Exploring Healthcare Data Security: A Comprehensive Literature Review

Verified

Added on 2023/04/22

AI Summary

This literature review provides an overview of healthcare data security, tracing its historical development from ancient medical records to modern electronic health record systems. It discusses the evolution of health information management, the impact of computer technology, and the introduction of key regulations like HIPAA and HITECH. The review highlights the challenges of data aggregation, interoperability, and the increasing threat of cyber-attacks, while also emphasizing the importance of data privacy and security in healthcare settings. The establishment of organizations like AHIMA and ONC, along with initiatives like the 'Triple Aim,' are discussed in the context of improving patient care, population health, and reducing healthcare costs. The review concludes by underscoring the continuous need for robust data security measures to protect sensitive medical information.

Running head: HEALTHCARE DATA SECURITY
Chapter 2
Name of the Student
Name of the University
Author Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HEALTHCARE DATA SECURITY 1
Chapter 2: Literature Review
Beginning from insurance forms to medical records, and prescription based healthcare
services the business of healthcare can be stated as a largely networked environment that allows
sharing of patient information. It is also managed by a plethora of parties and each of them have
discrete levels of security for the protection and safeguard of pertinent information (Walker et
al., 2014). Several characteristics that impart uniqueness to healthcare data include the fact that
all the data are stored in multiple places such as, HR software, EMR and departments like
pharmacy and radiology. Furthermore, aggregation of the data into a central and single system
like an enterprise data warehouse (EDW), increases its accessibility and usefulness. This chapter
discusses the historical development, contemporary perspectives, and implications of healthcare
data security.
Historical Development of the Topic
With the evolution of technology, the pressures to healthcare data security and
consistency of the medical devices also increase. The most basic forms of medical archives were
descriptions transcribed by ancient Greeks, with the aim of documenting effective cures, sharing
essential medical observations about indications and outcomes, and teaching others who were
directly or indirectly involved in delivering medical advice, by conducting a thorough analysis of
the case studies. Although the written reports that contained a detailed description of the
patients’ complaints and analyses precede the chronicles of astrologers, Richard Napier and
Simon Forman, their accounts from 1596-1634 have been identified as the most primitive
comprehensive collection of medicinal records in actuality (Kassell, 2014).
The beginning of the health information management industry can be mapped back to the
1920s. It was during this time that healthcare professionals were able to realize the importance of

HEALTHCARE DATA SECURITY 2
documenting care services provided to the patients, with the aim of giving benefits to both the
service users and the providers. Furthermore, a close association was also established between
the formulation of patient records, with the details, outcomes and complications related to patient
care. In other words, during the early 20s, healthcare professionals gained a sound understanding
of the potential advantages of obtaining, analyzing, and guarding digital and outmoded medical
evidence, vital to delivering high quality patient care. It has been stated by Fiorito and Edens
(2016) that physicians were initially involved in offering necessary medical advice on the
different ways of presenting pertinent information, in clinical records. During 1928 steps were
taken by the American College of Surgeons (ACOS) for standardizing the ever-increasing
number of clinical records by the establishment of the American Association of Record
Librarians (AARL), popularly referred to as the American Health Information Management
Association (AHIMA). Hence, although the healthcare record-keeping process continued, all the
data were paper-based.
This was followed by major changes during 1960 when the development and widespread
use of computers provided healthcare professionals with the opportunity of maintaining all health
records of patients in an electronic format. Nonetheless, the expenditure of acquiring and
sustaining a mainframe and the disbursement linked with storage of healthcare data, intended
that simply a handful of the largest healthcare organizations had the provision of putting
technology into use, for handling relevant medical records of their service users (Jacucci et al.,
2014). The same has been affirmed by Hammond et al. (2014) who elaborated on the fact that
the realm of health informatics, as commonly known today, developed with a sophistication in
the use of computer technology that increased its potential of managing huge volumes of
healthcare figures. One of the first labors took place below the dominion of the American

HEALTHCARE DATA SECURITY 3
Society for Testing and Materials (ASTM). The initial standards were formulated with the aim of
addressing exchange of laboratorymessages, data content, assets for electronic health record
schemes, and subsequent health information system security. El Camino Hospital in Mountain
View, CA formed a collaboration with the Lockheed Corporation in 1964, for developing a
hospital information system that comprised of medical archives, but mostly computer
manufacturers failed to understand the needs of the healthcare industry (Bouidi, Idrissi & Rais,
2017). This resulted in the foundation of the Eclipsys Corporation that provided all hospitals and
different healthcare organizations with computerized physician order entries, electronic medical
records, and revenue cycle administration software. However, several organizations did select for
a computer based healthcare system that effectively controlled medical records, while offering
restricted access to the archives. These systems provided access only at the location where it was
produced. These records most often contained material about the stay of patients at the hospitals,
different diagnostic tests and/or treatments delivered within the hospital premises (Cimino et al.,
2014).
This was followed by introduction of the Medicare and Medicaid in 1965 that required all
nursing professionals to participate in the collection and assortment of necessary healthcare data
for documenting patient care, in relation to their reimbursement (Bauchner, 2015). While the
time was marked by increased use of computers for billing and accounting based functions, the
usage of computers for the collection and management of patient medical records was still not
that prevalent (Shaw et al., 2014).Despite a reduction in the implementation of technology, the
necessity to homogenize electronic health records was documented by several establishments.
This eventually resulted in the formation of the Systematized Nomenclature of Medicine
(SNOMED) to schematize the pathology language. This in turn was succeeded by the formation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HEALTHCARE DATA SECURITY 4
of the Uniform Minimum Health Data Set (UMHDS) in order to progress the guidelines and
standards on national health data (Ivanović & Budimac, 2014).
There is mounting evidence for the fact that with increased development in IT, several
software were designed with the aim of providing support to clinical functions for clinical
laboratories, pharmacies, billing and patient registration. However, one potential disadvantage
was associated with lack of access of department-specific functions, by other hospital
departments (Wager, Lee & Glaser, 2017). One of the first attempts at establishment of
integrated healthcare records dates back to 1971 when the gynecology unit at University Medical
Center, Burlington, implemented a patient oriented system that encompassed all health
disciplines in order to provide a detailed overview of the delivered care. This helped in
establishing association between the treatments, costs, conditions, and outcomes. According to
Duke et al. (2014) this was followed by the development of the Regenstrief Medical Record
System (RMRS) in 1972 where data was collected from 35 diabetic patients who had been
admitted to the County General Hospital. The hard coded program involved entry of patient data,
its storage in the form of a detailed structure, and print of flow sheet reports.
Further chronological events comprise of the development of diagnosis related
groups (DRGs), concomitant with data that was required for repayment. This in turn augmented
the necessity for hospitals to procure comprehensive information from medical systems, besides
financial systems, with the aim of ensuring claims imbursement. Owing to the widespread
popularity of health associated software applications and personal computers, the staff working
with hospital information technology (IT) were gradually provided the responsibility of
integrating several disparate systems, with the development of network solutions (Vest et al.,
2014). In the words of Hodgson and Coiera (2015) the year 1982 marked the advent of the

HEALTHCARE DATA SECURITY 5
Dragon Naturally Speaking speech recognition software that later on collaborated with the
Lernout & Hauspie Speech Products, thus forming a milestone in healthcare data. This
eventually developed into a reliable tool for entering and storing patient related information into
healthcare data systems, thus easing the process of delivery of care, and its subsequent utilization
in future. With further advancement in technology, most departments of hospitals failed to
appropriately access healthcare information, outside their own storage, thus averting sharing of
healthcare from incongruent system.
According to research evidences published during the early 1990s, some of the major
barriers or issues related to healthcare data security that were faced by the hospital personnel
could be accredited to absence of proper standards, and high installation costs. These prevented
majority of hospitals from adequately adopting the use of electronic health records (Archenaa &
Anita, 2015). Development and enforcement of the master patient index (MPI) formed a
significant event in this field. This database contained detailed patient information and gradually
began to be used across all healthcare organizations, which in turn laid the foundation of
different initiatives like the Indiana Network for Patient Care (INPC). The year 1994 was marked
by the revision of the ICD-10 code version by the World Health Organization that contained
comprehensive codes for all symptoms, diseases, complaints, abnormal findings, external injury
causes and social circumstances (Subotin & Davis, 2014).
Time and again it has been proved that competition in healthcare resulted in the
consolidation of discrete hospitals in order to develop health systems, thereby recognizing the
need of integration. Technological advances also led to the increased access of hospitals to
different computing systems, which were responsible for sharing information across contrasting
healthcare systems (Youssef, 2014). In appreciation of the long-drawn-out opportunity of the

HEALTHCARE DATA SECURITY 6
role of members in data management and health informatics, the AARL organization that was
founded in 1928, endured its fourth name alteration to American Health Information
Management Association (AHIMA) (Gellert, Ramirez & Webster, 2015). This expanded the role
of professionals working in health information system beyond the data encompassed in a solitary
hospital medicinal data, to health information encompassing the complete range of care (Neame,
2014). Further advancements took in relation to the formulation and enforcement of the HIPPA
(Health Insurance Portability and Accountability Act) in 1996 for providing data security and
privacy provisions, with the aim of safeguarding essential medical information. In recent years
the law has also increased its prominence with its proliferation into the domain of healthcare data
breach due to ransomware attack or cyber-attack on providers and health insurers (Fuller, 2018).
With an advancement of the hospitals into wider healthcare systems for acquiring
individual practices of the physicians, healthcare organizations also identified the need of
implementing interoperability, where different IT systems help in communicating and
exchanging pertinent clinical data. The 2000s were marked by the incorporation of electronic
health records (EHRs) in order to enable all healthcare providers for making better healthcare
decisions. Implementation of EHR by an increased number of physicians and hospitals resulted
in a significant decrease in the incidence rates of preventable medical errors, by enhancing the
clarity and accuracy of the medical records. This was concomitant with the emphasis made by
the then President George Bush on the importance of combining information technology in
healthcare settings, and the usage of computerized health records, in the State of the Union
Address, 2004 (Smith et al., 2014).
According to Carley, Nicholson‐Crotty and Fisher (2015) acceptance of completely
purposeful EHRs developed more suggestively with the enforcement of American Recovery and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HEALTHCARE DATA SECURITY 7
Reinvestment Act (ARRA), in the year 2009. One primary measure that was involved in ARRA
was namelythe, Health Information Technology for Economic and Clinical Health (HITECH)
Act. The major objective of the HITECH act is uphold the perception regarding usage of EHRs,
besides promoting fiscal incentives for reassuring the application of EHRs. The subtitle D of the
HITECH Act was important owing to its role in addressing the confidentiality and security
worries related with the electronic distribution of essential health information (Beaty & Quirk,
2015).
Data from reports indicate that another major step in the field of healthcare data security
was the establishment of the Office of the National Coordinator for Health Information
Technology (ONC) that had the responsibility of formulating a private, secure and intraoperable
nationwide healthcare information system, that aimed to improve end user implementation of
EHR, and establishment of different standards by 2014. In other words, the ‘Triple Aim’ focused
on namely, (i) improvement of patient familiarity of care, (ii) enhancement the overall health of
the population, and (iii) reduction of per capita charges of healthcare (Sheikh, Sood & Bates,
2015). This was followed by a gradual doubling in the use of EHRs across all hospitals, in
comparison to the data of 2008. An estimated 96% hospitals and 87% office based physicians
were found to utilize EHRs in 2015, thus demonstrating the widespread recognition of healthcare
data security. In addition, the implementation of cloud computing services for an extensive
variety of industry, counting in healthcare, reinforced expanded networks that reached areas
beyond definite sites and settings to assemble different units together in a healthcare system or
HIE, lacking any noteworthy investment in novel technologies (Henry et al., 2016).
Research evidences also suggest that the augmented bulk of data, easiness of entree to
data and the necessity for health information authorities to direct the administration of healthcare

HEALTHCARE DATA SECURITY 8
data has resulted in a snowballing dependence on healthcare informatics (Valdez et al., 2014).
This has been defined by American Medical Informatics Association (AMIA) as an arena of
information science allied with the supervision of all facets of health data and material through
the implementation and utilization of computer technology. With the advent of the 2010s, the
focus on delivery of value based care services started increasing in contrast to care that was
based on fees. The year also demonstrated an improved interest in improving patient outcomes
by averting avoidable medical errors, while propelling the accumulation of healthcare data for
supporting essential clinical decision making. Showing consistency with clinicians who agreed
upon the prominence of preceding health archives as knowledge tools that would advance health
outcomes, the contemporary healthcare professionals started using digitalized healthcare data for
enhancing patient care on a superior scale, with the use of health information tools that evaluated
population health data.
Further advancements were observed with the implementation of accountable care
organizations (ACOs), with the aim of improving healthcare of patients, and promoting
collaboration between the providers (McWilliams et al., 2016). Although the HIEs and ACOs
utilized EHRs for collection of patient data and their storage, there remains a significant gap in
the aggregation and harmonization of relevant information from different system for producing
data that can easily be examined. Data-sharing, intraoperability, and better access to healthcare
information continue to be an important prerequisite for improvement of health information
process, enablement of ACO, exchange of information, and formulation of care that is
population-specific.
Summary

HEALTHCARE DATA SECURITY 9
Healthcare data security and management plays a crucial role in contemporary
healthcare. Patient records help in capturing essential patient information from different
laboratories, clinics, physicians, and treatment locations that not only deliver a holistic view of
the health history of the patient, but also provide vast information that can be utilized for
enhancing patient care and outcomes.
Contemporary Perspectives
The increasing use of electronic health record system (EHR) has flickered the necessity
for implementing regulatory guidelines on health information that are digitally stored, owing to
the elevated rates of cybercrime. During initial days, healthcare data security was associated with
simple steps such as, securing a file cabinet that contained a huge amount of patient records.
However, these days, the procedure of defending the confidentiality of health information is
much more multifaceted. Different kinds of data breaches are being discovered almost regularly,
which in turn pose extreme risks to the finances of all patients and healthcare providers (Kamoun
& Nicho, 2014). Security breaches have also been found responsible for causing damage beyond
financial loss. Targets of cybercrime also suffer mutilation to their statuses, while
administrations use appreciated time and flair exploring breaches, which prevents them from
monitoring and extenuating future attacks.
In the words of Patil and Seshadri (2014) with the ever-increasing charges for healthcare
services and augmented health insurance payments, there is a necessity for hands-on wellness
and healthcare. Besides, the trend of digitizing medicinal records has recently undergone a
paradigm transferal in the healthcare business. Thus, the healthcare industry is perceiving an
upsurge in absolute volume of data, in relation to difficulty, assortment, and timeliness. Big data
has emerged as a plausible resolution for lowering costs, while improving the caregiving delivery

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

HEALTHCARE DATA SECURITY 10
and management, with the potential of altering the healthcare industry. Implementation of big
data in healthcare suggestively upsurges security and client privacy apprehensions. Big data
involves the storage of patient information in data centers, having changeable levels of security.
However, invasion of huge data sets from assorted sources creates a load on storing, dispensation
and communication. The same has been confirmed by Anagnostopoulos, Zeadally and Exposito
(2016) who elaborated on the usage of big data in capturing, storing, aggregating and analyzing
the huge amount of patient information, in a systematic manner, without losing the “4Vs”
namely, velocity, variety, volume, and veracity. It has also been stated that taking into account
the technical viewpoint, the heterogeneity and the large amount of healthcare data, often
represent information technology (IT) encounters for data mining and subsequent processing,
specifically for IoT that remains mostly amorphous. Traditional healthcare data security systems
are grounded on Relational Databases Management Systems (RDBMS) that fail to support
unstructured health data.
Nonetheless, implementation of big data in healthcare, helped medical experts and
computer scientists generate algorithms based on data produced from sensors for treating
Parkinson’s disease. Hence, in addition to storing pertinent medical information, healthcare
information technology is increasing treatment efficiency. According to Cunningham and
Ainsworth (2018) facilitating direct involvement of the patients in the governing the usage of
medical data, and conducting the activities in the open, in a secure fashion, is imperative in
enhancing acceptance and uptake of health informatics platforms. Development of a core
Application Programming Interface (API) enabled a permission system that assisted patients in
specifying the people, who were eligible for accessing their records, besides reviewing the usage
to which all healthcare data have been put.

HEALTHCARE DATA SECURITY 11
Although the improvements in IT have observed great expansion, in relation to healthcare
technologies they have also increased the complexity of healthcare data, thus increasing the
difficulty in handling and processing them. Adoption of a cyber-physical system, with the aim of
implementing patient-centric healthcare services and applications, called Health-CPS, have been
found to enhance the optimal performance of different healthcare systems, thus allowing both
providers and patients to completely utilize the healthcare applications. These CPS systems are
based on big data analytics and cloud computing technologies and focus on dispersed storage and
equivalent computing, thus enhancing the security of essential medical information (Zhang et al.,
2017). Khan et al. (2014) elaborated on the fact that HIT has resulted in the development of a
uniform platform that allows easy sharing of medical information, in a completely automated and
ubiquitous manner. It has been stated that implementation of a HIT framework that comprises of
a personal server (PS), sensors attached to patients, a remote base station (RMS), client
data/interface reader, and hospital community cloud facilitates patient privacy and data security,
with a special focus on inter-censor communication. Usage of multiple biometrics has been
found beneficial in maintaining the security of pertinent health information, thus preventing a
breach of privacy.
It has also been proposed by Li, Lee, and Weng (2016) that implementation of cloud-
assisted WBAN provides assistance, at times of emergency and also helps in saving the lives of
patients. The HIT comprises several body sensors that are attached to the patient, with the aim of
collecting and transmitting essential health information to medical clouds, with the help of public
and wireless communication channels. Owing to the sensitivity and privacy of patient’s data,
there is a need to deliver sturdy security and defense of the medical data over insecure
communication channels. The researchers elaborated on the fact that designing key agreement