The Healthcare Information System

As Health information system continues to evolve and innovate the healthcare industries, one should be conscious of information security and safety. Kaiser Permanente experiences this dilemma first hand. On August 2000, Kaiser Permanente had a serious security breach that sends out email messages to their patients with another patient’s information. This integrated health delivery system serves over eight million members with appointments, prescription refills, health information, clinical advice and patient forums was breath and nineteen of the member received email messages with private information.

Many healthcare facilities now find themselves in an almost paradoxical predicament: inherently insecure and complex systems are required to be supported to maintain quality of healthcare, while security by mandate must be implemented and insured, (Mulch, 2004).#

The electronic protected health information (ePHI) gets electronically stored and collected in hard copy form as they secure the information. According to the U.S. Department of health and Human Service Office for Civil Rights (OCR) report, millions of people have been impacted by HIPAA data breaches. Hence, healthcare organizations must protect and secure personal health data now more than ever because of the threats that are associated with information. This would substantially increase the protection of healthcare from cyber threats. Moreover, these people are extremely diverse and the cleverness of their data information must be organized within hospitals. Medical records are in high demand because of the sophistication of the records.

Hospital and health facility administrators face hardened criminals who hack medical records with ever-increasing sophistication. Hackers gain access to critical information, such as medical claims, financial data, Social Security numbers and credit card data that enable identity theft, credit card fraud and other privacy breaches. One of the major security failures in the news was the CareFirst BlueCross BlueShield attack that exposed 1.1 million of its members to thefts of their personal information.[1] Combined with high-profile breaches at Anthem and Premera Blue Cross, the breach illustrates the changing role of medical administrators

Working in the medical field with Electronic Health Records, a lot of my responsibilities are reliant on Health Insurance Portability and Accountability (HIPPA) compliance, EHR updates and template building. EHR breaches in security is a constant concern in this age of modern and sophisticated technology. With recent security breaches of major corporations, this has caused technology experts to heighten its security encryptions to prevent further breaches. The increasing concern over the security of health information stems from the rise of EHRs, increased use of mobile devices such as the smartphone, medical identity theft, and the widely anticipated exchange of data between and among organizations, clinicians, federal agencies, and patients. If patients’ trust is undermined, they may not be forthright with the physician. For the patient to trust the clinician, records in the office must be protected. Having the knowledge of how these security breaches are on the rise increases my awareness on the security protection of the health records.

The health care is changing with the advent of Electronic health record. EHR improves coordinated care and promotes easy access to patient care. This helps in improved patient involvement in healthcare and also make them to be better informed. However, there are security and privacy concerns while using EHR systems. Therefore, different security principles are needed to be applied to EHR systems. Information security (InfoSec) principles helps in protecting EHR systems. This principle includes the following:The information is not available to everyone and are not disclosed to unauthorized individuals, processes and entities. Measures are undertaken to ensure that sensitive information should not reach the wrong people while making right information

With the enthusiasm for health information technology, potential risks and problems associated with electronic health records have received far less attention. Three fundamental security goals are essential to EHR systems: confidentiality, integrity and availability (Haas e26). Patients lose the protection of implied trust domain of medical institutions due to their medical record maintenance performed by non-medical enterprises (e27). Depending on the paradigm, enabling access to an increased number of users poses threats to security and privacy.

Numerous health care industries have been victims of cyber-attacks. Such attacks occur when an isolated device transfers the stored medical data to the hospital’s network, which could possibly takeover the entire network of the hospital and intercept data exchange between the patient and the healthcare center. For instance, wearable devices such as the (insulin) diabetes kit that determines the exact amount to be discharged into the patient’s blood, based on

In response to a rapid advancement in technologies, a concern for security has also grown. A drawback of a significant increase in adoption of EHR would be the vulnerability of patients’ sensitive information as frequently seen in cases of identity theft and breach in the retail industry as of late. As of January 1, 2013, the Department of Health and Human Services reported a staggering number of 81, 790 breaches of patient information in healthcare (McDavid, 2013).

This paper will discuss the various threats and vulnerabilities related to the United States healthcare system as well as government regulations and policies as well as the issues of overall personal data security as a whole. Threat assessment in regards to a cyber- attack and the level of liability in the aftermath of a cyber-attack will also be discussed. In addition to the implementation of future protocols regarding personal identifiable information to reduce the sheer number of vulnerabilities, prevent data theft as a result of future attempts at cyber-attacks.

The rapid changes in technology over the past few decades has left the healthcare industry ill-prepared to operate in today’s environment. Most substantial protections of sensitive consumer information has come as a result of federal regulation, most notably in 1996 with the Health Insurance Portability and Accountability Act and 2009 as part of the American Recovery and Reinvestment Act. Protection of information in the healthcare industry has lagged behind all other industries, perhaps because the records aren’t financial in nature or sensitive government information. Implementing simple steps for many organizations may be enough to limit the vast majority of breaches, although a layered, comprehensive security approach should be the ultimate goal for companies.

In today’s society, medical records becomes a huge issue. In many organizations such as healthcare, patient confidentiality becomes a high concern. Having internet health services, creates a challenge for compliance in healthcare. Providers have treated application security and infrastructure security independently until now. Access must be secured for clinical applications to alleviate the concern from providers in healthcare. Therefore, IT infrastructure must be protected from hackers, misusing information as well as thieves. (FairWarning, n.d.)

Although the discussion focuses on the risk manager, most large health care organizations employ a team of individuals to reduce the risks of loss and increase patient safety from both a proactive and reactive stance. The health care environment is constantly evolving, but nothing has made change as pervasive as the Patient Protection and Affordable Care Act (PPACA) and the regulatory and compliance mandates contained within its wording. For instance, maintaining confidentiality of patient information, a key function of risk management, is now more difficult with the rise of cybercrime of medical information. According to Finkle (2014), the Federal Bureau of Investigation warns health care providers there is high demand for medical information by criminals to commit both impersonation crimes and financial fraud. These concerns were unheard of not long ago. Confidentiality and protection of patient information is only

Health information is a fundamental piece of data which represents a person, business, organization, or a community. This data is vital in monitoring and coordination of care for individuals and communities. It not only monitors and coordinates patient care, but reduces costly mistakes and prevent duplication of treatments as well as taking a pivotal role in preserving, securing, and protecting personal health information. Since, this information is extremely essential and sensitive, it must remain secure and safe to prevent frauds and cyber-attacks. First of all, this paper discusses vitality of the health information in regards to individuals, professionals, and organizations along with its benefits to improve overall quality of life. Secondly, it discusses the role of information technology in various aspects of the industry and the what the future holds within IT.

Cybersecurity it a term used to describe the act of protecting information systems from unauthorized access or modification (xxx). The cybersecurity industry exists out of necessity, with the ever-increasing use of the internet and computers to perform day to day actions something needed to be done to protect these systems and the data they house. There are several societal benefits cybersecurity can provide, such as preventing fraud and identity theft. Take credit card companies for example, if they did not employ cybersecurity methods to the payment process criminals could intercept the financial transactions and acquire customer’s credit card numbers. This could lead the more incidents like the 2013 target breach (xxx). With the ever increasing quantity of medical records that are stored electronically, medical facilities must increase the cybersecurity precautions in order to reduce how often breaches occur and the effect of those breaches. Without an increased cybersecurity presence, the cost mitigating incidents could rise above the current estimate of $6Billion per year (xxx).