Healthcare Information Systems
Abstract
In some quarters, it has been argued that the successful establishment of a working healthcare information system is a difficult task. This text seeks to discuss the overall process of establishing a program that secures health information. It is important to note that the establishment of such a program is a real transformation of an entity. With this in mind, it is important for future users as well as management to be involved in the establishment process. This text also addresses the goals of this program as well as how these goals can in one way or the other become operational. Lastly, this text brings out the components of a security program and why each component is essential.
Introduction
In healthcare, information security is a vital component. Indeed, some healthcare institutions have come across as falling short when it comes to the security of health information. The threat of unauthorized persons gaining access to health information hence remains real and as a result, there is need for healthcare institutions to embrace security, audit and control measures when it comes to information manageable.
Establishing the program
According to Peltier (2002), the process of establishing a program that secures health information requires an all inclusive approach. That is, everyone from the users all the way to the top level management must be involved in the process of establishing a program that secures health information. Various authors and experts have identified several steps that should or must be followed for the successfully establishment of an information security program. To begin with, there is a need for an assessment as well as evaluation of the baseline. This assessment can be undertaken by the management in consultation with the various stakeholders as far as the healthcare information system is concerned. Kairab (2004) argues that an evaluation of this nature is not only important but also crucial for purposes of coming up with what needs to be changed or modified as far as the existing security program is concerned. Shoddy or scanty review of what is in place can in fact affect the implementation of the program and thwart future initiatives to improve or modify the same. An analysis of the program in place needs to be informed by a careful analysis of its strength and weaknesses in the light of the prevailing circumstances. Bayuk (2007) notes that the prevailing circumstances that must be taken into consideration include but are not limited to the various security issues the entity may find itself facing as at that time.
An assessment of the security program in place as at that moment according to Kairab (2004) should be followed by a development of the information systems program in the light of the various organizational goals. For example, the development of the information systems program should and /or in one way or the other be informed by the existing need to protect the information of a client from access by unauthorized parties.
Next, the assessment phase should be followed by the awareness creation. The awareness creation should and indeed must adopt an organization wide approach if indeed the process of establishing a program that secures health information is to be successful. It is indeed important to note that all those who will be affected in one way or the other by the establishment of the program should be considered in the awareness creation. This is in line with managing the transition process well as well as ensuring that he implementation phase goes on smoothly. In fact, there have been cases whereby individuals become resistant to change, any form of change, and with that try to sabotage the implementation process. It is hence only prudent to adopt an all inclusive approach in establishing a program that serves to secure health information. Here, the target audience should be identified and the various security policies to be adopted explained to them.
Next, the implementation process should follow. The implementation process should also be an all inclusive exercise but it should be noted that the top managers should take the lead as amongst other things, they are largely involved with resource allocation and the implementation process might turn out being resource intensive (Bayuk 2007).
The next step in establishing a program that secures health information is the monitoring stage. The management can consider coming up with a special unit charged with the monitoring and evaluation of the security program. Peltier (2002) argues that monitoring is extremely important as deviations can be identified early and corrective measures taken promptly. The monitoring stage is also critical when it comes to the identification of the various risks and threats that may hinder the successful establishment of a program that secures health information. It is also important to note that monitoring makes it easier to address all the set objectives by properly observing the organizational security policies.
The program’s goals
The central goal of the information security program is, an indeed should be the enhancement of information security in the concerned entity. This is in line with ensuring that access to any information concerning the patient and other organizational records are accessed by only those who are authorized top do so. It may also be important to keep in mind that the absence of such a program may place the health institution and its workers at the risk of legal proceedings. The other goals of this program include an enhancement of the entity’s credibility as far as information security is concerned. The benefits that may accrue from the enhanced credibility as Kairab (2004) notes cannot be underestimated. These benefits include but are not limited to improved efficiency, enhanced patient royalty etc.
To operationalize the goals discussed above, the establishment of the program that serves to secure health information should be informed by these goals at every stage of the said establishment. That is to say that identification of the goals should be done at the initial stages and as time goes on, align the process to the organizations established goals. It should also be noted that the various components of the security program should be in one way pr the other be married to the goals for them to become fully operational.
The security program components
There are a number of components that make up a security program. This includes processes, people and technology. When it comes to the implementation of the security program, these components are vital. First and foremost, as Peltier (2002) argues, if there are no people to implement the security program, then it doesn’t make sense to even think of establishing it. That is why in the earlier sections of this text, I talk of involving all the individuals at the various organizational levels in the security program establishment process. The management should provide guidance in the establishment, implementation as well as maintenance initiatives with regard to the security program in addition to formulating the policies necessary to ensure that the information systems in place address the prevailing or current needs of the organization. It goes without saying that proper development of the roles and responsibilities is essential for all those who will in one way or the other come into contact with the security program
Technology is also another crucial component of the security program. It is important to note that technology is critical when it comes to establishment and/or development of controls. Controls are absolutely necessary to ensure that the security program runs on smoothly and is insulated from misuse. One way to ensure that the various controls are adequate is through periodic auditing of the information systems. I should however be noted that auditing alone is not conclusive when it comes to securing health information. To further enhance effectiveness of the security programs, technology comes in handy. When all the systems have been fully automated, the entity can from then onwards embark on making massive savings on various fronts. When it comes to operation of the technology Kairab (2004), recommends that it be left to the various departments according to their requirements or needs when it comes to processing information. The technology to be applied should allow limited access to information. According to Johns (2002) users can access information in a number of ways. These are influenced by the user’s location, rights of access as well as resource availability.
Processes constitute the other component of a security program. For there to be working controls, processes are vital. The organization should ensure that it adopts the right security processes when it comes to security programs. Bayuk (2007) notes that security processes include all those things that an entity might or should adopt for purposes of accomplishing the set objectives as well as ensure an effective program implementation. The importance of processes when it comes to a security program cannot be underestimated as they happen to be invaluable in the risk control as well as maintenance of the availability and integrity of data. Processes can also be of use in the accountability and confidentiality measurement.
Conclusion
It is important to note that the main purpose of the information security program is to protect information in a healthcare setting so as to limit any unauthorized access by people who may use such information for adverse purposes. The successful development or establishment of an information security program must in one way or the other be informed by a set series of steps. These steps are vital if the program established is to secure health information. In this line, the initial step which is the assessment of the baseline is critical for the identification of the inherent strengths as well as weaknesses. Next follows the identification of the entity’s goals so as to align them with the program. This is also a crucial step when it comes to operationalizing the goals. The third and fourth steps include implementation and monitoring respectively. It goes without saying that people, technology as well as processes are important components of the security program.
References
Bayuk, J. (2007). Stepping Through the InfoSec Program. ISACA
Johns, M.L. (2002). Information management for health professions. Cengage Learning
Kairab, S. (2004). A practical guide to security assessments. Auerbach Publications
Peltier, T.R. (2002). Information security policies, procedures, and standards: guidelines for effective information security management. Auerbach Publications
Is this your assignment or some part of it?
We can do it for you! Click to Order!
