Health Information Security
Managementof patients’ information is one of the most sensitive stages thatis influenced by various factors and has had the great impact induring provision of quality health care to patients. The reason isthat it may have effects on professional standards, economics, lawand ethical issues surrounding health care (Weaver, 2016). On mattersregarding the law, patients’ health information must beconfidential and thus should not be disclosed to anyone withoutclient consent. According to the federal legislation, the patientmust give consent if their information is to be shared. Besides, nopatient information is supposed to be shared through social media orany other channel without patient’s consent (Doak, 2014). Thefundamental duty of health information manager is to ensure that lawrequirements are followed to the letter.
Ethicalissues have huge impacts on the information management. Patients’privacy, as well as the security of their personal healthinformation, has led to a lot of concerns. Some of the patientinformation can be leaked through portable devices and other forms oftechnologies and then subjected to sale or used to perpetrate othercrimes (Brunton & Nissenbaum (2015). Essentially, one of thebiggest challenges facing information system is to prevent unethicalloss of patients’ confidential information. Accordingly,information managers ought to consider both social and ethicalimplications of patient information as significant factors wheninvesting in information management.
Highprofessional standards are required when carrying out various dutiesin information management department (Weaver, 2016). Informationmanagement involves handling sensitive client information which whenmishandled can lead to adverse legal and economic consequences to thehealth care organizations. As such, the role of informationprofessionals in the process of taking care of the patient ishandling the client information with the highest professionalstandards possible. Economics have had huge impacts on theinformation management system in particular on the ability enhanceacquisition of competent information systems. For instance, therecovery and investments act of 2009 availed $19 billion ininducements for health institutions to enable them to develop systemsthat would facilitate capture and safe storage of information.
Thehigh initial budget of effecting and investing in the novel andreliable technology has been a subject of great concern. Thus,management of information system requires massive investments, andthus efficient information management depends on the ability toinvest in this department. Portable devices are significant gadgetsthat ought to be used for storage of valued and confidential healthinformation of the patient (Weaver, 2016). Portable devices havevarious security challenges such that their users should be vigilantbecause useful clients’ information may be lost while in thisdevices. Consequently, health providers can facilitate real-timepatient-provider collaboration.
Nevertheless,professional standards ought to be maintained when handling mobileand other portable devices containing patients information such thatsuch information do not leak to other individuals (Brunton &Nissenbaum, 2015). Social media channels are inevitably inescapableand significant for the growth of health care especially becausehealth information can be shared quickly. However, adequate measureought to be enacted to safeguard patient information in that theinformation does not leak through social media (Doak et al., 2014).Government and quasi-government agencies play various roles inimplementing policies surrounding the use of mobile applications andsocial media in health information management. The research seeks tofind out the ethical implications for health informatics to leaders,significant of maintaining professional standards in when handlingpatient information through portable devices and social media and therole of government and quasi-agencies in implementing policiessurrounding the use of mobile applications.
Securitychallenges posed by portable device and application platforms
Portabledevices are valuable gadgets that may be used to store valuable andconfidential health information of the patient. Such devices includelaptops, tablets, and smartphones among others. Brunton &Nissenbaum (2015) asserts that physicians, nurses and otherprofessionals in healthcare have utilized multiple devices in diverselocations to facilitate real-time patient-provider collaboration.Essentially, nearly 33% of healthcare professional perform theirdaily duties outside working stations at least one day in every sevendays.
However,according to Vermesan (2014), such devices and application platformspose security challenges that may lead to exposure of patientinformation. There have been massive breaches in healthcare includingthe evolution of the profitable online market for informationregarding healthcare. Health care institutions do not have sufficienttools to safeguard valuable health information after entrustingportable devices to employees. According to recent research, about35% of healthcare brands have adequate security policies for theinformation carried through portable devices (Chell et al., 2015).About 50% of the employees in the health care institutions bypasssecurity measure when carrying out their duties. Examples of securitychallenges include sharing files which contain valuable patientinformation by employees thereby breaching confidentiality concerns.
Regularly,provisioned institutional applications such as Twitter and Facebookaccounts are used in ways that are against institutional regulation(Brunton & Nissenbaum, 2015). Inappropriate usage leads tosharing of data and other confidential information that should not beshared. Although mobile devices have passwords, screen locks orbiometric reader objective information demonstrate that employeesseldom use these protective mechanisms. Moreover, Carlton et al.(2015), postulate that more secure two-factor verification passwordis not used yet it is more stable and devoid of associated securitydrawbacks such as guessing and eavesdropping. Other individuals couldthus gain access valuable data and information belonging to thehealthcare brands.
Mobileand other portable devices may contain downloaded malware disguisingas a utility, game or security patch. Vermesan (2014) stresses thatsuch malware may be used to intercept consumer information leading tounintended exposure. Besides, some portable devices do not utilizesecurity software meant safeguard such devices against spyware,malware and malicious applications (Brunton & Nissenbaum, 2015).Other challenges include the use of the operating system and otherportable devices software and application that are outdated,unauthorized modifications that allow the addition of other featuresand unlimited internet connections such that it could connect to theInternet and other devices leading hacking risks to the portabledevice.
Recommendsecurity measures to safeguard data found on portable devices
Variousstrategies ought to be put in place to protect information that canbe accessed from the portable devices. They include the use ofsustainable software programs such as SecurityCenter uninterruptedview and Nessus (Harwood, 2015). These programs would identify,distinguish and audit endpoints and networks to monitor and recognizesensitive healthcare information transmitted and stored in theportable device. However, such possibilities require partnering withtechnology brands such as MobileIron and Cisco. Through thistechnology, compliance posture and security of the portable systemscan be monitored either when connected to the network or disconnected(ICCSA & Gervasi, 2015). These programs also ensure that onlyaccredited devices are capable of being granted access to theconfidential consumer data in the hospital website.
Harwood(2015), maintain that use of Nessus software may also enable laptopsand other portable devices to run compliance programs on the localWindows and scans devices to determine any possible breach and thennotify the relevant authority. Other methods of securing portabledevices include use password, device key or another form of userauthentication mechanisms and installation or enabling encryption,installing remote wiping/disabling (Vermesan, 2014). Moreover, it isprudent to utilize adequate security when sending and receivinghealth data and information on public Wi-Fi networks, disablefile-sharing applications, update software and research applicationsbefore downloading (ICCSA & Gervasi, 2015).
Massiveeconomic investment in portable information systems, mobile, and thecomputer application is valuable in safeguarding patients’information. For instance, investment in installation and maintenanceof sustainable software programs such as SecurityCenter uninterruptedview and Nessus require substantial capital investments (Harwood,2015). The gaps that exist in investments in the competentinformation systems and devices are the inability to acquire thelatest information on the best practices regarding software andhardware management. Correspondingly, although economics have hadhuge impacts on the information management system in particular onthe ability enhance acquisition of competent information systems itis still unclear whether initial acquisition cost is more significantthan the maintenance cost. More funds should be directed to the mostsignificant variable. However, the gains, especially in terms ofsecuring patients information, are more rewarding and safe comparedto investments cost that may be incurred from possible lawsuits(Vermesan, 2014). At the same time, updating software and makingvarious installations using software professional is costlyeconomically. Conversely, but one of the safest ways of safeguardingpatients’ information thus preventing loss of reputation and othercosts associated with patient data breach.
Socialnetworks and health information exchange.
Socialnetworks are significant but unrestricted frontier usable inexchanging health information. There is vast information that isavailable on social media channels including Facebook, YouTube,LinkedIn, Google +, Whatsapp, Instagram and Twitter among othernetworks (Benson et al., 2016). These channels are inevitablyinescapable and significant for health growth, timely sharing ofinformation and obtaining feedback on the level of patientsatisfaction. Usage and participation of social media have massivelyincreased in the recent years and is expected to continue rising infuture. Benson et al. (2016) observed that social media usage in 2005was estimated to be 8% while in 2014 the usage went up to 74%.Currently, usage has gone up to 79% meaning that social mediasignificant in healthcare is expected to increase further.
Nevertheless,individuals in need of medical data and other private information arealso on the increase in that it is now easier for confidential healthinformation to leak than before. Research has shown that vast numberof health professionals utilizes social media for accessinghealth-linked data to use it for various purposes (Doak et al.,2014). Other healthcare personnel enthusiastically participate andengage in conversations and discussions by posting valuable comments,sharing information or raising queries on various health issues.Social media can be used in some ways to communicate healthinformation including gathering data or information concerningpatient opinions and experiences (Brunton & Nissenbaum, 2015).Correspondingly, there has been sharing of health promotions andgiving out health education to various parties that are not part ofhealthcare team through social media. In other cases, employees havemanaged to initiate online sessions and consultations between them,patient and other healthcare professional.
Socialmedia is one of the most ubiquitous technological orienteddevelopments in the society. As such, the huge amount of informationis shared daily and thus necessary laws have been put in place toensure that patient information is not shared unnecessary or withoutclient consent (Vermesan, 2014). Sharing of any customer informationincluding inoffensive-seeming post violates patients’ rights andthus is subject to prosecution in the court of law. The healthinstitutions that may breach such laws are at risk of penalties or asprovided for by health Accountability Act of 1996. However, some gapsexist primarily when it comes to the inability of the health careinstitution to safeguard client information by enabling access tomeaningful customer information to untrusted employees (Harwood,2015).
Noprecise and universal mechanism could apply across the board, andthus more information and research may be necessary. Distributionsuch information raises ethical concerns primarily because suchinformation could be distributed online thus exposing the medicalcondition of various clients. Health information system can thusgenerate opportunities for meaningful social change that may threatenexistence and distributions of obligations, rights, and power (Doaket al., 2014). Ethical breach leads to health risks resulting to hugepenalties. Institutions should identify reputable agencies especiallythe ones handling data, should clearly expose employees to rigoroustraining and invest in competent contemporary technologies and humanresources to preventing ethical issues.
Contractingnew companies that are capable integrating assembling anddistributing information has created a new gap in informationsecurity because health organizations are not satisfied that suchinformation will be adequately safeguarded (Brunton & Nissenbaum,2015). A good example is big data and cloud computing. Thus, healthinstitutions should encourage high professional standards whenhandling client information. Gaps in addressing professional issuesarise from the fact that no precise mechanism stipulates the hiringprocedures that that may assist to isolate unethical employees. Highprofessional standard ought to be maintained in handling patient dataincluding medical history, symptoms, procedures, diagnoses andoutcomes (Brunton & Nissenbaum, 2015). High professionalstandards can be ensured through subjecting employees to rigorousscrutiny during hiring, training and setting up competent measuresduring practice.
Obstaclesencountered securing data found on social network platforms
Theobstacles include the fact that there is a lot of information that iscapable of being shared within a very short period. Benson et al.(2016) argue that these large health data and information can beleaked before any countermeasure has been decided. Many of theresponses will only come in when damage has already been done. Somehealthcare institutions do not have strong social mediastrategy/policy in that employees are left loose and then urged tobecome responsible and ambassadors of the healthcare brand. Withoutclear rules, parameters and objectives a disaster may arise. Otherinstitutions lack established social media team with rigorouslytrained staff who care able to discourse the needs of the patientwhile remaining committed to the healthcare organization policy onsocial media (Doak et al., 2014). Other obstacles include threatsfrom hackers, the multiplicity of mobile applicationsindistinguishably linked to massive advancement in technology,compliance issues and huge competition among popular social networks.
Recommendsecurity strategies to safeguard data on social network platforms
Varioussecurity strategies have been recommended to protect data that may beleaked through social media platforms. According to Brunton &Nissenbaum (2015), avoiding application and ads that pop up isvaluable because cybercriminals can use them hack individuals’network and obtain valuable data. Similarly, portable devices andcomputers should be fully protected by installing dependable andtrustworthy security solution which can be able to scan through theaccount, recognize weak confidentiality settings and wipe them out.Careful consideration of the videos, images as well as otherinformation that individuals may decide to publish (Doak et al.,2014). The images may be copied and deposited in various individuals’accounts, and then they may be used later for other functions.Likewise, mobile phones and computers should not be left open orunattended such that other individuals could access them.
Equally,people should log out when they are not using their accounts andshould not allow programs to remember passwords. Other protectivemeasures include authentication of contacts, use of aliases,understanding social media brands’ privacy settings, avoid postingpersonal addresses or contact details and avoiding using brand emailwhen establishing a personal socializing account (Benson et al.,2016). Other additional recommendations include the fact thatpseudonyms ought to be used, understand social media brands’privacy settings appropriately, avoid posting personal addresses orcontact details, avoid using brand email when establishing a personalsocializing account and avoiding disclosing personal information orpersonal profile.
Roleof government and quasi-government agencies have in implementingpolicy regarding social media and mobile applications
Governmentand quasi-government agencies play various roles in theimplementation of policies relating to the use of social media andmobile applications and in health information management. Socialmedia platforms ought to adhere to the existing laws and ideals thatthe government has put in place to ensure that consumer andhealthcare brands are protected (HHS.gov U.S. Department of Health &Human Services. 2015). Some of the ways include the fact that usersmust be approved. Social media users ought to be approved by thesuitable communication office and or the existing platform.Government agencies such as Federal Commission dealing withcommunication direct the social media platform to disengageunapproved individuals (HealthIT.gov, 2013). The Commission alsoauthorizes equipment including mobile devices and other portabledevices. Similarly, the Commission establishes technical guidelinesand rules that guide Wi-Fi among other networks. Food and DrugManaging Agency ensure that mobile applications that do not meet therequirement are recommended for further development (Czarnecki &Dietze, 2017). The agency also recommends the application`sexpectations that should be met by the manufacturer to protect thepatients from any potential harm.
Thefederal commission dealing with trade works to protect consumers fromdeceptive, fraudulent and unfair trading practices (HealthIT.gov,2013). The commission notifies the customers on potential datasecurity breach including in all matters health issues. Further, thecommission share novel policies with the social media platforms onemerging issues and engage them in educating clients on theirobligation to comply with the established regulations (HHS.gov U.S.Department of Health & Human Services. 2015). The departmentdealing with health, civil right, and human services is mandated bythe government to ensure that security and privacy of patients areprovided. For instance, health care institution must always ensurethat patients’ electronic transactions are safeguarded andmaintained confidentially unless the patient approves otherwise(HealthIT.gov, 2013). The particular rule also places restrictionsregarding ways in which entities may disclose or use the securedhealth information.
Nonetheless,the commission is balanced and flexible to permit disclosures whenthe essential information is required for such function as paymentpurposes and treatment (HHS.gov U.S. Department of Health & HumanServices, 2015). Correspondingly, the Commission carries out theinvestigation of the alleged raised complaints and shares theinformation with authorities concerning any possible breaches. It mayalso impose penalties for confirmed violations sometimes going up to$50,000 for a single violation and annual sum of $1.5 million in thecase of confirmed multiple violations for an offense of theequivalent standard (HealthIT.gov, 2013). Other ways in which thegovernment and the quasi-agencies act includes branding, issuingcopyright, offering guidelines on licensing and relevant terms andconditions, soliciting and enforcing compliance from the members ofthe public. Moreover, the government conducts the impact assessmentand takes appropriate step to punish the social media provider whenbreaches to rights have been investigated and confirmed (Czarnecki &Dietze, 2017). The guidelines are central to the preservation offederal records. Federal records include records related the ways inwhich social media is being utilized.
Implicationfor further research
Althoughnumerous areas have been reviewed in the research, various areasrequire further research. They include introspection into ways inwhich information that has been allocated to other organization forstorage can be protected from distribution to malicious individuals.Contracting new companies that are capable integrating assembling anddistributing information has created a new gap in informationsecurity because health organizations may not be satisfied that suchinformation will be adequately safeguarded. Health institution maynot have the capacity to store all the information regarding clients,and thus data storage companies have to be brought on board. In 2013law reviews provided guidelines on hiring where excessive inquiry onpersonal details such as social media passwords was denied. There isthe need for further studies to enquire on the more reliablemechanism that stipulates the process of hiring procedures that thatmay assist to isolate unethical employees.
Handlingof portable devices, medical social accounts and other informationregarding clients requires competent personnel from rigorous andinclusive hiring procedures, yet the available information regardinghiring is fragmented. Moreover, there is the need for further studieson the impacts of the economy on the information management. Althougheconomics have had huge impacts on the information management systemin particular on the ability enhance acquisition of competentinformation systems, it is still unclear whether initial acquisitioncost is more significant than the maintenance cost. If initial costis the most important variable, then more funds should be directedtowards initial installation. Besides, if maintenance cost is themost significant, then more resources should be directed towardsmaintenance. There is need to carry out more research with the aim ofestablishing the strategies that exist in the process of identifyingand investing in the competent information systems. The reason isthat more satisfactory devices and applications software are valuablein the course of handling patients’ data. For instance, theSecurityCenter uninterrupted view and Nessus mentioned in thisresearch, form part of the comprehensive range of competentapplications, valuable in safeguarding patients’ information.
Managingpatient information has enormous ethical implications and thusrequires well-informed leaders to facilitate decision making. One ofthe ethical challenges facing information system is to preventunethical loss of patients’ confidential information. In theprocess of making the decision, leaders always face dilemmas whenresolving different issues regarding patients. Unethical breaches ofpatients’ information are costly to the health organization andalso lead to loss of reputation of the healthcare organization. Suchmatters need to be determined with all factors put intoconsiderations because they may lead to costly legal consequences tothe healthcare brands if they are not handled with care. Distributionof whichever client’s information including inoffensive postviolates patients’ rights and thus is subject to prosecution in thecourt of law.
Lawsuitslead to loss of reputation to the health institution, and hence merebreach may be very destructive. The health organizations that mayviolate such laws are at risk of penalties or as provided for byhealth Accountability Act. Moreover, professional standards ought tobe maintained when handling mobile and other portable devicescontaining patients’ information such that the information does notleak to other individuals. High professionalism is also requiredmanaging patient data including medical history, symptoms,procedures, diagnoses and outcomes. High professional standards couldbe enhanced through subjecting employees to the laborious examinationwhen contracting or hiring, training and setting up competentmeasures during practice.
Considerableeconomic investment in computer and mobile applications, portabledevices, information systems is valued to protect patients’significant information. Security challenges posed by portable deviceand application platforms include the inability of institutions tomanage and control their use and sharing files which contain valuablepatient information by employees thereby breaching confidentialityconcerns. Mobile and other portable devices may provide downloadedmalware disguising as a utility, game or security patch. Such malwaremay be used to intercept consumer information leading to unintendedexposure. Recommended security solution include utilizing adequatesecurity when sending and receiving health data and information onpublic Wi-Fi networks disable file-sharing applications, updatesoftware and research applications before downloading.
Socialmedia channels are inevitably inescapable and significant forhealthcare growth, timely sharing of information and obtainingfeedback on the level of patient satisfaction. Nevertheless,necessary measure ought to be put in place to safeguard patientinformation in that the information does not leak through socialmedia. Obstacles include threats from hackers, the multiplicity ofmobile applications indistinguishably linked to massive advancementin technology, compliance issues and huge competition among popularsocial networks. Government and quasi-government agencies playvarious roles in implementing policies surrounding the use of mobileapplications and social media in health information management. Suchfunctions include approval, investigation, ensuring compliance amongothers.
Benson,V., Tuninga, R., & Saridakis, G. (2016). Analyzing the strategicrole of social networking in firm growth and productivity.
Brunton,F., & Nissenbaum, H. F. (2015). Obfuscation:A user`s guide for privacy and protest.Cambridge, Massachusetts London, England: The MIT Press
Carlton,E. L., Jadhav, E. D., & Jr, J. W. H. (2015). Leadingpeople – managing organizations: Contemporary public healthleadership.S.l: Frontiers Media SA.
Chell,D., Erasmus, T., Colley, S., & Whitehouse, O. (2015). Themobile application hacker`s handbook.Indianapolis, IN: John Wiley & Sons
Czarnecki,Christian. & Dietze, Christian. (2017). ReferenceArchitecture for the Telecommunications Industry: Transformation ofStrategy, Organization, Processes, Data, and Applications.Springer Verlag.
Doak,L. G., Doak, C. C., In Fischhoff, B., In Brewer, N. T., In Downs, J.S., & United States. (2014). Communicatingrisks and benefits: An evidence-based user`s guide.Silver Spring, MD: U.S. Dept. of Health and Human Services.
Harwood,M. (2015). SecurityStrategies in Web Applications and Social Networking.Burlington: Jones & Bartlett Learning, LLC.
HealthIT.gov.(2013, January, 31). MobileDevices Roundtable.Retrieved fromhttps://www.healthit.gov/policy-researchers-implementers/overview-federal-role-mobile-health
HHS.govU.S. Department of Health & Human Services. (2015,August, 31). Policiesthat Apply to Social Media.https://www.hhs.gov/web/social-media/policies/index.html?language=es
ICCSA(Conference), & In Gervasi, O. (2015). Computationalscience and its applications — ICCSA 2015: 15th InternationalConference, Banff, AB, Canada, June 22-25, 2015, Proceedings.
Rowitz,L. (2014). Publichealth leadership: Putting principles into practice.Burlington, Mass. : Jones & Bartlett Learning,
Vermesan,O. (2014). Internetof things applications – from research and innovation to marketdeployment.Place of publication not identified: River Publishers.
Wager,K. A., Lee, F. W., & Glaser, J. P. (2013). Healthcare information systems: A practical approach for health caremanagement.San Francisco: Jossey-Bass.
Weaver,C. A., Ball, M. J., Kim, G. R., & Kiel, J. M. (2016). Healthcareinformation management systems: Cases, strategies, and solutions.Cham : Springer.
No related posts.