Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security in Healthcare

Verified

Added on 2023/01/20

AI Summary

This assignment discusses the importance of information security in healthcare organizations, focusing on The Royal Melbourne Hospital. It covers the nature of business, security policy, process requirements, and mitigation strategies.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: INFORMATION SECURITY
INFORMATION SECURITY
Name of Student
Name of University
Author’s Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1INFORMATION SECURITY
Executive summary
Information security is of high importance in the patient care of the hospital. Data that has
high quality would tend to underpin the delivery of evidence having a very high quality. Security of
information is majorly regarding people, tis is facilitated with the use of technology. The
organization that has been chosen for this particular assignment is The Royal Melbourne Hospital,
this hospital is located in Parkville, Victoria which is a specific inner suburb of the city of
Melbourne. This is considered as among the leading hospitals that are located in Australia. The
security policy of information that belongs to the organization is more important for this
organization because, it not only patients, doctors, other professionals but also of students. The
security policy covers every aspect that could be harmful for the organization. The organization has
detailed data regarding the students who aspire to be a doctor from a well reputed organisation.

2INFORMATION SECURITY
Table of Contents
Introduction................................................................................................................................2
Nature of business..................................................................................................................2
Security policy...........................................................................................................................2
Scope......................................................................................................................................2
Process requirements..............................................................................................................3
Information disposal...............................................................................................................6
Mitigation strategy.................................................................................................................7
Conclusion..................................................................................................................................8
References..................................................................................................................................9

3INFORMATION SECURITY
Introduction
The organization that has been chosen for this particular organization includes The Royal
Melbourne Hospital. The stakeholders of the organization are accident as well as emergency staffs,
accreditation, assistant practitioners, audiologists, board of trusties, cardio respiratory team, carers,
catering staff, charge hands, chefs, chief financial officer, civil servants and commissioners.
Information security is of high importance in the patient care of the hospital. Data that has high
quality would tend to underpin the delivery of evidence having a very high quality. Security of
information is majorly regarding people, tis is facilitated with the use of technology. The policy that
would be formulated for the organization would be of high importance and the guidance associated
include provide assurance to the fact that the data is managed in a secured manner besides
maintaining a corporate and consistent way (York and MacAlister 2015). It also assures that the
organization provides a trusted as well as secured environment for the information management
used in the process of delivery of the business.
Nature of business
The Royal Melbourne Hospital tends to help sick people and carry out travelling stock for
keeping the workers whenever in necessity. This particular organization usually belong to the
service industry instead of the product industry, they tend to offer various services instead of any
sort of products such as lodging and board, consultation, hospital health care and many more similar
services.
Security policy
Scope
This particular policy would be applied to all the staffs belonging to the hospital.
Compliance as well as responsibility would also extend to the employees that have been employees
by the company in the post of contractors, temporary staff, and voluntary organizations as well as
someone who is authorized for viewing or working with the information belonging to the
organization. The major purpose of this particular policy is to protect the data of the organization up
to a high standard, all the information assets like staffs and patents records and many more from
various damaging threats irrespective of their external and internal threats, deliberate as well as
accidental.
The security policy would cover every form of data that is held by the company, this data
includes but is not limited to
1. Information regarding members of public, patients, staffs as well as users of services.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4INFORMATION SECURITY
2. Employees of the organization in their premises.
3. Professional as well as staff data.
4. Operational data and organization business.
The security policy would apply to every aspect of data handling, this includes but is not limited
to
1. Structured system of record including electronic and paper.
2. Information recording along with the system of processing, video, electronic, paper, audio
recordings and photographic (Wani, Mendoza and Gray 2019).
3. Transmission system of information like email, fax, post, portable media, telephone and
many more.
Process requirements
The security policy would achieve a particular consistent approach to the management of
security of data throughout the company and would aim in delivering business capability, along
with minimizing the likelihood of the occurrence as well as the impacts of incidents of information
security.
In order to confirm the requirements of the information security of health as well as social
care the organization must
1. Maintain confidentiality of data that is personal: including the identifiable data belonging to
patients as well as staffs with the help of protecting it along with the accordance with the
information security code of practice, data protection act and many more regulatory as well
as legal framework criteria (Li, Zhang and Gao 2015).
2. Ensure the organizational data’s integrity: with the help of monitoring, developing as well as
maintaining it up to the level of satisfaction of the quality for the usage within various areas
that are relevant.
3. Implement the required measures for maintaining availability of the information’s systems
as well as services of company: this includes the aspect of putting in place various measures
of contingency for ensuring minimum of disruption that is caused to the data along with
services of the company (Vrhovec and Markelj 2018)
Various major areas of data security as well as risk management have been mentioned below:
1. Mobile devices: various portable devices like laptops are supposed to be encrypted as well
as keep in various locked storages. Removable media should also be encrypted and should
not be considered as one and only source of data. This means that the data must be stored in

5INFORMATION SECURITY
a particular folder that is secured on shared drive (Angst, Block and D'arcy 2017).
Removable media should be installed by the service provider of IT. Removable media
devices that is owned personally, should not be used for storing or any sort of transferring
the confidential data without any permission (Kuo 2018). Every user of his media would be
responsible for proper use as well as security of information stored in media.
2. Malware and viruses: IT equipment that are utilized by staffs must be protected by
numerous countermeasures along with various procedures of management for protecting the
data against threat of harmful software (Hassan and Ismail 2016). Users must not be allowed
to install any kind of software in the property of the organization without the permission
from service provider of IT.
3. Preventing the data security breaches: every department, or any sort of service area is held to
be responsible for the purpose of monitoring the data they hold as well as use in a regular
manner. A particular annual mapping exercise of data flow that is carried out in as well as
out of teams would be carried out. This particular practice would allow any sort of data risks
to be identified by every team as well as appropriate action for mitigating these risks must
be taken.
4. Prevention of information security breaches: staffs are usually provided the responsibility of
ensuring the fact that data is kept securely while it is being transferred or processed with the
help of adhering to various factors like screens must be locked when computers are not
attended even for small period of time, usage of electronic communication as well as
portable device policy and guidance to be provided on the usage of fax machine, post and
phones that could be found in the policy (Lowry and Moody 2015). Provider of IT service
would ensure the fact that all the computer software had been supplied or used have been
regulated with the help of license agreements along with new operational software and
quality that has been ensured. The organization would ensure that the data that are stored in
the paper format with the help of following adequate amount of procedures for record
management as well as processes (Hassan, Maarop and Ismail 2017). Staffs must be allowed
the access to secured storage areas, along with a proper desk routine must be followed.
Threats and vulnerabilities of the company’s network
There are numerous vulnerabilities that can be faced by the organization, the risks are as
follows
Online medical devices: the security of various medical devices that are provided online is
usually less, this makes them more vulnerable and easy targets for various hackers. With the growth
of internet of things in the medical industry, these available devices have been designed for the

6INFORMATION SECURITY
purpose of export the data to numerous external sources, otherwise have an interaction with the
world outside office of the professional (He and Johnson 2015). The data can be manipulated as
well as intercepted this tends to create a host of numerous issues. Hackers can have access in
managing most of the items that are connected to a particular network. This includes how various
machines work.
Lost as well as stolen devices: similar to other risks, theft of stolen as well as lost devices
represent numerous risks (Fernández-Alemán, Sánchez-Henarejos and Toval 2015). Any sort of
mobile device that is used for the purpose of accessing a particular network of the facility tends to
become a particular liability as soon as it gets stolen or lost. Once it gets stolen users could access
the system that use old as well as stolen login information (Savoli, Addas and Fagnot 2017). After a
particular criminal has the access to the network, it might result in being challenging in detecting
their presence and the breach is resealed.
Vendors: various providers of healthcare services work with numerous vendor without thee
accessing the risk of accompanying. Such as in case the hospital has hired a particular company for
the purpose of cleaning, the employees might get access to the organisational data through their
computers (Gordon, Fairhall and Landman 2017). The information related to patients must be
locked such that any other employee who does not need the access to the data must not be allowed
to view the data.
Mitigation strategy
The issues that could be faced by the organization can be mitigated using various strategies,
these strategies are as follows
1. Keep the systems updated and patched: most of the system failures take place because the
organization lack the activity of proper patching. Some of the observations that have been
noted down by various researchers include the fact that around 90 percent of various attacks
take place because organization had not applied various patches which are older than around
one year, and one more include the fact that in case the organisation performs standard level
of maintenance on all the systems. In this particular case, the attack surface lessons up to
around 3 percent. Besides this, in case the organization tends to support BYOD and hence
lose control on the purpose of performing standard maintenance, in this case the issue gets
even worse. For avoiding this sort of risk the organization must ensure that all the systems
must be updated along with the servers present in the company, desktops, laptops, mobile
devices and desktops.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7INFORMATION SECURITY
2. Defining common security policies for all the types of devices: due to emergence of
numerous devices which could access the confidential data of the company. It is important
to implement the common policies for security for every type of device (Fennelly and Perry
2018). Some of the types of rules include requirement of PIN for every device, no rule of
jail break, mandatory certificate of security for accessing various applications, allow various
approved models as well as versions, remove numerous users that move to various device
models that are in non-prescribed, ensuring the security of API, performing the security
testing and many more.
Conclusion
From the above assignment, it could be stated that an IT security policy is important for an
organization especially the organizations under the healthcare industry. The organization that has
been chosen for this particular assignment is The Royal Melbourne Hospital, this hospital is located
in Parkville, Victoria which is a specific inner suburb of the city of Melbourne. This is considered
as among the leading hospitals that are located in Australia. In the hospital, nursing, allied health
professionals as well as medical usually commit in providing patent care along with a parallel desire
for medical education as well as research that is advanced in nature to the ones who study as well as
work in the hospital. The security policy of information that belongs to the organization is more
important for this organization because, it not only patients, doctors, other professionals but also of
students. The organization has detailed data regarding the students who aspire to be a doctor from a
well reputed organisation. This particular assignment discusses regarding the IT issues that are to be
faced by the organization and the security policy that could be used by the organization in order to
secure their assets from any sort of hackers or any kind of attacks. The security policy covers every
aspect that could be harmful for the organization and the ways by which it could mitigate the issues.

8INFORMATION SECURITY
References
Angst, C.M., Block, E.S., D'arcy, J. and Kelley, K., 2017. When do IT security investments matter?
Accounting for the influence of institutional factors in the context of healthcare data breaches. Mis
Quarterly, 41(3).
Fennelly, L.J. and Perry, M.A., 2018. Facilities Managers: How Secure Is Your Security
Operation?. In CPTED and Traditional Security Countermeasures (pp. 260-261). CRC Press.
Fernández-Alemán, J.L., Sánchez-Henarejos, A., Toval, A., Sánchez-García, A.B., Hernández-
Hernández, I. and Fernandez-Luque, L., 2015. Analysis of health professional security behaviors in
a real clinical setting: An empirical study. International journal of medical informatics, 84(6),
pp.454-467.
Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to information security—public health
implications. N Engl J Med, 377(8), pp.707-709.
Hassan, N.H. and Ismail, Z., 2016. Information security culture in healthcare informatics: a
preliminary investigation. Journal of Theoretical & Applied Information Technology, 88(2).
Hassan, N.H., Maarop, N., Ismail, Z. and Abidin, W.Z., 2017, July. Information security culture in
health informatics environment: A qualitative approach. In 2017 International Conference on
Research and Innovation in Information Systems (ICRIIS) (pp. 1-6). IEEE.
He, Y. and Johnson, C., 2015. Improving the redistribution of the security lessons in healthcare: An
evaluation of the Generic Security Template. International journal of medical informatics, 84(11),
pp.941-949.
Kuo, R.Z., 2018. EMRS Adoption: Exploring the effects of information security management
awareness and perceived service quality. Health Policy and Technology, 7(4), pp.365-373.
Li, S., Zhang, T., Gao, J. and Park, Y., 2015, March. A sticky policy framework for big data
security. In 2015 IEEE First International Conference on Big Data Computing Service and
Applications (pp. 130-137). IEEE.
Lowry, P.B. and Moody, G.D., 2015. Proposing the control‐reactance compliance model (CRCM)
to explain opposing motivations to comply with organisational information security
policies. Information Systems Journal, 25(5), pp.433-463.
Savoli, A., Addas, S. and Fagnot, I., 2017. Coping with Information Security Stressors in
Healthcare.

9INFORMATION SECURITY
Vrhovec, S.L. and Markelj, B., 2018. Relating Mobile Device Use and Adherence to Information
Security Policy with Data Breach Consequences in Hospitals. J. UCS, 24(5), pp.634-645.
Wani, T.A., Mendoza, A. and Gray, K., 2019, January. BYOD in Hospitals-Security Issues and
Mitigation Strategies. In Proceedings of the Australasian Computer Science Week
Multiconference (p. 25). ACM.
York, T.W. and MacAlister, D., 2015. Hospital and healthcare security. Butterworth-Heinemann.

1 out of 10

+13062052269

info@desklib.com

Information Security in Healthcare

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Implementation of Secure Encryption Technologies

Planning and Formulation of Security Policy for Royal Melbourne Hospital

Understanding the Effectiveness Within an Organization

Information Security: The Royal Children's Hospital

Healthcare System Development

Managing Quality in Health and Social Care