A lot of examination concerning security issues in the healthcare sector has been made from different perspectives. Medical information that is very confidential has been leaking out due to lack of proper healthcare management systems (O'Carroll, 2003). In respect to this fact, this research paper aims at reviewing the contemporary state information security as well as privacy in the healthcare sector. This review will be a success as a result of a full coverage on research methodologies such as design, quantitative, and qualitative research.
Information systems in the health sector are viewed as the important aspects as well as factors that would improve the health services and reduce the cost of these services. According to a study conducted by RAND, it clearly showed that such area as the US has a chance of saving $81 billion on an annual basis by shifting to universal electronic record which is a part of the information systems. It is clear that after the study, the government in this region has pushed a lot to the adoption of this system in the health sector (Goldschmidt, 2005). As a result, there is evidence that there has been a great percentage absence of adequate security in the use of these systems. Consequentially, there have been numerous data breaches where patients were being left in exposure to all economic threats, social stigma, as well as mental anguish. There is a lot of concern from many patients in the world on the websites that have taken a fair-haired chance of sharing their health information to the public without their permission (Lakoff, & Collier, 2008). Such allegations and perception from the patients are geared to by the fact that medical disclosures hold the second position in the breach. In respect to all these health threats, privacy in health information has been established seeking to ensure that the security of patients is ensured. In the past years information security has become the most well established area in the field of information system .There has been adoption of many theories linked into this area from reference areas such as sociology that seeks to examine information security risk and administration. Economic theories have not been left behind in respect to decisions based on investments where information governance has not been left behind. There has been a lot of research on the information security, but surpassingly there has been very little study on the health care security risk in the health sector.
It is clear that there has been a lot of work done by Anderson seminal on security issues in the health sector (Anderson, 2004), many scholars as well have been examining security issues from different angles. In the recent years there has been an increased enactment on HIPAA as well as emergence of web based health care applications that have turned the concentration of researchers towards the patient’s security. Yet, there is too little attention on information security risk economics. For example, there is very little attention on financial menace that arises from medical identity theft as well as healthcare fraud.
Statement of Problem
Privacy and security are two key governing principles between the patients and the physicians. In this case, patients are required to give out all their information in concern to their health conditions to their physicians so that they can be diagnosed and receive treatments easily, and in the process prevent unfavorable drug interactions. However, patients may refuse to give out crucial information in case of health problems. Such actions are triggered to by the fact that they may lead into social stigma as well as human discrimination may be in the working environment or simply by family members. For example, HIV patients whereby their health information accumulates of personal information that includes, identification, medical diagnosis, treatments, dietary habits, employment information, mental state among others(Mercuri, 2004). The health sector in respect to these challenges has been in the front line in the implementation of the modern technology in order to shun away all these problems .Adoption of these healthcare system securities has not been an easy task, but has been faced by so many challenges
The health sector has been the first ones to adopt these systems in their operations. Once there is an introduction of a new technology, there is so much that is not known about that system and which present them with time. Once these issues are not addressed, they may nullify all gained advantage from the adoption of the system. Sometimes security that is inherent in information technology may link to such liability. As the health sector adopted this system earlier, the facility will at times find itself assuming security vulnerabilities that are intrinsic, and which the industry is not aware of, or it is not yet conversant with it (Maryland Health Care Commission, 2008) .
Another challenge in implementation of this system is that many vendors in health care information technology focus are on health services and have no or very little concern on security risks. There are a lot of government mandates that are affecting this positive shift and there are many systems that were designed and installed without a concern on security issues. This problem is supplemented to by the fact that those who purchase these systems have no knowledge on the underlying technologies and security matters contained within their implementation.
When there is offering of a multiple health services in a facility, there is a chance of large number of desperate systems being implemented. It results into a challenge in maintaining good information technology standards in their support (Wager, Lee, & Glaser, 2005). Another thing is that once there is need for interoperability between such systems it will be hard to do it in a secure way. Whenever there are so many systems being used in a simultaneous way it makes it difficult to maintain a grasp on all the needs as well as issues presented by the system. It brings in a challenge in ensuring security as there is often a lot of pressure in a quick implementation and maintenance of the system thus security regulation remains an afterthought.
Once information healthcare security system has been implemented it becomes interdependent at a fast rate and is relied upon by the staff. Therefore, choreograph of patches upgrades as well as any other security efforts to the system are required making it hard for experts to address security issues in more than one system.
Finally, physical security is important in the healthcare sectors since most of their areas are publically accessible. All healthy care facilities key concern is to ensure that they provide resources to both patients and families in the process of improving their overall comfort. Many of these resources are based on computer and are in a position of posing much more risk to the overall security of the facility. Therefore, the challenge here is on how such a facility will provide patients with these necessary resources and at the same time protecting critical systems
In the process of handling confidential information, it sounds an ethical for any individual, or even an organization to disclose private medical information to strangers. For example, in the case of HIV and Aids patients, this may cause the social stigma (Wager, Lee, Glaser, & Wager, 2009). As a result, a system that is highly sophisticated is the best to ensure that this information remains secure and is accessible to the relevant persons only. The organization who places these systems in the healthcare sectors are faced with the above discussed challenges and maintenance of ethical conformance with the system. They should ensure that there are clearly stated rules that those who will be maintaining the system has to follow in order to ensure that they do not leak the information contained in the system to strangers. It will act as a source of information power and a key to prosperity among those who have access to the information. Developments of information systems contain also both political and social relationships and ethical considerations will be made possible. The system should be user friendly and not contradicting and access to the system should be easy. In the process of transferring data, the whole procedure needs to be closely monitored. In conclusion, it is clear that the process of developing and use of these systems in the health care sector requires both legal and ethical decisions in order to maintain a balance in the needs and rights of everyone in the facility (Stahl, 2004).
Healthcare system security is a newly defined security measure in the health facilities. They can be used as catalysts in the facility to act as wide-ranging security measures. New inventions have brought a lot of security consciousness to the whole population at large. The system developers are required to provide relevant information to the users so that they will make the working environment far much friendly with these systems (Kemp, 2007). Events that take place in the whole world these days regarding healthcare issues call a lot of attention to the physical security. A culture has developed in which there are so much increased litigations in respect to privacy rights that has raised a lot of awareness to liabilities which have a link to failure.
Most of the healthcare facilities have problems due to the developed culture in their operations. As a result, it is clear that these facilities require a strong information technology system. Such requirements are a paramount importance to these systems. Despite the presence of viruses and worms as well as distributed denial attacks on these information systems, it interferes with the smooth running of these systems in many organizations. These facts have raised the urge for education and training among the system users as well as raising much awareness on the need to provide information security as a way of maintaining availability of the system (Pinkowski, 2008). Finally, budget stability in these facilities is another added advantage following the fact that health care facilities remains unsusceptible in respect to all economic fluctuations making the departmental budgets stable. It is clear that when it comes to other companies making budgetary adjustments that are huge the healthcare sectors are not a subject to such alarming factors.
According to a research conducted by Eric Johnson on the security and privacy in the health care has shown that a lot needs to be done to ensure security recently has turned to be an issue of great importance. It has been triggered to introduction of so many activates that requires a better healthcare information system security. Some of these activates include digital patient records, an increase in regulation urge for information exchange between medical experts and patients. The research aims at exposing the security deficits that have been caused by lack of a good system to store patient’s information in the health sector. Research has shown that patient information leaks and even causes stigma among patients. The research came up with a flow chart showing how information flows in a health care. According to the research, there is lot that is conducted by patient health records apart from diagnosis and treatment necessities. For example, information may be important in the creation of efficiency in a health care system. The research showed that there is need for a patient’s record to be presented to a payer organization in order to justify payments for the services rendered among other crucial activates. Therefore, the research goes ahead and recommends adoption of an information system security.
In conclusion, the research did a thorough research on the existing body of knowledge on the issues of security and privacy in the health sector. There has been a span of different research domains among theme being on health regulatory conformity. This research review has indentified that informatics in health and legal computer science have taken in many methodologies such as research design, both qualitative and quantitative methods of research in the process of examining different aspects of privacy and security in the health sectors. Many scholars has shown a lot concern in the security and privacy of patients health information although very little has been published in this area and in concern with the unique security manned in the healthcare sector. Researchers believe that there is an increasing necessity for information security as well as an increased needed as well in the managerial insights to all these problems. Therefore, these security concerns create an opportunity that is an exceptional for debate and a cross fertilization in the information system research society. These facts show that there is a great need for a substantial need for new ideas in order to guide practitioners in this sector all through this time there is a call to a significant change in the healthcare industry.
The main of this research paper was to try to analyze the problems that arise due to lack of an effective and efficient system that can handle the patient’s information document. There is clear evidence that the health care sector has been on the frontline in the adoption of new technological aspects in its line of operation. As a result, these positive moves have faced a lot of challenge from in terms of implementation and adoption of their operations. It increases the cost of operation as there has to be training of staff in order to adopt them. There has to be an assortment that they will endow security to the information and documents of the patients. It is also clear that there is yet to an established information system that has guaranteed security of information in the health sector as it is expected by the involved stakeholders. This research paper has indentified that, irrespective of an increased number of scholars on the matters of healthcare information security there is so little that has been published so far. Therefore, there still a lot that requires to be done in order to make healthcare information system security a success in ensuring security in the health sector. Introduction of these systems in the health care aims at ensuring that all the problems that result with information leakage are solved.