Information systems have been adopted in many modern organizations since they facilitate efficient and effective service delivery. Health care organizations have also not been left behind. Hospitals have implemented information systems that are used to store and access patients’ data on the fly to facilitate monitoring of treatment progress. Many security threats, however, face the information systems. Gordon, Fairhall, and Landman (2017) state that data breaches in health care systems are steadily increasing every year. Their study reported that about 90% of healthcare organizations suffered a data breach from 2015 to 2017. Various techniques have been used by attackers to render the hospital services unusable.
Frequent attacks on health information systems come in the form of Denial of Service attacks. These attacks disrupt the systems by overwhelming them with large data traffics, thus rendering them unusable and can have adversities such as delayed surgery and breach of patient information. The privacy of patients is a sensitive and ethical concern thus warranting proper security measures put in place to prevent this from happening. This article aims to discuss how healthcare organizations can implement an information system that prevents data breach for patients’ records.
Delegate your assignment to our experts and they will do the rest.
The HIS under discussion will be geared towards preventing access of patients records by unauthorized personnel, both on-site and through web hacks. In this case, the hospital should adopt a biometric system with keycard locks as complementary mechanisms. The biometric system will be implemented in the server rooms where all the hospital records will be stored. Access to this room will be limited to only three people to prevent a “he said, she said” scenario that might hinder investigations in case of an unforeseen breach. The three people with access are the hospital supervisor, the chief information technologist, and the principal maintenance personnel.
Moreover, the room’s infrastructure will be designed in such a manner that it will be void of the external environment; an air gap setting. This prevents off-site access to the data by hackers using remote technologies. The room will be situated on the top-level floor of the organization with reinforced doors and windows. The air conditioner and fire suppression systems will be autonomous from the rest of the hospital to prevent vandalism as a way into the server room. Looking at the software side of things, the healthcare staff in the building will each be granted a unique and secret system ID that will be used to log into the hospital information system.
Depending on the staff level, each is only limited to the relevant services applicable to them, with admin access being granted to the chief information technologist. The software will also be responsible for performing self-diagnostic checks to ensure the system is functioning as expected at all times. Inconsistencies in the system will be reported to the chief technologist and the principal maintenance personnel, and corrections promptly made. CCTV cameras will also be installed in the hallways and the external premises to monitor everyone who accesses the facility. Additional security personnel will be necessary to watch the CCTV cameras and to contain potential security threats to the entire facility.
All these measures are present to ensure the organization delivers a sustained quality of service to the patients and also to uphold data that may otherwise result to ethical concerns. A secure system additionally provides patients’ safety. As stated earlier, breaches such as DOS can render hospital services inoperable, leading to delays in services. Delaying services such as surgeries can have severe implications on the patient’s side and can even compromise the safety of the patient. The system will also prevent delays at the triage once a patient checks in, thus promoting patient satisfaction as far as service delivery is concerned.
In every implementation strategy, a steering committee is an essential component since it facilitates the development of the project from start to finish. The roles of the steering committee include but are not limited to providing advice on the budget, identifying potential risks, monitoring the risks, monitoring the quality of the project and defining the project outcomes (Law and Justice Foundation of New South Wales, 2018). All these roles of the steering committee make it a fundamental part of the HIT strategic plan.
The committee members should include members who are familiar with the overall organization goals, as Khatri and Gupta (2016) suggest that a homegrown system achieves better quality when compared to an outsourced one. The committee should comprise the hospital supervisor. The supervisor is a member of the administration panel, thus has the power to either engage in the implementation plan or do away with it. The overall strength lies from soliciting support from the hospital administration. Additionally, the chief information technologist of the hospital is another crucial member since he/she is tasked with designing the system software to the intended specifications. He/she is also responsible for maintenance of the system once put in place.
The maintenance personnel are also viable committee members since the new architectural designs will need to be maintained; thus the designing of the infrastructure lies on them. A representative from the staff will also be vital in assessing the ease of integration of the new system to the work routine. The head of security will also be included since the security personnel plays a vital part in assuring the safety of the facility. All these people have specific skills and responsibilities that are crucial for the successful implementation of the health information system.
References
Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to Information Security—Public Health Implications. New England Journal of Medicine , 377 (8), 707-709.
Khatri, N., & Gupta, V. (2016). Effective implementation of health information technologies in US hospitals. Health Care Management Review , 41 (1), 11-21.
Law and Justice Foundation of New South Wales. (2018). Implementing a project: the role of a steering committee . Retrieved from
www.lawfoundation.net.au/ljf/site/templates/resources/$file/SteeringCommittee.pdf
