Establishing security standards that protect patient data is an important step in the database design process. Protecting the confidentiality of personal health information is not optional; it is mandated under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA violations can result in both fines and legal consequences. Failing to protect private information can also damage a health care organization’s reputation as well as result in the loss of patients’ peace of mind.
For this Discussion, you consider the clinical information systems presented in the case studies below and identify the security and integrity problems and risks that need to be addressed.
A busy academic hospital has grown rapidly and acquired multiple clinical information systems that interface with each other. Physicians and practitioners require access to each system and frequently have workflows that require access to multiple systems at the same time. In addition, practitioner responsibilities often require them to complete documentation or access clinical information at home and during off hours.
An increase in the number of clinical research studies and the use of undergraduate students as research assistants for subject recruitment was perceived as a risk for a medium-sized academic hospital. Students were enrolled at the hospital-affiliated university but still required a credentialing process to be able to access clinical areas of the hospital and clinical systems. The hospital wants to meet IRB and HIPAA research regulations, and to exceed HIPAA’s minimum necessary principle.
As a large multi-specialty academic medical practice, providers are often utilizing laptop computers and mobile devices in patient care and research-related activities. Tracking, securing, and managing the numerous devices to mitigate loss, theft, or other breaches is important to the enterprise.
Gaff, B. M., Smedinghoff, T. J., & Sor, S. (2012). Privacy and security. Computer, 45(3), 8–10.
Retrieved from the Walden Library databases.
Privacy regulation and the protection of sensitive information are still inconsistently established and enforced. This article addresses the legal issues surrounding database security. It also evaluates protection methods that are the most effective