Essay about Information Security Officer for Small Pharmacy

A growing demand has emerged in the healthcare field for well-trained pharmacy technicians to assist the pharmacist in many practice settings by assuming greater responsibilities. These may include order entry, filing prescription orders, compounding sterile preparations, cart fill exchanges, inventory control, operation of automated technology, utilizing the computer system as well as fulfilling other patient specific duties. Well-trained pharmacy technicians in retail and institutional settings are a vital part of the healthcare team.

Discuss security standards and methods, including the need for data storage integrity and data backup and recovery. In addition to complying with Health Insurance Portability and Accountability Act (HIPPA), SMC needs to be valiant in how the organization will protect information and manage network security. Information security is the protection of information against risk to its integrity, inadvertent disclosure, or availability (Hawkins, 2013a). The most common threats an organization's network will face are hackers, spyware, viruses, worms, Trojan horses, and malicious insider (Hawkins, 2013a). To protect SMC from hackers, they will use firewalls and intrusion-detection devices. Firewalls protect network systems by obstructing unauthorized entry while allowing approved communications (Hawkins, 2013a). Intrusion-detection systems monitor who the user is and what the user accesses. To promote HIPPA, SMC will track the last names of users who accessed patients with the same last name to reveal inappropriate use of client information.

The next step is to identify the risks, threats and vulnerabilities. Hackers attack from the Internet, failure of hardware or software systems, or network outages are the most common threats. And common vulnerabilities are absence of firewall and antivirus software, absence of update patches, not adequately trained associates etc.

Hospitals have put in place widespread security and privacy measures to protect patient health information. However, there are still errors being made in data security through the IT standpoint. Some of these errors or issues include:

Information security and HIPAA policies should cover all the necessary access and control measures needed to secure information system resources and deter, shield and protect the organization from security breaches. The scenario demonstrates that the organizations overall information security posture is poor. The HIPAA, remote access and retention policies within the information management division need to be addressed due to the healthcare organizations legal obligation to ensure the privacy of protected information. Security safeguards can be addressed through vigilance and the implementation logical and administrative access controls. Properly administered HIPAA Privacy and remote access policies would not only help alleviate but quickly identify 3 undocumented accounts with global remote access. HIPAA security standards require any user with access to protected health information have a documented need to

Data security is used to prevent anything that is unauthorized, and it helps to protect all of the data from any corruption. Almost daily, media reports highlight the failure of health care organizations to safeguard the privacy and security of patient data, whether electronic or paper. Preventing data breaches has become more complex, and at the same time, the fines being levied against health care organizations for violating the Health Insurance, (Zamosky, 2014).# In this paper, I will discuss the security measures, how the security measures used and how well did the security measure work.

The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients with life-threatening situations. Given the list, select which of the seven domains of a typical

Some include administrative, physical and technical safeguards. In administrative safeguards it allows the reader to understand the security management process to reduce risk and vulnerabilities. Security personnel responsible for developing and implementing security policies. Information access management minimum access to perform duties. Physical safeguard is about the limit of physical access to facilities, and how workstation and device security policies and procedure covering transfer, removal, disposal, and reuse of electronic media. Finally, technical safeguard is about the access control that restricts access to authorized personnel’s. Audit controls for hardware, software, and transitions. Integrity controls to ensure data is not altered or destroyed. Transmissions security to protect against un authorized access to data transmitted on network and via email. Moreover, there are three pillars of data security confidentiality, availability, and integrity. Confidentiality refers to the prevention of data loss, and is the category most easily identified with HIPAA privacy and security within healthcare environments. Usernames, passwords, and encryption are common measures implemented to ensure confidentiality. Availability refers to system and network accessibility, and often focuses on power loss or network connectivity outages. Integrity describes the trustworthiness and permanence of data, an assurance that the lab results or personal medical history of a patient is not modifiable by unauthorized entities or corrupted by a poorly designed process. Database best practices, data loss solutions, and data backup and archival tools are implemented to prevent data manipulation, corruption, or loss; thereby maintaining the integrity of patient

Jean, a former pharmacist, is now the network administrator for the LM Pharmacy in the town of Paris, Virginia. His duties include enabling the electronic transfer of information between health care providers (i.e., doctors and hospitals), patients, and the pharmacy itself. One of Jean’s most important responsibilities is to protect health information in accordance with federal law and the pharmacy’s privacy policy.

All customer information will be stored in the system and accessible to the clerks as read only. Everything is to be password protected and only managers will have the ability to alter said information.

Companies can prevent falling victim to unauthorized physical access by developing and implementing simple policies, standards, procedures, and guidelines for employees as well as guests to follow. Secure all areas containing sensitive systems and/or data. Require staff to follow entrance procedures when entering a secured area. Also ensure that physical data such as important documents are secured. Require

In light of available security measures and their widespread acceptance within the information security community, there is no excuse for healthcare organizations to fail in fulfilling their duty to protect personal patient information. Guaranteeing the confidentiality and privacy of data in healthcare information is crucial in safeguarding the data of patients as there should be a legal responsibility to protect medical records from unauthorized access.

Information security and privacy is occupying a most important role in the healthcare territory in order to deliver protected information process to their patients (Appari, & Johnson, 2010). As healthcare department is the organization with vast data and essential information the hospitals has to keep a useful information security technique in their enterprise process (Mishra et al., 2011). Information security is one such phase in the healthcare sphere which is extremely problematic to describe and evaluate even to the individuals who are working on the process. In the healthcare organization, information is of many types which required for the work and even the security is a main control for almost all the practices which are transmitted out in the healthcare field (Appari, & Johnson, 2010). Hospitals, in specific, have been instructed to create a new set of security specialists to protect healthcare data tools techniques upon which exists may rely. Healthcare data is very critical for patients because it is very confidential records. If a medical apparatus is filled with a computer virus it can even exemplify a possibility to patients ' lives. Hence, hospitals should design alertness of the risk, to defend against concerns to healthcare databanks and be concerned about the high risk of infected computers or medical tools being connected to their networks (Mishra et al., 2011).

As a child, I grew up enjoying mathematics and science; this led to my dream of becoming an Information Security Analyst by majoring in Computer Engineering in college. I chose this profession because over the past couple of years, the world has become more dependent on technology, which means that there is more technology that needs to be developed and better network security will need to be implanted to meet the progressing world’s standards. By being in this profession, there will always be job opportunities in small and large companies because networks, computers, cell phones and many other gadgets are prone to being compromised. For example, Boeing is a prestigious, global company that is one of the leading manufacturers of cyber security that offers several internship and job opportunities to undergraduates and graduates. Future graduates will be able to learn reliable information on what they need to become an information security analyst because an intensive amount of time was taken to research and find credible sources.

Information security professional’s job is to deploy the right safeguards, evaluating risks against critical assets and to mitigate those threats and vulnerabilities. Management can ensure their company’s assets, such as data, remain intact by finding the latest technology and implementing the right policies. Risk management focuses on analyzing risk and mitigating actions to reduce that risk. Successful implementation of security safeguards depends on the knowledge and experience of information security staff. This paper addresses the methods and fundamentals on how to systematically conduct risk assessments on the security risks of information systems.