The increase in the use and complexity of technological assets in the healthcare sector has been on the rise in the recent past. Healthcare practitioners have moved from recording data manually to keeping Electronic Health Records. This eases the accessibility and the availability of data to the health practitioners. Further, electronically stored data makes it possible for patients to receive high quality and error-free care, improve decision making process because medical history is available and also makes it possible to provide safer and more reliable information for medication. Despite, the numerous advantages that the use of technology in healthcare has, there is also a threat of patients data leakage that lingers around. According to a research by Garrison and Posey (2012), medical identity theft has far more consequences in comparison to the typical identity theft. In average, every medical theft case can cost $20,000, and represents a substantial privacy violation. For this reason and more, it is important for healthcare institutions to protect patient data by securing technological assets within the institution. This article will explore the different methods used to secure the technological assets, with an emphasis on mobile devices.
The first method is limiting access to the electronic health records to only a few individuals. According to Gajanayake et al.(2014) suggests that there are different models of limiting access to the records. The first step is to ask for authentication, this will prompt them to verify their identity. This could be achieved by giving the authorized individuals unique passwords for identification and also by performing biometric scans of the individuals. This step will eliminate the possibility of unauthorized access to the technological access. The second step is to limit the type of information that one is supposed to access. This could be made possible using certain access models. Examples of models that have been proposed include Discretionary Access Control (DAC),Mandatory Access Control (MAC) and Role Based Access Control (RBAC). The DAC restricts access to certain commands such as’ write’, ‘read’ and ‘execute.MAC controls access by assigning information different levels of security levels. RBAC is based on the rights and permission that depend on the roles of an individual. These models normally apply to the security of electronic data. Other assets such as the hardware could be protected physically by limiting authorization to their storage rooms and also limit the location in which they are expected to be used at. Limiting access ensures that those that are not authorized to access the information are locked out of the database.Hence, this is an important strategy in protecting patients’ data.
The second method is through carrying out regular audits on the electronic system and the individuals handling the technological assets. Audit controls record and examine the activities that involve access and use of the patients’ data. This can be integrated into the Electronic Health Record (EHR) system or used to monitor the physical movements of the individuals that have access to the records. In addition, HIPAA requires that all health institutions that use the EHR system should run audit trails and have the necessary documentation of the same (Hoofman & Podgurski,2007). Some of the information collected during audits includes the listing of the content, duration and the user. This can be recorded in form of audit logs which makes it easy to identify any inconsistencies in the system (Dekker &Etalle ,2007). Further, monitoring of the area where the hardware have been placed for used should be done. This can achieve by use of recorded video, which monitors the activities of individuals who use the system. This can also be audited regularly and any inconsistencies noted (Ozair et al., 2005) Carrying out audits of the technology assets of the healthcare institution will help to monitor the daily use of the system which will enable the identification of any abnormal activities that may endanger patients’ data.
The third method is the setting up of policies and standards that safeguard the patients’ data. These policies may vary from one institution to another. For instance, the employees should be prohibited against sharing their passwords and ID and they should always log out their accounts after accessing the system. The authorized individuals would also be properly trained about these so that they are aware of their importance. In addition, these policies should be accompanied by consequences which will impact the users. This will ensure that they follow the policies to the letter. The set of policies and standards are to ensure uniformity in the protection of patients’ data (Ozair et al., 2005).
The fourth method that could be implemented to protect patients’ information is through the application of various security measures to the software and the hardware. The software can be protected through encryption of data, using firewalls and antivirus software’s to prevent hackers from accessing the data. Intrusion detection software can also be integrated into the system. These measures will protect the data from individuals who intend on hacking into the system online and accessing information for malicious purposes. The hardware could be protected by placing security guards at different stations where patients’ data is stored so that he ensures that no unauthorized person gets access to the area or no one tampers with the system or steals it. This step will ensure that the hardware is kept safe from intruders and people with malicious intent.
Protecting patient data starts with the software systems that house the data. The databases that warehouse patient data must be limited to only those who need access and access to each record must be logged and routinely audited at a minimum. Data should only reside where necessary. This means that data should not be stored on devices, at rest. For Apple devices, device management tools such as the Casper Suite from JAMF Software both help to keep end users from moving data out of the software that provides access patient data, and in the case of inadvertent leakage of data onto unprotected parts of devices, devices should be locked or wiped in case of the device falling outside the control of a care giver. Finally, the integrity of devices must be maintained, so jailbroken devices should not be used, and devices and software on devices should always be kept up-to-date, and strong security policies should be enforced, including automatic lock of unattended devices and strong password or pin code policies applied.
In summary, the protection of patients’ data in this technological era should be given a priority. In consideration of the frequency and losses that are experienced due to leakage or loss of private patients’ information, more should be invested in maintaining privacy and confidentiality of data. This can be achieved through controlling access to the electronic data and the gadgets that hold it, carrying out regular audits on the access of the system, creating policies and procedures that ensure that data is secures and finally through, putting in security measures that guard against loss and leakage of the information. All these measures will aid in alleviating the risk of patients’ data and maintaining their privacy and confidentiality which is the main agenda.
Dekker, M. A. C., & Etalle, S. (2007). Audit-based access control for electronic health records.Electronic Notes in Theoretical Computer Science
Hoffman, S., & Podgurski, A. (2007). Securing the HIPAA security rule. Journal of Internet Law, Spring
Garrison, C. P., & Guy Posey, O. (2012). MEDICAL IDENTITY THEFT: CONSEQUENCES, FREQUENCY, AND THE IMPLICATION OF ELECTRONIC HEALTH RECORDS AND DATA BREACHES. International Journal of Social Health Information Management
Gajanayake, R., Iannella, R., & Sahama, T. (2014). Privacy oriented access control for electronic health records. electronic Journal of Health Informatics
Ozair, F. F., Jamshed, N., Sharma, A., & Aggarwal, P. (2015). Ethical issues in electronic health records: A general overview. Perspectives in clinical research
krypted June 29th, 2016
Posted In: Apple Configurator, Business, iPhone, Mac OS X, Mac OS X Server, Small Business
DAC, iPad, iPhone, mobile, RBAC, Securing patient data
I’ve been thinking a lot about content strategy and the why and when of how articles are posted. I’ll keep writing whatever I want, whenever, often times based on what I happen to be working on at that moment. In other words, I actually have no content strategy for krypted, and I don’t feel the need to implement one. But at least I explored it, thought about it, and got a few notes down for friends who do want one, or are thinking about it. That article went up on Huffington Post yesterday at http://www.huffingtonpost.com/charles-edge/the-importance-of-having-_2_b_9563304.html
. A snippet of the article:
Search engine optimization (SEO) involves strategies and techniques that, when used properly, increases the amount of people that come to your website via search engines, like Google, Yahoo, and Microsoft Bing. Getting enough content, and more importantly the right content, on your site is your content strategy. As a business owner you always need to try new, interesting, and interactive ways to promote your company. And one of the best things you can do is to create a good content strategy for your organization’s website.
A business owner, or marketing employee in a small business is likely to wear a lot of hats. In large companies, there are often teams of people creating, editing, releasing, and strategizing what content to create on a website. How does a smaller organization compete for a similar audience? A good content strategy at a small business can help keep you focused and provide a unique experience to your readers. You can get material out faster than if articles have to pass through multiple layers of approval before going public. Timely pieces can mean getting to audiences before the competition can catch up. And having a personable and authentic voice can keep readers coming back to your site.
Click here to read more…
Not only does a good content strategy allow you to take your business to the next level, but it also offers a wide range of other benefits, as you can see below!
The one point I didn’t think to make was once you have a good content strategy in place, it becomes much easier to outsource the creation of content. You can bring in professional content creators (writers). And then you can hopefully just edit their work. I’ve never had the greatest of luck with that, so I just keep writing stuffs. But I know a lot of people who have, and a lot of people that do this work, and do it really… really… well!
krypted March 30th, 2016
Posted In: Articles and Books, Interviewing, Mass Deployment, Product Management, public speaking, Small Business
blogging, content strategy, SEO, Writing
I wrote an article for CBSPulse called “10 IT Resolutions To Consider For Your Small Business”:
Every company at some point needs to harness its technology. These days, a good Internet connection and some smart choices will have any company humming along with tools that help the business.
But it’s also important to reevaluate your strategy from time to time to ensure that you are making the most from your processes and investments. As 2016 continues to speed along, now is great time to step back to identify what’s working and what can be done better. The following are ten resolutions for small businesses to consider as you look for new ways to improve upon, save money from, and benefit from your IT.
Continue reading at http://cbspulse.com/2016/02/23/10-it-resolutions-consider-small-business/
krypted February 26th, 2016
Posted In: Articles and Books, Small Business
2016, IT, small business
I published an article with VMblog.com with my (and Bushel’s) predictions for how small businesses will leverage the cloud in 2016.
In today’s increasingly mobile world, more and more small businesses are taking advantage of the cloud, as 72 percent indicate they use mobile apps in their business, with roughly 38 percent reporting they could not survive – or it would be a major challenge to survive- without mobile apps, says a recent survey report.
Given this trend, here’s a look at what cloud-connected small and medium-sized businesses can expect in the year ahead:
Read the predictions here…
krypted December 17th, 2015
Posted In: Articles and Books, Bushel, cloud, Small Business
small business cloud projections for 2016