Term Paper on "Health-Care Data at Euclid Hospital"
Term Paper 10 pages (3766 words) Sources: 1+
[EXCERPT] . . . .
And helps in protecting the privacy of the patient. Since healthcare is a multidisciplinary process, a UPI facilitates the integration and the availability of critically needed information from multi-disciplinary areas and multiple care environments. Thus, the integrity and security of the patient information is dependent on the use of reliable UPI. (Part Four: Privacy, Confidentiality & Security)d. Health Insurance Portability and Accountability Act (HIPPA)
The Health Insurance Portability and Accountability Act -- HIPAA of 1996 has been enacted with the following objectives -- Guarantee and ensure health insurance coverage of the employees; Lower the incidence of healthcare fraud and abuse; Initiate and implement simplifications at the administrative level so as to enhance functionality and efficiency of the healthcare system; Protection of health information of individuals against accessibility without consent or authorization. The manner in which HIPAA impacts the healthcare sector is through the Covered Entities or CEs. Covered Entities as defined within the meaning of the Act consists of health plans, healthcare clearing houses, and healthcare providers who are responsible for transmitting health care information in electronic form in association with certain standard transactions. (Security and Privacy: An introduction to HIPAA)
HIPAA defines standards as a set of transactions being carried out in the electronic format concurrently allowing any non-standard paper form for these transactions. HIPAA's security standard would be applicable to health care information which is electronically maintained or transmitted. The approved privacy standar
download full paper ⤓
To deal with this apprehension, the Department of Health and Human Services built a standard set of security & privacy regulations to which the CEs must comply and they must be HIPAA-compliant. Becoming HIPAA compliant implies to combine the security functionality which technology can provide within the relevant policies and processes. These security needs will comprise of a combination of administrative and technical measures covering four main categories which are "administrative processes, physical safeguards, technical security services, and technical security mechanisms." (Security and Privacy: An introduction to HIPAA)
III. Security Fundamentals
As a general scenario, any type of security program for health information must fulfill three key objectives like protecting the informational privacy of the patients; ensuring informational integrity; and informational availability for the appropriate individuals in a timely manner. These objectives can be attained through the establishment of good information and security organization and the implementation and coordination of several security strategies. (Johns, 327)
a. Protecting Informational Privacy
Protecting informational privacy is very crucial as there are a lot of threats to it. Usually, the frequent procedures employed to compromise security of the system are (a) unauthorized user activity (b) unauthorized individuals gaining access through hacking (c) unprotected downloaded files and (d) use of Trojan horses. (Johns, 328)
(i) Unauthorized User Activity: When authorized users of the system gain access to data areas which they are unauthorized to access, it results in unauthorized user activity. This occurs due to poor access control, password sharing or ineffective procedures to terminate the system access by past employees. By far, the greatest threat comes from the past employees as also the present employees who compromise data integrity deliberately. Besides there are also instances of human error in data posting or virus attacks. Apart from the threat of insiders, there is a larger threat of hackers who bypasses the computer system's access control by capitalizing on the security hole. And the modus operandi of the hackers is to use unauthorized user passwords. (Johns, 328-329)
(ii) Downloaded Files: Downloaded files pose an additional danger to data confidentiality from a secure area to an unprotected area. Usually data is downloaded from a host computer to a standalone computer or LAN to help in the process of the data locally. These downloaded files have the possibility for getting copied to disks and distributed without knowledge to unauthorized users or outsiders. Moreover such files may reside unprotected in a LAN setting where the security measures are not as robust as in the case of a Mainframe setting. (Johns, 329)
(iii) Trojan Horses: Informational privacy is also compromised by the use of Trojan horses which is a computer program employed by hackers and others who intrude into systems and performs malicious functions without the knowledge of the user. Data security can be affected as a Trojan horse has the capability of copying confidential files to unprotected areas of the system. By staying alive on the user's system, the Trojan horse program can regularly copy confidential files to a system area where the intruder has access. (Johns, 329-330)
(iv) Informational Privacy Models: Access Control model is one of the most common security models which is used to ensure informational privacy among the various models. Each of these models employs various methods to classify data, users and processes and implements techniques to restrict data access. Access control model performs the following functions: It categorizes data according to sensitivity; classifies data users and gives permission to read and write data; and mandates the types of operations which might be performed on the data. Likewise Euclid's data residing in various systems has been classified as 'public', 'internal use only', 'confidential' 'restricted' and 'registered confidential'. (Johns, 330)
(b) Protecting Data Integrity
Systems that deal with electronic information have to guarantee that unauthorized modification to the information cannot be made without being getting noticed. Any time healthcare information is being used or is communicated electronically, there has to be a guarantee about the accuracy of the information. Due to this authorized alterations must be detected and methods available to safeguard the integrity of data while being electronically communicated. In order to assure informational integrity, at Euclid there is a system-independent mechanism which provides proof against unauthorized modification with every individual object. Besides, HIPAA stipulates to provide proof of the data integrity by way of mechanisms like "checksums, Cycle Redundancy Checks -- CRCs, double keying, message authentication codes or use of digital signatures." (Security and Privacy: An introduction to HIPAA)
(c) Ensuring Data Availability
This entails ensuring Data Availability to the right user at the right time, which is a must for a security program. Data unavailability can result from either Denial of Service -- DOS or due to loss of data processing functions arising from natural disasters or from user's actions like malicious attacks. DOS normally happens due to system intrusion; for instance, the introduction of a worm into system network which has the effect of degrading the system and rendering normal functions to be unavailable to the users. (Johns, 331-332)
IV. Establishing a Security Program
The need for data security programs and the development of organizational structures to support these programs is being recognized by the healthcare organizations presently. An increased dependence on harnessing the power of Information Technology as also that of comprehending the information repository is an organizational asset. Euclid's intensive care facilities are highly dependent on automation. A major part of the financial management information systems that includes accounting and financial management systems are being automated. Further fundamental core functions like registration, admission, discharge, and transfer -- RADT systems have also been automated. (Johns, 333)
(a) Components of a Security Program
At Euclid, the data security programs are concerned not just with the technological issues and methods, but also with human resource issues as well. Besides, the foremost principle for establishing a security program is that the security organizational structure, technological controls and polices and procedures being executed should be able to fulfill the needs of the organization. (Johns, 335)
(i) Determining the scope of the security program: An efficient security program must be sufficiently wide to include all of the automated information systems within the organization. It must take the inventory of the systems across the enterprise -- including the identification of the hardware, software applications and networks within Euclid as a preliminary analysis for the identification of the security program. After taking the inventory, a risk assessment is performed which comprises identifying the part played by each one of the information systems within Euclid; the manner in which it is vital to the overall functioning of Euclid and the undesirable impact on the organization in the event of a breach of security. (Johns, 335)
(ii) Security Program Organization: Euclid has a formal data security organizational structure which is under the Information Systems Department and apart from that there exists within Euclid a formal structure which deals with informational privacy, integrity, or business continuity planning on a wide basis. Further the hospital has the information security structure which is housed within the information systems Department. (John, 336)
(iii) Security Policies, Procedures and… READ MORE
Quoted Instructions for "Health-Care Data at Euclid Hospital" Assignment:
White Paper
Security and Control of Health Data for Euclid Hospital
Euclid Hospital has a longstanding commitment to the Boone County, Texas community. Last year alone, it provided care for 5,320 hospitalized patients, 2,593 surgical patients, and 25, 699 emergency patients. Beyond sheer numbers, it demonstrates daily its commitment to quality care and patient satisfaction. In 2001, Euclid Hospital received a three-year accreditation from the Joint Commission on Accreditation of Healthcare Organizations (JCAHO), the nation’s leading independent standards-setting and accrediting body.
The hospital keeps striving to improve quality and continuously elicits feedback from patients about the care it provides. On a quarterly basis, it compares patient satisfaction scores against prior scores, as well as against other hospitals in the system and hundreds of hospitals in a national database. Consistently, Euclid Hospital achieves high scores, which compare favorably with its peers.
It’s also committed to bringing the community the latest advances in medicine and excellence in patient care, comfort, and convenience. It recently introduced highly advanced surgical interventions and new diagnostic testing capabilities. It also recently renovated and expanded the emergency room with a new outpatient registration area. The hospital has its first-ever contract with Reed Physicians Medical Group, as well as a longstanding relationship with Russell Medical Group.
Euclid Hospital believes it’s important to be a good corporate citizen. Its financial contributions to the local economy exceed $43.5 million annually. Its provision of charity and discounted care totals more than $212 million annually. In addition, it supports and sponsors local community efforts.
In an effort to maintain a successful profile in the local health-care community, the chief executive office (CEO) and the chief information officer (CIO) have some concerns about the legacy information system becoming dated, and may also have concerns about health data security.
As a manager of health information, the CIO asked you to prepare a white paper on the protection of Euclid’s health data. You’ve been instructed that the paper is to be no longer than 10 pages and conventionally reference with timely information.
The CIO has given you this working outline of the minimum topics to be addressed in the paper:
Health-Care Data at Euclid Hospital
Security and Control
A White Paper
I. Introduction – Protecting Health-Care Data
II. Privacy and Confidentiality of Health-Care Data
a. Legislative Protection of Privacy
b. Patient Rights
c. Access to Health-Care Data
d. Health Insurance Portability and Accountability Act (HIPPA)
III. Security Fundamentals
a. Protecting Informational Privacy
i. Unauthorized User Activity
ii. Downloaded Files
iii. Trojan Horses
iv. Informational Privacy Models
b. Protecting Data Integrity
c. Ensuring Data Availability
IV. Establishing A Security Program
a. Components of a Security Program
i. Determining the scope of the security program
ii. Security Program Organization
iii. Security Policies, Procedures and Standards
V. Risk Analysis and Management
a. Risk Analysis
i. Identification of Assets
ii. Evaluating Information Assets
iii. Risk-Analysis Methods
iv. Sample Risk assessment
b. Development of Countermeasures
VI. Conclusions on Protecting Health-Care Information at Euclid Hospital
Reference Book:
Information Management for Health Professions, 2nd Edition, Merida L. Johns
Delmar – Thompson Learning
Chapter 9: Security, Audit and Control of Health Data
(will e-mail this chapter to you as it will be needed to write the white paper)
How to Reference "Health-Care Data at Euclid Hospital" Term Paper in a Bibliography
“Health-Care Data at Euclid Hospital.” A1-TermPaper.com, 2005, https://www.a1-termpaper.com/topics/essay/security-control-health-data/27767. Accessed 28 Sep 2024.
Related Term Papers:
Strategic Marketing and Health Care Research Paper
Healthcare Strategic Marketing
Marketing in the healthcare sector is an interesting endeavor to engage in, given that healthcare is considered an integral part of an individual's daily maintenance of his/her… read more
Research Paper 4 pages (1174 words) Sources: 0 Topic: Healthcare / Health / Obamacare
Healthcare Reform Lowering Costs in Health Care Essay
Healthcare Reform
Lowering costs in Health Care
Changes in the Health Care Act have sought to lower the costs of health care for Americans. Reports made available indicate that the… read more
Essay 3 pages (918 words) Sources: 0 Topic: Healthcare / Health / Obamacare
Health Care System Essay
Health Care System
There are many factors that have affected the development of the health care system in the U.S. These include a larger number of baby boomers needing services,… read more
Essay 3 pages (1117 words) Sources: 3 Topic: Healthcare / Health / Obamacare
Health Care Drivers for Increased Medicaid Funding Research Paper
Health Care Drivers for increased Medicaid funding: A study in the United States.
The Per capita health care spending has increased to about 2,814 in 1990 to more than $7,000… read more
Research Paper 10 pages (3735 words) Sources: 1+ Topic: Healthcare / Health / Obamacare
Healthcare Management Information Systems Telemedicine Research Paper
Healthcare Management Information Systems
Telemedicine
Telemedicine can be traced far back in the 1960 when the National Aeronautics and Space Administration (NASA) provided health care to it astronauts Bashshur &… read more
Research Paper 10 pages (3032 words) Sources: 10 Topic: Healthcare / Health / Obamacare
Sat, Sep 28, 2024
If you don't see the paper you need, we will write it for you!
We can write a new, 100% unique paper!