Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Privacy and Security of Personal Health Information Policy: A Case Study of NTN Nursing School

Verified

Added on 2024/07/24

AI Summary

This report examines the critical issue of protecting personal health information (PHI) at NTN Nursing School, an Australian institution providing training and internship to nursing students. It delves into the significance of security policies in safeguarding the integrity and reliability of patient data, highlighting the importance of preventing data leakage to maintain business sustainability. The report focuses on NTN's initiative to implement a comprehensive information security program, addressing the security and privacy requirements of their network and information systems. It explores the Security Systems Development Lifecycle (SecSDLC) and the Personal Health Information Protection Act (PHIPA) as frameworks for ensuring data protection. The report analyzes the need for information and network security in the context of NTN's services, including telemedicine and mobile healthcare teams, and discusses the role of the Chief Information Security Officer (CISO) in overseeing data privacy and security.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

COIT20263 INFORMATION SECURITY
MANAGEMENT (HT2, 2018)
Assessment Item 1 – Written Assessment
Topic: ‘Privacy and Security of Personal Health Information Policy’
1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1. Executive Summary
This report focuses on the protection of information regarding the personal health. The security
and privacy aspects are the major concern that has been covered in this report. There is the great
significance of the security policies that contribute to the enhancement of integrity and reliability
of the information. The security of the personal data and preventing its leakage is important for
achieving sustainability in the business environment. NTN that is an Australian nursing school
has appointed a staff for their school which provides training and internship to the students. The
Chief Information Security Officer (CISO) who leads the Information Security Division has
initiated a program for attaining information security. This report focused on ensuring the
security of the patient's health report by launching a security program. This assessment covers
the requirements of security as well as the privacy of the information and network in NTN and
support in enhancing learning related to security procedures that will be implemented for
attaining the purpose of this report. The Security system development lifecycle and Personal
Health Information Protection Act is also discussed in this report.
2

Table of Contents
1. Executive Summary.................................................................................................................2
2. Introduction..............................................................................................................................4
3. Discussion (Guidelines)...........................................................................................................5
3.1 About NTN....................................................................................................................... 6
3.2 Services offered by NTN.................................................................................................. 7
3.3 Need for information and network security......................................................................8
3.4 Information Security Policies................................................................................................9
3.4.1 Security Systems Development Lifecycle (SecSDLC)................................................10
3.4.2 Personal Health Information Protection Act (PHIPA).................................................11
4. Conclusion............................................................................................................................. 15
5. References..............................................................................................................................16
3

2. Introduction
Personal health information contains the health records comprised of personal data of the
patients. This data includes name of the patients, history of his health and information related to
their health issues, their consultant doctor and so on. The security of the patient’s health
information is a major concern, the privacy and integrity of his data need to be ensured. This
report has covered a case study of the NTN, Australia which is a private nursing school there.
The health services provided by the NTN are in within the range of 200KM. The appropriate
protection of health information and implementation of legislation will be studied in this report.
The health and telemedicine service provided by the NTN to the society and the quality of those
services depends upon the data confidentiality and its protection as trust of the patient is build up
with the effective implementation of the security guidelines (Spiekermann, 2012).
The objective of this report is to assess the security and privacy aspects of the personal health
data in the NTN School of nursing. The purpose is to attain the information and network security
through effective implementation of security policies. The communication and interaction
between the hospitals should also be kept secret. Therefore, the information and network security
are the major aspects discussed in this report for advancing the service quality of NTN by
following the security policies.
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

3. Discussion (Guidelines)
Identification of the information about a person either in recorded or oral form is termed as
Personal health information. Globally it is a major issue to ensure the secrecy and integrity of the
personal health data. There are national security systems, social credit systems utilized for the
protection of data. There is the requirement of implementation of security guidelines and privacy
laws, security and confidentiality framework in order to ensure the protection of personal
identifiable data of the patients. The effectiveness in collection and processing of data supports
in ensuring the protection of data. The protection of information from loss and theft is important
in order to achieve data confidentiality and secrecy. There are security policies that support in
attaining the right extent of security as well as privacy of personal health information (Rhodes-
Ousley, 2013).
5

3.1 About NTN
A well-known private nursing school in Sydney, Australia that has its satellite sites situated in
Cairns and Darwin. Its services include giving training, internship and education to the nursing
school students. The connection is via the internet between the hospitals, main campus and other
sites of NTN. Using the concept of virtual reality, classroom studies are provided to the students
at other sites through the live-videos. It is a growing institution which is expecting more of the
people/students to join with them in the coming period (Li and Slee, 2014).
6

3.2 Services offered by NTN
The services that NTN provides are related to health-wellness and telemedicine. For providing
those services, it is having a team of nursing students as well as professional doctors. It is a
mobile team that moves from one place to another in the range of 200km for offering
consultations and other health services to the needy people. There is requirement of security and
privacy in enhancing their service quality. They use home-care vehicles through which they
interact with staff of the hospitals via network. They share the reports of the patients and the
protection of that information is an authority of the mobile teams as well as medical staff in
hospitals. In order to attain this, vulnerabilities related to network and information security
aspects should be evaluated and prevented. The threats to the systems should be detected earlier
in order to handle them in a more efficient manner (Cheng and Lai, 2012).
For this purpose, NTN has decided to instigate and start a program that is in regard to the
information security. The staffs need to be employed who could take care of privacy and security
of personal health data of the NTN.
7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

3.3 Need for information and network security
The requirements for security and privacy have been realized by the NTN. The Chief
Information Security Officer (CISO) who handles the division of Information Security (IS) has
selected more staffs members in order to ensure the secure data transmission.
The information of the patients is in the report sent by the mobile teams to the staff members of
hospital. It is a responsibility of staff to keep the information secret and takes care of the
confidentiality of data.
Security is completely referred to the protection as it is needed to protect the privacy of health-
related data. The security of the electronic personal health record is a concern that requires the
regulatory strategies specific to the protection of that information (Spiekermann, 2012).
The flexibility in implementing security policies, technology adoption and effective access
control measures help in ensuring the security of the personal data of the patients. The
communication made among the team members, staffs, patients all should be made reliable
where the leakage of information couldn’t be possible (King and Raja, 2012).
The decisions related to data sharing should be made appropriately with an intention to achieve
privacy of the data. The information on the personal health of patients should not be disclosed
with their authorization. Their authorization should be required for accessing the data related to
their treatment, payment and other confidential data. Important decision should be taken by the
Chief Information Security Officer (CISO) in order to protect the information privacy of the
patient’s personal health records.
8

3.4 Information Security Policies
These policies are the high-level standards which cover efficient security controls. The NTN
should issue a policy related to primacy information security that can ensure that all the staff
members and team members of NTN would take care of the accountability of patient's personal
data. They would comply with the guidelines and follow the security policies in order to assure
general privacy and security aspects in the services provided by them.
It is needed to preserve trust that could be attained through ensuring the confidentiality of data. It
is fundamental act and there are different policies in relation with that which should be
implemented by NTN (Li, et. al., 2013).
Employing staffs for information security division actually helped in effective supervision and
monitoring in order to prevent data leakage and assure authorized access to that personal health
information of the individuals.
9

3.4.1 Security Systems Development Lifecycle (SecSDLC)
SecSDLC support in analysing the existing security procedures. A preliminary analysis is
performed with the help of related controls and known risks. Legal issues should be analysed that
might influence the security system of NTN. Further risks involved in the development of
security system are managed effectively. It supports in testing and implementing the security
solutions of NTN that assure their effectiveness and help in achieving the desired privacy as well
as security aspects (Fernández-Alemán, et. al., 2013).
Figure 1: SecSDLC Waterfall Methodology
(Source: Communications of the ACM, 2012)
10

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

3.4.2 Personal Health Information Protection Act (PHIPA)
It is to be said that while gathering, processing and using the individual’s information, the rules
of Medicine act, 1991 and Personal Health Information Protection Act (PHIPA) 2004 should be
followed.
The 4th section of PHIPA states that;
The information that needs to be secure could be related to an individual's health, person
identification, payments or other and identifying this kind of data hampers the data security and
privacy. The rule is to protect that information through preventing controlling the disclosure of
information.
Disclosure of individual’s health information
The disclosure should only take place when there is the consent of either the patient or their
decision-maker or the rules are not violating in presenting the data. If it is needed by the law, it
should be disclosed.
 PHIPA permits to disclose the data even without patient’s consent in some circumstances that are
provided below:
 If it is for the healthcare prerequisites at the time of emergency or unexpected situations
 In order to standardize the medical profession for performing the regulatory responsibilities then
the information could be disclosed.
 It can be disclosed to a family person or friend.
With the adoption of technologies, the risk related to the data sharing is increased. The data
transmitted over the internet is not safe due to intervention by the intruders or hackers. The data
leakage hampers the confidentiality of the information. The use of a wireless connection network
has arisen several data breaches issues, unauthorized access to the systems, misuse of the
internet, erased health records are some of the major concern related with security and privacy.
The NTN College offers advancement in the use of technology with the intention to appropriate
safety and data security.
11

There are certain principles of PHIPA that are mentioned below:
Principle 1: Accountability
NTN is responsible and liable for personal information and they have members in their
Information security division who are accountable for the college's conformity with privacy
guidelines. The team members, staffs of the hospital should take account of the protection of
personal information. They should implement laws to protect the data and should provide
training that guides about privacy strategies and procedures.
Principle 2: Identifying the cause of gathering personal health information (PHI)
At the time of collection of personal data, the essential role is to identify the reason that why the
information is being collected. The purpose identification is important in order to know the
reason behind accessing the data. The authorized persons have the genuine reason that supports
in detecting the fake one.
Principle 3: Permission for the gathering, utilisation and disclosure of data
It is required to keep the individual aware that their information is being used, processed or
disclosed due to whatever the reason is. This principle needs ‘consent’ and ‘knowledge’ in order
to let the person reasonably understood the cause of accessing their personal data. NTN should
issue rule which is related to the release of personal data to another person that includes the need
for their consent.
Principle 4: Restricting the collection of personal information
The data collected should be limited as per the requirements which need to be fulfilled. This
principle involves the permission in relation to the personal data collection that must not have
included any fraud or cheating.
Principle 5: Limiting the usage, disclosure and retention of data
12

The information should only be used or disclosed only for fulfilling the purpose for which it is
required to disclosed or it could be accessed with there is the consent of patient to access their
personal health information (Al Ameen, et. al., 2012).
Principle 6: Ensuring privacy of PHI
The accuracy and privacy of PHI should be ensured. NTN will regularly update PI with intention
to accomplish the target for the personal data is gathered. The information collected should be
accurate, up-to-date without any intervention of its integrity and privacy.
Principle 7: Ensuring safeguard for PI
There are organizational measure, security measures and physical measures which are the
essential methods for the protection of personal information that help in ensuring safeguard
(Wilkowska and Ziefle, 2012).
Principle 8: Openness related to PI strategies, policies and guidelines
The procedures and practices in relation to the management of personal health data should have
openness. The information should be provided in an easy and understandable form.
Principle 9: Individual access to their information
An individual should be able to challenge the integrity and security of the personal data and then
appropriate amendment will be required. The NTN should make the required changes and ensure
the completeness of the personal information of the patients.
Principle 10: Challenging compliance with the security policies
Addressing a challenge related to conformity with the all mentioned principles are involved in
this one. NTN should process feedbacks related to their security strategies and implements the
same. This procedure of complaint should be very simple and easily approachable to the people
(Abdelhak, et. al., 2014).
13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4. Conclusion
It has been concluded with this report that security policies and guidelines cover the integrity and
reliability aspects of the personal information of the patients. The appropriate protection and
security of electronic data related to personal health need to have restricted access. This report
had covered the features related to security and privacy concerns of the personal health data and
provided security policies with an intention to attain data confidentiality. The security measures
had been taken in order to restrict unauthorized access to information. The data security policy is
implemented and a regular technical as well as non-technical assessment regarding the
implementation of standards is performed with the intention to understand the influence of
business functionalities and variations in the environment on the security of digital health
records. The vulnerabilities associated with the data integrity and security is well assessed and
steps have been taken for preventing the privacy risks to the personal data of the patients.
15

5. References
Abdelhak, M., Grostick, S. and Hanken, M.A., 2014. Health Information-E-Book: Management
of a Strategic Resource. Elsevier Health Sciences.
Al Ameen, M., Liu, J. and Kwak, K., 2012. Security and privacy issues in wireless sensor
networks for healthcare applications. Journal of medical systems, 36(1), pp.93-101.
Cheng, F.C. and Lai, W.H., 2012. The impact of cloud computing technology on legal
infrastructure within internet—focusing on the protection of information privacy. Procedia
Engineering, 29, pp.241-251.
Fernández-Alemán, J.L., Señor, I.C., Lozoya, P.Á.O. and Toval, A., 2013. Security and privacy
in electronic health records: A systematic literature review. Journal of biomedical
informatics, 46(3), pp.541-562.
King, N.J. and Raja, V.T., 2012. Protecting the privacy and security of sensitive customer data in
the cloud. Computer Law & Security Review, 28(3), pp.308-319.
Li, M., Yu, S., Zheng, Y., Ren, K. and Lou, W., 2013. Scalable and secure sharing of personal
health records in cloud computing using attribute-based encryption. IEEE transactions on
parallel and distributed systems, 24(1), pp.131-143.
Li, T. and Slee, T., 2014. The effects of information privacy concerns on digitizing personal
health records. Journal of the Association for Information Science and Technology, 65(8),
pp.1541-1554.
Rhodes-Ousley, M., 2013. Information security: the complete reference. McGraw Hill
Education.
Spiekermann, S., 2012. The challenges of privacy by design. Communications of the
ACM, 55(7), pp.38-40.
Wilkowska, W. and Ziefle, M., 2012. Privacy and data security in E-health: Requirements from
the user’s perspective. Health informatics journal, 18(3), pp.191-201.
16

1 out of 16

+13062052269

info@desklib.com

Privacy and Security of Personal Health Information Policy: A Case Study of NTN Nursing School

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Information Security Management for NTN Nursing School: A Risk Assessment and Mitigation Strategy

Designing an Information Security Program Report 2022

Information System Security for NTN: Legal Issues, Ethics, and Measures

Information Security Management for Nursing School in Australia

Legal Issues in Patient Data Handling by NTN Mobile Teams

Social Media Risks To Patient Information