Term Paper on "Health-Care Data at Euclid Hospital"

Term Paper 10 pages (3766 words) Sources: 1+

[EXCERPT] . . . .

And helps in protecting the privacy of the patient. Since healthcare is a multidisciplinary process, a UPI facilitates the integration and the availability of critically needed information from multi-disciplinary areas and multiple care environments. Thus, the integrity and security of the patient information is dependent on the use of reliable UPI. (Part Four: Privacy, Confidentiality & Security)

d. Health Insurance Portability and Accountability Act (HIPPA)

The Health Insurance Portability and Accountability Act -- HIPAA of 1996 has been enacted with the following objectives -- Guarantee and ensure health insurance coverage of the employees; Lower the incidence of healthcare fraud and abuse; Initiate and implement simplifications at the administrative level so as to enhance functionality and efficiency of the healthcare system; Protection of health information of individuals against accessibility without consent or authorization. The manner in which HIPAA impacts the healthcare sector is through the Covered Entities or CEs. Covered Entities as defined within the meaning of the Act consists of health plans, healthcare clearing houses, and healthcare providers who are responsible for transmitting health care information in electronic form in association with certain standard transactions. (Security and Privacy: An introduction to HIPAA)

HIPAA defines standards as a set of transactions being carried out in the electronic format concurrently allowing any non-standard paper form for these transactions. HIPAA's security standard would be applicable to health care information which is electronically maintained or transmitted. The approved privacy standar

Continue scrolling to

download full paper ⤓

d holds good for individually identifiable health information which is transmitted or maintained in any form viz oral, written or electronic known as the Protected Health Information -- PHI. Therefore HIPAA is considered as the continuous process for standardization of the digitization of the healthcare information within the U.S. Making it compulsory for patient records to be transmitted over digital network might compromise patient privacy.

To deal with this apprehension, the Department of Health and Human Services built a standard set of security & privacy regulations to which the CEs must comply and they must be HIPAA-compliant. Becoming HIPAA compliant implies to combine the security functionality which technology can provide within the relevant policies and processes. These security needs will comprise of a combination of administrative and technical measures covering four main categories which are "administrative processes, physical safeguards, technical security services, and technical security mechanisms." (Security and Privacy: An introduction to HIPAA)

III. Security Fundamentals

As a general scenario, any type of security program for health information must fulfill three key objectives like protecting the informational privacy of the patients; ensuring informational integrity; and informational availability for the appropriate individuals in a timely manner. These objectives can be attained through the establishment of good information and security organization and the implementation and coordination of several security strategies. (Johns, 327)

a. Protecting Informational Privacy

Protecting informational privacy is very crucial as there are a lot of threats to it. Usually, the frequent procedures employed to compromise security of the system are (a) unauthorized user activity (b) unauthorized individuals gaining access through hacking (c) unprotected downloaded files and (d) use of Trojan horses. (Johns, 328)

(i) Unauthorized User Activity: When authorized users of the system gain access to data areas which they are unauthorized to access, it results in unauthorized user activity. This occurs due to poor access control, password sharing or ineffective procedures to terminate the system access by past employees. By far, the greatest threat comes from the past employees as also the present employees who compromise data integrity deliberately. Besides there are also instances of human error in data posting or virus attacks. Apart from the threat of insiders, there is a larger threat of hackers who bypasses the computer system's access control by capitalizing on the security hole. And the modus operandi of the hackers is to use unauthorized user passwords. (Johns, 328-329)

(ii) Downloaded Files: Downloaded files pose an additional danger to data confidentiality from a secure area to an unprotected area. Usually data is downloaded from a host computer to a standalone computer or LAN to help in the process of the data locally. These downloaded files have the possibility for getting copied to disks and distributed without knowledge to unauthorized users or outsiders. Moreover such files may reside unprotected in a LAN setting where the security measures are not as robust as in the case of a Mainframe setting. (Johns, 329)

(iii) Trojan Horses: Informational privacy is also compromised by the use of Trojan horses which is a computer program employed by hackers and others who intrude into systems and performs malicious functions without the knowledge of the user. Data security can be affected as a Trojan horse has the capability of copying confidential files to unprotected areas of the system. By staying alive on the user's system, the Trojan horse program can regularly copy confidential files to a system area where the intruder has access. (Johns, 329-330)

(iv) Informational Privacy Models: Access Control model is one of the most common security models which is used to ensure informational privacy among the various models. Each of these models employs various methods to classify data, users and processes and implements techniques to restrict data access. Access control model performs the following functions: It categorizes data according to sensitivity; classifies data users and gives permission to read and write data; and mandates the types of operations which might be performed on the data. Likewise Euclid's data residing in various systems has been classified as 'public', 'internal use only', 'confidential' 'restricted' and 'registered confidential'. (Johns, 330)

(b) Protecting Data Integrity

Systems that deal with electronic information have to guarantee that unauthorized modification to the information cannot be made without being getting noticed. Any time healthcare information is being used or is communicated electronically, there has to be a guarantee about the accuracy of the information. Due to this authorized alterations must be detected and methods available to safeguard the integrity of data while being electronically communicated. In order to assure informational integrity, at Euclid there is a system-independent mechanism which provides proof against unauthorized modification with every individual object. Besides, HIPAA stipulates to provide proof of the data integrity by way of mechanisms like "checksums, Cycle Redundancy Checks -- CRCs, double keying, message authentication codes or use of digital signatures." (Security and Privacy: An introduction to HIPAA)

(c) Ensuring Data Availability

This entails ensuring Data Availability to the right user at the right time, which is a must for a security program. Data unavailability can result from either Denial of Service -- DOS or due to loss of data processing functions arising from natural disasters or from user's actions like malicious attacks. DOS normally happens due to system intrusion; for instance, the introduction of a worm into system network which has the effect of degrading the system and rendering normal functions to be unavailable to the users. (Johns, 331-332)

IV. Establishing a Security Program

The need for data security programs and the development of organizational structures to support these programs is being recognized by the healthcare organizations presently. An increased dependence on harnessing the power of Information Technology as also that of comprehending the information repository is an organizational asset. Euclid's intensive care facilities are highly dependent on automation. A major part of the financial management information systems that includes accounting and financial management systems are being automated. Further fundamental core functions like registration, admission, discharge, and transfer -- RADT systems have also been automated. (Johns, 333)

(a) Components of a Security Program

At Euclid, the data security programs are concerned not just with the technological issues and methods, but also with human resource issues as well. Besides, the foremost principle for establishing a security program is that the security organizational structure, technological controls and polices and procedures being executed should be able to fulfill the needs of the organization. (Johns, 335)

(i) Determining the scope of the security program: An efficient security program must be sufficiently wide to include all of the automated information systems within the organization. It must take the inventory of the systems across the enterprise -- including the identification of the hardware, software applications and networks within Euclid as a preliminary analysis for the identification of the security program. After taking the inventory, a risk assessment is performed which comprises identifying the part played by each one of the information systems within Euclid; the manner in which it is vital to the overall functioning of Euclid and the undesirable impact on the organization in the event of a breach of security. (Johns, 335)

(ii) Security Program Organization: Euclid has a formal data security organizational structure which is under the Information Systems Department and apart from that there exists within Euclid a formal structure which deals with informational privacy, integrity, or business continuity planning on a wide basis. Further the hospital has the information security structure which is housed within the information systems Department. (John, 336)

(iii) Security Policies, Procedures and… READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Health-Care Data at Euclid Hospital" Assignment:

“

White Paper

Security and Control of Health Data for Euclid Hospital

Euclid Hospital has a longstanding commitment to the Boone County, Texas community. Last year alone, it provided care for 5,320 hospitalized patients, 2,593 surgical patients, and 25, 699 emergency patients. Beyond sheer numbers, it demonstrates daily its commitment to quality care and patient satisfaction. In 2001, Euclid Hospital received a three-year accreditation from the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), the nation’s leading independent standards-setting and accrediting body.

The hospital keeps striving to improve quality and continuously elicits feedback from patients about the care it provides. On a quarterly basis, it compares patient satisfaction scores against prior scores, as well as against other hospitals in the system and hundreds of hospitals in a national database. Consistently, Euclid Hospital achieves high scores, which compare favorably with its peers.

It’s also committed to bringing the community the latest advances in medicine and excellence in patient care, comfort, and convenience. It recently introduced highly advanced surgical interventions and new diagnostic testing capabilities. It also recently renovated and expanded the emergency room with a new outpatient registration area. The hospital has its first-ever contract with Reed Physicians Medical Group, as well as a longstanding relationship with Russell Medical Group.

Euclid Hospital believes it’s important to be a good corporate citizen. Its financial contributions to the local economy exceed $43.5 million annually. Its provision of charity and discounted care totals more than $212 million annually. In addition, it supports and sponsors local community efforts.

In an effort to maintain a successful profile in the local health-care community, the chief executive office (CEO) and the chief information officer (CIO) have some concerns about the legacy information system becoming dated, and may also have concerns about health data security.

As a manager of health information, the CIO asked you to prepare a white paper on the protection of Euclid’s health data. You’ve been instructed that the paper is to be no longer than 10 pages and conventionally reference with timely information.

The CIO has given you this working outline of the minimum topics to be addressed in the paper:

Health-Care Data at Euclid Hospital

Security and Control

A White Paper

I. Introduction – Protecting Health-Care Data

II. Privacy and Confidentiality of Health-Care Data

a. Legislative Protection of Privacy

b. Patient Rights

c. Access to Health-Care Data

d. Health Insurance Portability and Accountability Act (HIPPA)

III. Security Fundamentals

a. Protecting Informational Privacy

i. Unauthorized User Activity

ii. Downloaded Files

iii. Trojan Horses

iv. Informational Privacy Models

b. Protecting Data Integrity

c. Ensuring Data Availability

IV. Establishing A Security Program

a. Components of a Security Program

i. Determining the scope of the security program

ii. Security Program Organization

iii. Security Policies, Procedures and Standards

V. Risk Analysis and Management

a. Risk Analysis

i. Identification of Assets

ii. Evaluating Information Assets

iii. Risk-Analysis Methods

iv. Sample Risk assessment

b. Development of Countermeasures

VI. Conclusions on Protecting Health-Care Information at Euclid Hospital

Reference Book:

Information Management for Health Professions, 2nd Edition, Merida L. Johns

Delmar – Thompson Learning

Chapter 9: Security, Audit and Control of Health Data

(will e-mail this chapter to you as it will be needed to write the white paper)

How to Reference "Health-Care Data at Euclid Hospital" Term Paper in a Bibliography

“Health-Care Data at Euclid Hospital.” A1-TermPaper.com, 2005, https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767. Accessed 28 Sep 2024.

Health-Care Data at Euclid Hospital (2005). Retrieved from https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767

A1-TermPaper.com. (2005). Health-Care Data at Euclid Hospital. [online] Available at: https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767 [Accessed 28 Sep, 2024].

”Health-Care Data at Euclid Hospital” 2005. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767.

”Health-Care Data at Euclid Hospital” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767.

[1] ”Health-Care Data at Euclid Hospital”, A1-TermPaper.com, 2005. [Online]. Available: https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767. [Accessed: 28-Sep-2024].

1. Health-Care Data at Euclid Hospital [Internet]. A1-TermPaper.com. 2005 [cited 28 September 2024]. Available from: https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767

1. Health-Care Data at Euclid Hospital. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767. Published 2005. Accessed September 28, 2024.

Related Term Papers: