Protection of Digital Health Information With Increase

Protection of Digital Health Information

With increase health information technology store access patient information, likelihood security breaches risen. In fact, Canadian Medical Association Journal (CMAJ): In United States, a whopping 97% increase number health records breached 2010-2011

Ensuring that patient information is protected at all times is vital for any health care institution. Patient information records contain sensitive information that can be used for malicious purposes like identity theft, credit card fraud, and leaking of information for malicious intent. The advancement and use of technology has made it easier for patient information to be accessed within the health care facility Shoniregun, Dube, & Mtenzi, 2010.

This increases the speed of service delivery to the patient and improves the care given to the patient. Technology has allowed for the use of portable electronic devices by the healthcare practitioners in entering and accessing patient records and information. Portable electronic devices are small electronic gadgets that can be carried in the pockets, and used when accessing information from any location. Portable electronic devices have multiple functions, and they can also be used for communication purposes. A smart phone is a good example of a portable electronic device, which can be used by healthcare practitioners for entering, accessing, and storing patient information. Having multiple purposes makes the devices prone to security breaches as threats increase with increased usage. The devices been small in size make them easy to get lost or stolen. Stolen devices can be used by unauthorized persons to access the data stored on the devices. The stolen device can also be used to access patient information from the healthcare servers.

Portable electronic devices have made life easier in certain ways, but they have blurred the thin line between play and work. Workers can now use the portable devices for personal uses, which make it risky especially as the devices are used for sensitive information access. Using the devices for personal usage and official use makes the device more prone to attack. Hackers can store malware on the device. The malware could be used to access patient records and information when the practitioner accesses the sensitive patient information. This would lead to a breach of privacy, and it would be unethical. Securing the devices then becomes vital for any healthcare institution that allows for the usage of portable devices in accessing, and storing patient information.

Safeguards ensuring security of patient information

The organization does use electronic devices, but the devices are used only within the healthcare facility. The devices used include smart phones, tablets, and laptops. The healthcare practitioners have individual devices, which ensure that the devices are not shared, and each practitioner is responsible for their device. Allowing each practitioner their own device also protects their own privacy as there is no risk of their personal, or private patient information been accessed by other practitioners. Ensuring the devices are used within the facility protects against any theft or accidental loss, which could result in loss of information or data. Lost or stolen devices could be used to access sensitive patient information that is stored on the device.

There should be administrative safeguards to ensure that healthcare professionals adhere to policies and procedures Green & Bowie, 2005.

These policies and procedures address patient privacy, security, and confidentiality. Having policies will allow the healthcare facility to implement a risk assessment, which would allow the institution to identify any vulnerable areas. Portable devices could be seen as risks due to their portability nature. This would result in necessary measure been undertaken to protect the devices and the data stored on the devices. The risk assessment would also identify if there are any unauthorized access to the patient records.

There should also be physical safeguards that protect the devices and the data held in the devices. The physical safeguards include limiting access to the storage rooms for patient records and the devices. The laptops used by the practitioners should be secured safely to prevent any theft. The portable devices should be monitored to determine who has a specific device. The disposal of such devices should also be monitored. This will ensure that the devices are disposed off without any data or information. The devices should also have security features that prevent unauthorized users from accessing the information stored on the devices.

Technical safeguards are the most vital for the portable devices. Technical safeguards include access controls, audit control, encryption of data, data transmission, and person authentication Winter, Haux, & Ammenwerth, 2011.

Portable devices could be used from any location by anyone who has access to the device. Limiting the usage of the device would ensure that no sensitive information is disclosed to unauthorized persons. Having passwords for all the systems and software that can access patient information should be a standard requirement. Implementing biometric identification could boost the security of the device as biometrics is person specific.

Audit controls would ensure that each access and modification is recorded and could be retrieved to determine all activities. Having a record of all activities carried out using the portable devices would assist in improving security as it would be easier to identify any illegal activity. Audit controls also assist the facility to secure its systems as it has a method of determining if there is any illegal access or activity. Using audit controls the facility can improve is security of data by blocking the offending device. Authentication is required before a person is allowed to update, enter, or access patient information using any portable device. Authentication limits the people who can access patient information and make any changes. Using authentication the facility would ensure that only authorized persons can use the portable devices. It also provides proof that the person is whom they claim. Authentication can also be used to limit the access credentials for healthcare professionals. Healthcare workers have different roles, and using authentication the workers can be restricted to their individual roles when using the portable devices and accessing patient information.