Paper on Healthcare Information Technology Security and Privacy

Over the last two decades, the digital revolution has significantly changed the information system in the workplace.Communication devices such as smartphone and computer tablets and electronic records have improved communication, data retrieval, and streamlined healthcare services (University of Cincinnati n.p). In developing countries, there is significant use of mobile health systems, for instance, m-Health, to support public health and primary health systems (Iwaya n.p). However, there is a need for the adoption of stringent legal frameworks to secure electronic data sharing and use without infringing on the privacy of patients.

The traditional health information system had numerous shortcomings that were addressed by the digital revolution in healthcare. Since it was mainly paper-based, information retrieval and storage was cumbersome, slow and stored in a different location (University of Cincinnati n.p). However, the emergence of electronic record system allowed multiple users to access the same documents, in a different place and facilitated fast access and retrieval of information (Ozair n.p).  Besides there enormous benefits, the change came with a significant challenge, concern about information security and privacy. That fear of breach of security and privacy is compounded further by the fact that the adoption of shared health records electronic systems as promoted multiple accesses to the data, even in different demographic locations.

Considerably, breaches in data security through cyberattacks exposes patients personal data and makes them vulnerable to exploitation. For an organization, information system security promotes the company’s reputation and integrity and also makes the public willing to share personal information. Equally, a breach in data security makes the patient more vulnerable and erodes the status of the hospital or company (University of Cincinnati n.p). The primary cause of data breaches is unauthorized data access mainly from malware or cyber-attacks. For instance, in 2017, the server at the Cancer Services Center in Indiana was hacked by organized cybercriminals. Additionally, in 2015, a cyber-attack led to the loss of enormous personal data from Anthem insurance company (University of Cincinnati n.p). Such attacks not only make public vulnerable but also results in financial losses, amounting to more than six billion dollars (University of Cincinnati n.p).

Therefore, to ensure information security and protection of privacy, data protection strategies should be adopted. Data protection strategies are implemented at two levels, the user level, and electronic level. First, to minimize access to the data, there is install user authentication and authorization functionalities at all the stages of collection and access. Such control includes using only encrypted devices, strong login passwords, and control use of the tools, for instance, avoiding the use of personal computers (Ozair n.p). Secondly, employees should be educated on safe data policy and regulations to enshrine the data security culture. Lastly, electronic measures require additional functionality to control access to the system and protection of data, for instance using firewalls, installing and maintaining anti-virus software and limit network access. (Ozair n.p) Additional safeguards include retention of back-up files, monitoring access and logins, data storage and retrieval accountability, anonymizing patient data, and maintaining an audit trail.

Lastly, several legal frameworks have been enacted to regulate the sharing of electronic health information systems. For example, the Health Information Technology for Economic and Clinical Health Act (HITECH) supports the US Department of health mandate to improve health care quality, efficiency, and quality through promoting electronic health records (Healthit.Gov n.p). Furthermore, it addresses a privacy and security concern that is associated with the sharing of electronic medical records, including records on financial transactions (Iwaya n.p). However, in many developing countries, there still exist gaps in legislation that can enforce and regulate electronic data storage and sharing.


Cited Work

University of Cincinnati.”The Importance Of Health Care IT Security And Privacy”. Cahsonline. Uc. Edu , 2019,

Healthit.Gov.”Laws, Regulation, and Policy | Healthit.Gov”. Healthit.Gov, 2019, https:// www. healthit .gov/topic/laws-regulation-and-policy

Ozair, Fouzia F., et al. “Ethical issues in electronic health records: A general overview. ” Perspectives in clinical research6.2 (2015): 73.