Home > Business essays > Information Security And Privacy In Healthcare Management System

Essay: Information Security And Privacy In Healthcare Management System

by

Essay details and download:

  • Subject area(s): Business essays
  • Reading time: 7 minutes
  • Price: Free download
  • Published: 21 June 2012*
  • Last Modified: 23 July 2024
  • File format: Text
  • Words: 1,893 (approx)
  • Number of pages: 8 (approx)

Text preview of this essay:

This page of the essay has 1,893 words.

Information Security And Privacy In Healthcare Management System

Chapter One
General Introduction
1.0 Introduction
The introduction chapter consists of Background of the study, Problem statement, Objective of the study, Research questions, Justification of the study, Scope of the study, Limitations of the study and Organization of the study. Background describes the general and specific issues relevant to the study of Information Security and Privacy in Healthcare Management System. Problem description presents the identified problem that this research discovers. Objective section presents the main goal that motivated me to do this research. Research question section presents the main research question and sub-questions of the thesis. An indication of the significance, rationale, or importance of the study is under justification of the study. Scope of the study delimits the study, provides coverage for it and serves as terms of reference for the research. It is categorized into geographical scope and thematic scope. The limitation of the study will talk about the difficulties and challenges that the research faces in the study, both conceptual and practical. Last but not the least, organisation of the study gives the summary of the table of content or structure of the report as indicated in the thesis layout.

1.1 Background of the Study
Privacy is an underlying governing principle of the patient ‘ physician relationship for effective delivery of healthcare. Patients are required to share information with their physicians to facilitate correct diagnosis and determination of treatment, especially to avoid adverse drug interactions. However patients may refuse to disclose important information in cases of health problems such as psychiatric behavior and HIV as their disclosure may lead to social stigma and discrimination. Over time, a patient’s medical record accumulates significant personal information including identification, history of medical diagnosis, digital renderings of medical images, treatment received, medication history, dietary habits, sexual preference, genetic information, psychological profiles, employment history, income, and physicians’ subjective assessments of personality and mental state among others. The figure 1.1 below shows a typical information flow in the healthcare system. Patient health records could serve a range of purposes apart from diagnosis and treatment provision. For example, information could be used to improve efficiency within healthcare system, drive public policy development and administration at state and federal level, and in the conduct of research to advance medical science. A patient’s medical records are also shared with payer organizations such as insurance, Medicare or Medicaid to justify payment of services rendered by physicians. Healthcare providers may use records to manage their operations, to assess service quality, and to identify quality improvement opportunities.
In healthcare, the patient is the most important actor. According to the Healthcare Act (SFS, 1982), the aim of healthcare is to provide the citizens with good health and with respect to all people’s equal worth and the individual person’s dignity. Hence, one should provide patients with opportunities for the best care, with care decisions based on the right information at the right time, i.e. one should make every effort to obtain as high level of patient safety as possible. Lack of information should not lead to incorrect treatments or unnecessary care activities, such as extra patient visits to the doctors because patient information from a different healthcare organization is unavailable. On the other hand, one must also protect sensitive patient information from being distributed to unauthorized persons, that is, one should strive to maintain patient privacy.
Extended Enterprise

Figure 1.1: Typical Information flow in a Healthcare System
Patient information is thus a critical factor in healthcare and should follow the patient during the whole patient process even if the patient visits more than one healthcare provider, that is, in distributed healthcare. Protecting patient information has always been a high priority within the healthcare domain.
When electronic healthcare records (EHR) are used, the availability of patient information increases. This places new demands on the healthcare sector to maintain a sufficient level of information security. The requirement for strong security is one reason that the implementation of IT in healthcare has been so slow. Consequently, availability of patient information has not always been achieved. All healthcare records have not yet been computerized, but there is much work going on in this area.
Hospitals are organizations which typically process a lot of information daily. Think for instance of the medical information of patients: a typical hospital is visited by thousands of patients each year and for each patient, the hospital needs to store contact details, insurance information, appointments with medical specialists, and a medical data: medical reports, radiography pictures, laboratory results and more.
All this information is processed by various persons within a hospital organization. Medical professionals need to access medical information for effective treatment of a patient; administrative departments need to know which medical operations have been performed to receive reimbursement, et cetera.
The amount of information that hospitals process and the nature of this information make it important that hospitals handle this information with care. Medical information is sensitive information, and hospitals should ensure that this information is processes carefully.
However, AngloGold Ashanti Hospital faces variety of new developments since the past decade, and these developments influence the way the hospital process information. In general, the following developments were observed:
‘ There is an increasing focus on costs and quality of healthcare provided by the hospitals;
‘ Information technology is increasingly used by AngloGold Ashanti Hospital;
‘ Citizens are becoming more aware of privacy issues, resulting in security requirements for the hospital;
‘ AngloGold Ashanti Hospital has certain unique aspects which makes it sometimes difficult to establish effective information security.

1.2 Statement of the Problem
The current developments (introduction of market forces, increased influence of healthcare insurers) in AngloGold Ashanti Hospital have led to a stronger focus on costs and efficiency. Another important development is the increasing usage of information technology in the hospital, which means that more and more information is processed and exchanged via electronic information systems. While this has improved efficiency and the availability of medical information, the usage of these systems has also raised privacy and security issues.
Medical data is very sensitive and needs to be protected against malicious usage. However, on the other hand, it is very important that medical information is available as timely as possible for medical workers, to improve the quality of care provided to a patient and to choose a treatment based on all available information. Both the security and privacy aspects related to this information need to be addressed. On top of this, AngloGold Ashanti Hospital is required to comply with certain security standards and data protection laws.
The above leads to the observation that the hospital faces certain need for effective information security. On one hand, AngloGold Ashanti Hospital is legally obliged to take security measures and protect medical information ‘ the hospital would risk legal action if they do not take enough security measures. Furthermore, the fact that more and more information is processed electronically means that the consequences of security breaches are also larger: more information is exposed to security risks. Another important driver for the need of effective information security is the possibility of negative publicity in case of a security breach.

Figure 1.2: Diagram of the Problem Statement
Figure 1.2 above illustrate the problem(s) of the research.
However, there are other factors that impact the need for information security. As said, the hospital is subject to cost reductions and competition, which means that information security should be cost-effective. Another factor is the specific environment of the hospital: it is reasonable to expect that some security requirements conflict with other interests within the hospital.

1.3 Objectives of the Study
The objective of the research is to study security and privacy issues in AngloGold Ashanti Hospital records management system. Prior to this, both paper-based patient records procedure and electronic patient record procedure will be analyzed to identify their efficiency, the state of security and also possible threats that might challenge both systems. Further, with the rapid advances in the computerization of patient information, question concerning security and privacy protection mechanism of these records has begun to arise. Thus, two recently proposed security mechanisms that claimed to guarantee patients privacy, confidentiality and security will be analyzed and evaluated.

1.4 Research Questions
The research questions that will be explored in this thesis are:
‘ How does paper-based patient records procedure works in AngloGold Ashanti Hospital?
‘ How does an electronic patient record works in AngloGold Ashanti Hospital?
‘ What are the inadequacies of both systems in the hospital?
‘ How can security breach occur to these systems in AngloGold Ashanti Hospital?
‘ What are the proposed security mechanisms to guarantee patients privacy, confidentiality and security, how do these mechanisms work to achieve them and do they really work in AngloGold Ashanti Hospital?

1.5 Justification of the Study
The paper-based patient record seems to be insufficient for meeting the needs of information management challenges. The record that met the needs of medical personnel a century ago has struggle tremendously to adjust over the decades so as to accommodate to new requirements as healthcare and medicine revolutionized. Advancement in Information Technology (IT) has led to the implementation of electronic patient record that supports the ability to electronically record, store, transfer and share patient data. While technology advancement is available to transform healthcare record keeping in many positives ways, security and privacy pose unique concerns. Storing a large amount of sensitive information in electronic databases could open the door to ‘invasion of privacy’ issues that were not as common as with the keeping of paper files. This brings up the question of how security and privacy of computerized patient records will be protected. Since these databases contain intellectual and confidential digitized patient information, they can be subjected to variety of security problems such as theft, destruction, accidental loss and unauthorized disclosure.
Moreover, concerns over privacy and confidentiality issue in hospital records management system are arising. Number of reported cases of security breaches is also increasing. Hence, this research will look into the state of security and privacy in both paper-based and electronic patient record and investigate how threats can take place to both systems in AngloGold Ashanti Hospital. As a countermeasure, the reliability of recently proposed security mechanisms will be studied. These newly proposed security mechanisms claimed that they work to guarantee patients privacy, confidentiality and security. However these mechanisms are new and there is no detailed analysis on them. Therefore, these mechanisms must be continuously analyzed and assessed to justify the soundness of the approaches.
After completion of these thesis, one would have a more detailed understanding of how security breach can occur to AngloGold Ashanti Hospital records management system and hospitals in general, the possible attack methods, and also an indeed analysis on the security of the newly proposed security mechanisms that assert as solutions to securing patient information in electronic version of patient records system.

1.6 Scope of the Study

1.7 Limitation of the Study
(After the end of the of the study)

1.8 Organization of the Study
This thesis structure has been organized as follows; Chapter 1 dealt with introduction, background, problem description, objectives and research questions. Chapter 2, literature review covered patient privacy and data security in electronic patient record systems and related works in this area. Next, methodology chapter presented the methodology used in this study.
Then, in Chapter 4, the empirical settings, data collection and analysis regarding case studies would be presented. In Chapter 5, summary of findings, recommendations and conclusion would be provided.

About this essay:

If you use part of this page in your own work, you need to provide a citation, as follows:

Essay Sauce, Information Security And Privacy In Healthcare Management System. Available from:<https://www.essaysauce.com/business-essays/information-security-privacy-healthcare/> [Accessed 20-04-26].

These Business essays have been submitted to us by students in order to help you with your studies.

* This essay may have been previously published on EssaySauce.com and/or Essay.uk.com at an earlier date than indicated.