logo

CIS8018 – Strategic Information Security | Assignment

   

Added on  2020-03-04

23 Pages4579 Words195 Views
Running head: STRATEGIC INFORMATION SECURITYStrategic Information SecurityName of the Student:Name of the University:Author’s Note:Course ID:

1STRATEGIC INFORMATION SECURITYAbstract:The current report aims to select an Australian-based organisation by describing itsexisting state of security systems along with making suggestions for improving the same. Hence,in order to fit this purpose, Royal Adelaide Hospital has been selected as the organisation, ashospitals are complex institutions where various departments manage different types of patients.The privacy and security of information is necessary for the healthcare organisations formaintain the confidentiality and privacy of the patients. This acts as the necessary characteristicof the patient-physician association and this study evaluates the Royal Adelaide Hospital inAustralia for the security of information. The program of information related to security is recommended and developed for thehospital that covers the assessment of risk, conformance and proposing on security solution inaccordance with the compliance of HIPAA. The report also signifies on the different roles andresponsibilities, which the hospital possesses and with the growth of security programs, theimprovement of responsibilities and roles of the various security personnel have been discussedas well. It is recommended that RAH needs to have ISO 27001 standards along with privacy andsecurity regulation of HIPAA.

2STRATEGIC INFORMATION SECURITYTable of Contents1. Introduction:................................................................................................................................32. Health information privacy and security:....................................................................................33. Information security program:.....................................................................................................43.1 Identification of privacy and security needs:.........................................................................53.2 Information security policy:..................................................................................................63.2.1 Phases of security policy development:..........................................................................73.3 Layered approach to privacy and security:............................................................................83.4 Systems engineered according to HIPAA compliance:.......................................................103.5 Risk management:...............................................................................................................103.6 Improving the roles and responsibilities of information security management:.................133.6.1 Information security manager:......................................................................................133.6.2 Compliance officer:......................................................................................................143.6.3 Information technology management:..........................................................................143.6.4 Information technology users:......................................................................................144. Conclusion:................................................................................................................................15References:....................................................................................................................................17Appendix:......................................................................................................................................21

3STRATEGIC INFORMATION SECURITY

4STRATEGIC INFORMATION SECURITY1. Introduction:The current report aims to select an Australian-based organisation by describing itsexisting state of security systems along with making suggestions for improving the same. Hence,in order to fit this purpose, Royal Adelaide Hospital has been selected as the organisation, ashospitals are complex institutions where various departments manage different types of patients.Thus, it is necessary to maintain coordination amongst these departments (Ab Rahman and Choo2015). In addition, it is necessary for the hospital to protect information from unauthorised users,modification of personal information and accessing the threat of unauthorised disclosure. In case of Royal Adelaide Hospital, the three primary principles related to securityinclude integrity, confidentiality and availability (New Royal Adelaide Hospital 2017). Thus, itneeds robust environment associated with information security with a homogeneous network,which is tightly secured to protect from external threats. 2. Health information privacy and security:Maintaining the privacy of patient information is the fundamental principle for theassociation existing between a physician and a patient in a hospital (Abdelhak, Grostick andHanken 2014). The patients need to share the correct information with their physicians for properdiagnosis; however, in certain instances, they often fear to share the same due to their healthissues like HIV patients. This is because they are of the view that such disclosure might lead tosocial discrimination. Thus, it is crucial for Royal Adelaide Hospital (RAH) and its physicians tomaintain private information of the patients effectively and the management might feel tough inhandling large sets of records, which become collected over a specific timeframe.

5STRATEGIC INFORMATION SECURITYThe security and privacy of information is essential and it is needed to have the integrityof information with minimised errors of transcription (Ahmad, Maynard and Park 2014). Thiswould comprise of effective administration information for finance, patient diet along withmaintaining each patient record. The security of information would be a portion of the programrelated to hospital information security and it enables in decision support system to preparehealthcare policies necessary to maintain patient privacy. With the growing utilisation ofautomated technologies like processing of medical claims and e subscribing, the healthcareprivacy in RAH has increased. The sharing and movement of patient information in an electronicformat is an issue and the issue is to maintain the data privacy (Baskerville, Spagnoletti and Kim2014). Thus, RAH needs to access its plan of security management for ensuring security andprivacy in the data of the patients. 3. Information security program:The development of the program pertaining to information security management isnecessary in providing a proactive approach to the overall patient protection. For theidentification of security threats affecting the patient privacy, effective security management planis to be developed. The following are the major constituents of security management plan:Developing, implementing and maintaining program related to information securitymanagementDeveloping and identifying written procedures and policies related to securityIdentifying various responsibilities and roles for the security personnelTraining and monitoring security staffs (Cassidy 2016)

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Electronic Health Records Presentation 2022
|14
|900
|21

Strategic Information Security
|14
|3454
|25

Security Program and Information Security Program Assignment
|13
|4049
|40

Principles Of Health Informatics And Analytics In Healthcare Delivery
|13
|3595
|235

Contracts & Procurements: Best Practices and Key Findings
|12
|3172
|20

Information Governance and Cyber Security (Part 2)
|12
|3275
|90