there are cases
where the hacker may deny the organization access to their data. However, backup is an
alternative during a loss.
Administrative and personnel issues
Administrative and personnel issues refers to the way the management of the health organization
carry out themselves to ensure that the patients’ data do not get to the wrong hands. The first
administrative strategy is to create awareness to the employees of the health organization about
the existence of the hackers. For example, the administration should make the employees aware
of the spam emails that they will be receiving on daily basis. These spam emails are ways to
phish out the patients data from the health organization. However, it is important for the workers
to know that these emails come from hackers and they should not open them anytime. The
second personnel issue is how the organization purchase software and recruit their employees.
For instance, there are cases where the software that come the organization come with viruses
according to Mahdi, Alhabbash & Naser, (2016). The administration need to take care on how
they purchase the software. Another issue is about the workers employed to operate on the
patient’s data. These workers must be loyal to the organization. The administration should ensure
that their integrity is not questionable and they cannot engage in any malicious act. For example
selling out the data to unauthorized user. Personnel issues deals with how the administration
respond to the critical issues that happen in the organization. For example, when there is loss of
data or breach in security. There should be well placed mechanism that deal with such losses.
These strategies should aim at satisfying the customer and ensuring that they are guaranteed of
their privacy. Taking part in legal business or action is another approach. No one can agree that

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
INFORMATION SECURITY 4
his or her information is used otherwise with those he trust. For example, the medical records
should only be used within the healthcare settings to serve the patient. Anything past that may
jeopardize the privacy. It is not right for everyone to know what a patient suffer from at any time.
There exist situations where the patients pay the services online and the organization has the
mandate to protect the details from landing to the wrong hands. Lastly, it is important for the
organization to come up with policies that regulate how the employees handle the clients’ data.
The approach ensure that when there is unauthorized access to the data, one can be held
accountable.
Level of access
Access in information technology deals with who access data at a specific period of time. For
this case the data is the patient details. It is important for health organization to control data
access. The reason is that access control will reduces the risk that the health organization will
incur when unexpected activity takes place. However, there are various ways in which the
organization can control the level of access to data. Consequently, the two main access control
are the logical and the physical control according to Goodman, Straub & Baskerville, (2016). In
a larger health organization, physical access control deals with the buildings and the rooms that
are in the institution especially the physical information technology gargets.
On the other hand, the logical access control deals with the access to network of the institution,
the online files and the data. For the health campus to regulate the physical access, it should
make use of the padlock and electronic means. For example, there can be specified people
registered in the organization to access the server room. They can do this by scanning their
fingerprints or using the facial expression mechanism. Health institutions should also be able to
maintain the user logs. These logs track the user on the files and websites he or she would have
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
INFORMATION SECURITY 5
visited. Logical access control deals with the use of passwords and permission to files. For
example, the status of the employee in the hospital can determine the data the individual can
access. Many systems today come up with the access control options according to Öğütçü, Testik
& Chouseinoglou, (2016). These panels are set before the organization begin using the system.
There are two critical action that deals with access. These actions include authorization and
authentication in the system. For example, when an individual wants to access a system, the first
thing is that the system will request for the credentials. These may include the username and the
passwords. Getting to the system will depend on whether one has entered the correct username
and password. However, after entering to the system, there is a control on the operations that the
individual can access. For example, if the user is a patient he can only see his information and
update if necessary. However, the admin is able to see other patient and delete other if there is
need. It is the level access.
Handling and disposal of confidential information
Several medical records are always private and confidential. Edel, (2009) stated that the security
of this information depends on how the company handle and dispose them at the end. There are
various handling and disposal methods that health organization can deploy to protect the leakage
of the data. The first approach is training the doctors and other employees on how they should
handle the data. Castro & McQuinn, (2016) stated that many employees may not understand that
a patient can sue the organization if there is leakage in the patients’ information. Training
employees should cover how they should handle the information to the disposal period. Health
organization can hire a third party to do the training when there is need. For example, the
employees should know that they are not allowed to invoke the patient’s confidential record
without the permission of the patient or the organization. Secondly, no one is allowed to take
Document Page
INFORMATION SECURITY 6
advantage of the responsibility given to him or her by the company and phish out data from the
system.
There are other organizational roles that they should implement to secure confidential
information. One of these methods include having a separate and confidential waste shredder for
disposing the old documents. These bins should not be accessible to unauthorized persons.
Controlling access is another aspect that is inevitable in the process. For example if an
organization have lockable cabinets that they store the medical records. The rooms should have
padlocks and the locks available to only authorized people according to Safa, Von Solms &
Furnell, (2016). The system should have passwords to allow only specific people to access the
files. However, the systems should have anti-virus to prevent the possibility of phishing the
confidential information.
How to evaluate the methods
Security mechanisms are always tested to confirm the stability. For example, Edel, (2009).
Stated that firewalls can be evaluated by trying to bypass the security details. Generally, all these
methods have similar evaluation mechanism. The organization can hire a third party to bypass
the details and see the loopholes available. From their organization can correct the mistake in the
system.
Conclusion
Rise in technology has given hackers new tricks on how to get to confidential information.
However, some of these activities begin at the organization level. The above essay have
elaborated on how to counter all the tricks of the hackers. These strategies should begin at the
employee’s level to the administrative level as illustrated in the essay. As the technology keeps

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
INFORMATION SECURITY 7
improving, healthcare organizations should also update their software to prevent possibility of
hacking.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
INFORMATION SECURITY 8
References
Baskerville, R. (2018, June). Information security: Going digital (invited lecture). In Annual
Conference of the Southern African Computer Lecturers' Association (pp. 3-14).
Springer, Cham.
Biswas, K., & Muthukkumarasamy, V. (2016, December). Securing smart cities using
blockchain technology. In 2016 IEEE 18th international conference on high performance
computing and communications; IEEE 14th international conference on smart city; IEEE
2nd international conference on data science and systems (HPCC/SmartCity/DSS) (pp.
1392-1393). IEEE.
Castro, D., & McQuinn, A. (2016). Unlocking Encryption: Information Security and the Rule of
Law. Information Technology and Innovation Foundation.
Edel, E. M. (2009). Handbook of Informatics for Nurses & Healthcare Professionals. Aorn
Journal, 90(1), 139-140.
Retrived from: https://drive.google.com/open?id=16BXMTM-Lo9wc1XZbk6dUQO9VxJK8A4JT
Goodman, S., Straub, D. W., & Baskerville, R. (2016). Information security: policy, processes,
and practices. Routledge.
Mahdi, A. O., Alhabbash, M. I., & Naser, S. S. A. (2016). An intelligent tutoring system for
teaching advanced topics in information security.
Öğütçü, G., Testik, Ö. M., & Chouseinoglou, O. (2016). Analysis of personal information
security behavior and awareness. Computers & Security, 56, 83-93.
Document Page
INFORMATION SECURITY 9
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model
in organizations. computers & security, 56, 70-82.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 9
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.