Comprehensive Report: Managing Healthcare Information System Security

Verified

Added on 2023/04/20

AI Summary

This report addresses critical aspects of managing healthcare information systems, emphasizing security and confidentiality. It begins by highlighting the importance of maintaining patient information through robust security mechanisms like firewalls and anti-virus software, as well as user authentication protocols. The report then explores administrative and personal issues, such as unauthorized access and the selection of appropriate technologies. It defines access levels within the system and outlines strategies for managing confidential information, including patient privacy, downtime procedures, and rules for data uploading and downloading. Furthermore, the report provides different methods for training employees to avoid phishing and spam emails, emphasizing the importance of education and practical training. Finally, it evaluates these methods and learnings, underscoring the significance of instructor-led training for practical skill development. The report provides a comprehensive overview of the challenges and solutions related to securing sensitive patient data within healthcare information systems.

Running head: MANAGING HEALTH CARE INFORMATION SYSTEM
MANAGING HEALTH CARE INFORMATION SYSTEM
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1MANAGING HEALTH CARE INFORMATION SYSTEM
Table of Contents
Maintaining the patient information through security mechanism:.................................................2
Administrative and personal issues regarding the security in health care management system:....2
Level of access in the system:.........................................................................................................4
Managing of confidential information in the health care management system:..............................4
Different methods to be trained to the employees in order to avoid phishing and spam emails.....5
Evaluation of the methods and learnings:........................................................................................6
References........................................................................................................................................8

2MANAGING HEALTH CARE INFORMATION SYSTEM
Answer to the question no 1:
Maintaining the patient information through security mechanism:
Maintaining patient information is important for the effectiveness of the health care
management system. The information stored in the health care management system holds the
information regarding the health care organization and patients are confidential. Breaching of the
data and information can become a major threat for both of the parties. In order to maintain the
security in the system, the system can be protected through the firewall and VPN. The use of
firewall will help unnecessary network traffics to be kept away from the organization network
(Thota et al.,2018). Apart from that the use anti-virus software in health care information system
can be helpful to protect the system from external threats and attacks (Zhang et al.,2017). There
is a chance that the system can be tampered by the internal people of the organization. In this
case, the implementation of username and password are needed to be done. There are several
access modes exists in the health care management system. Proper access can be given to the
employees through the authorized usernames and passwords. However, the for the admin access
the username and passwords and the encryption system is different and can be accessed by the
selected managers from the management.
Answer to the question no 2:
Administrative and personal issues regarding the security in health care management
system:
The identified administrative and personal issues in the health care management are
managing the access of the health care management system. There is a chance that the
unauthorized access can be happened on the behalf of the patient. However, the probability of

3MANAGING HEALTH CARE INFORMATION SYSTEM
this type of data breaching depends on the level of security imposed on the health care
management system. In case, if the patients let others know about their username and the
passwords of the system, there is a chance that the unauthorized access can be happened (Yüksel,
Küpçü & Özkasap,2017). However, accessing the patient’s portal in the health care management
system with patient’s concern cannot be treated as the unauthorized access. However, accessing
the portal and modifying the information without the concern of the patient is regarded as
unauthorized access. In this case, the project development team should implement the username
and password those will allow the system to use unique identification of the patients to access
their portals respectively.
The administrative issues regarding maintaining the health care information system will
include the conflicts about getting the access to the internal members of health care organization.
Apart from that implementation of the health care management system is dependent on the
certain emerging technologies. Choosing the right kind of technology for the implementation of
the health care management system is important as it will help to the system to provide the right
outcome. The selection of the software vendor for the implementation is dependent on the
requirements of the projects and the system needed to be implemented (Rezaeibagha, Win &
Susilo,2015). There can be conflict among the stakeholders of the organization regarding the
selection of the right methodology. However, this conflict can be solved through proper business
and stakeholder communication. Confusion may raise in case of providing the admin access and
employee access of the system. The selection of the employees those can be assigned with admin
access is needed to be evaluated.
Answer to the question no 3:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4MANAGING HEALTH CARE INFORMATION SYSTEM
Level of access in the system:
For determination of the level of the access of the system, information policies can be
used. There is a chance that health care information system can be used or abused. The level of
access in the system and the specification of the information policies can be described during the
training period of the employees (Asija & Nallusamy, 2016). The main advantage of introducing
the idea to get access into different level of the system can be implemented in the training period
so that this idea can be integrated with the workflow and behavioral management. It can be said
the access levels can be of three types- admin access, access for the employees of the
organization and access for the patients for the organization.
Answer to the question no 4:
Managing of confidential information in the health care management system:
There are certain steps those can be taken in order to manage the confidentiality in the health
care management system. The things through which this confidentiality can be implemented are-
 Maintaining the privacy of the patients: Maintaining the privacy of the patients is one of
the main concern things in the health care system management. In order to do this
keeping the confidentiality of the medical health record is needed (Yang et al.,2015). The
main advantage of health care information system is that the health record can be
accessed by the doctors in the health care center through this system (Weaver et
al.,2016). However, this accessing of the information is done on the basis of the patient’s
approval. In this situation the sense of trust is needed to be maintained between the
patients and the health care organizations.

5MANAGING HEALTH CARE INFORMATION SYSTEM
 Downtime: Downtime procedure is needed to be introduced to determine the loading time
frame of the forms. The forms can be loaded in the system under certain time frame if
only various criteria are fulfilled. After a certain time, reloading of the form needs the
resubmission of the certain information in the portal (Gawanmeh et al.,2015). This will
mitigate the chances of data breaching.
 Rules regarding the downloading and uploading of the information: Both the medical
organizations and patients are needed to be aware about the type of information those are
needed to be uploaded in the portal for health care information system (Dehling et al.,
2015). Unnecessary but confidential information should not be uploaded by the patients
in the portal. Apart from that during the access of the portal, downloading some content
from malicious link or suspicious link is needed to be avoided by the patients.
 Removing devices from the secured areas: In many situations it has been seen that the
chances of breaching of the data happened when the system is removed from the secured
place (Burns & Johnson,2015). It is the responsibility of the organization to keep the
security of the place where the system is kept and control the access of the people going
to that secured place.
Answer to the question no 4:
Different methods to be trained to the employees in order to avoid phishing and spam
emails.
There are different methods those can be helpful for the employees handling the health
care information system to avoid the phishing and spam mail. In this situation two methods can
be adopted for the employees is order to make them aware about phishing and spam mails. These
two methods are- education and training. Initially it can be seen that both the training and

6MANAGING HEALTH CARE INFORMATION SYSTEM
education are the same thing (Mishra,2015). However, there are some differences in the outcome
of these two methods. Education is related to the development of the theoretical knowledge and
on the other hand training is about implementation of the knowledge through practical training.
Both training and education is important for the making the employees aware about the threats
from the phishing and spam mails. Choosing the right kind of technology for the implementation
of the health care management system is important as it will help to the system to provide the
right outcome. The selection of the software vendor for the implementation is dependent on the
requirements of the projects and the system needed to be implemented (Rezaeibagha, Win &
Susilo,2015).
Answer to the question no 5:
Evaluation of the methods and learnings:
The education regarding the email and cyber security can be done through basic
understanding of the security protocols of the organization. The basic education can include
referring any standard text books and methods. The practical implementation of the knowledge
can be done through the training. The proper training schedule and the content of the training are
dependent on the requirements and thee specifications of the systems in the organizations
(Martínez-Pérez, De La Torre-Díez & López-Coronado,2015). However, it has been seen that
sometimes, the domain of training and the education does not overlap with each other. It has
been seen that training can be given without the knowledge and concepts. On the other hand the
education can be provided without knowing about proper skills. There are different kinds of
training-

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7MANAGING HEALTH CARE INFORMATION SYSTEM
Instructure-led training- In this situation the employees are trained under one or more than one
experts in the organization. This kind of training helps to the employees to gain the kinetic
learner experience. As for example, the training can be given on both the computer hardware and
database at a same time. This can be done through instructor-led training. Instructure-led training
has certain components like trainers, support stuffs, end users, technology, replacement staffs,
facilities, materials and instructional designers.
One of the main driven factor of this kind of training is the training schedule. Different
modules in training is needed to be completed within a certain time so that there is a fixed
deadline the employees are ready to handle the new system in a defined time bound.

8MANAGING HEALTH CARE INFORMATION SYSTEM
References
Asija, R., & Nallusamy, R. (2016). Healthcare saas based on a data model with built-in security
and privacy. International Journal of Cloud Applications and Computing (IJCAC), 6(3),
1-14.
Burns, A. J., & Johnson, M. E. (2015). Securing health information. IT Professional, 17(1), 23-
29.
Dehling, T., Gao, F., Schneider, S., & Sunyaev, A. (2015). Exploring the far side of mobile
health: information security and privacy of mobile health apps on iOS and
Android. JMIR mHealth and uHealth, 3(1).
Gawanmeh, A., Al-Hamadi, H., Al-Qutayri, M., Chin, S. K., & Saleem, K. (2015, October).
Reliability analysis of healthcare information systems: State of the art and future
directions. In E-health Networking, Application & Services (HealthCom), 2015 17th
International Conference on (pp. 68-74). IEEE.
Martínez-Pérez, B., De La Torre-Díez, I., & López-Coronado, M. (2015). Privacy and security in
mobile health apps: a review and recommendations. Journal of medical systems, 39(1),
181.
Mishra, D. (2015). On the security flaws in id-based password authentication schemes for
telecare medical information systems. Journal of medical systems, 39(1), 154.
Rezaeibagha, F., Win, K. T., & Susilo, W. (2015). A systematic literature review on security and
privacy of electronic health record systems: technical perspectives. Health Information
Management Journal, 44(3), 23-38.

9MANAGING HEALTH CARE INFORMATION SYSTEM
Thota, C., Sundarasekar, R., Manogaran, G., Varatharajan, R., & Priyan, M. K. (2018).
Centralized fog computing security platform for IoT and cloud in healthcare system.
In Exploring the convergence of big data and the internet of things (pp. 141-154). IGI
Global.
Weaver, C. A., Ball, M. J., Kim, G. R., & Kiel, J. M. (2016). Healthcare information
management systems. Cham: Springer International Publishing.
Yang, J. J., Li, J., Mulder, J., Wang, Y., Chen, S., Wu, H., ... & Pan, H. (2015). Emerging
information technologies for enhanced healthcare. Computers in Industry, 69, 3-11.
Yüksel, B., Küpçü, A., & Özkasap, Ö. (2017). Research issues for privacy and security of
electronic health services. Future Generation Computer Systems, 68, 1-13.
Zhang, Y., Qiu, M., Tsai, C. W., Hassan, M. M., & Alamri, A. (2017). Health-CPS: Healthcare
cyber-physical system assisted by cloud and big data. IEEE Systems Journal, 11(1), 88-
95.