A REVIEW OF INFORMATION SECURITY POLICIES AND PROCEDURES FOR HEALTHCARE SERVICES.

Jonathan Kissi, Baozhen Dai, Joseph Owusu-Marfo, Isaac Asare Bediako, Maxwell Opuni Antwi, Benedicta Clemency Adzo Akey

Abstract


The emergence of information threats calls for strong information security management system in the healthcare industry. Privacy of data is viewed as a key governing principle of the Client–Physician relationship. Data leaked in the healthcare industry are crucial to both client and healthcare facility.  Healthcare information and data should be protected from active and passive attacks and secured from annihilation by illegal access and unwanted interruption. This paper considers the causes of threats in the healthcare information management system (HIMS), and recommends the appropriate information security policies, procedures and safeguard techniques to be used in the healthcare industry. A review of related extant literature regarding HIMS, causes of threats and the security controls was conducted. The results on the analysis of the data reviewed showed that, though several works have been done on the HIMS and its associated threats, but few studies focused on security safeguards policies. This influenced the researchers to emphasize more on the security safeguards techniques to be used in the healthcare industry to obtain optimal information security control on clients’ data. Our research seeks to recommend practical measures to be implemented by Health Service Administrators rather than treating information leakage as a technological quandary under the Health Information Officers.


Full Text:

PDF

References


Appari, A, and Johnson, ME. Information Security and Privacy in Healthcare: Current State of Research. International Journal of Internet and Enterprise Management 2010; 6(4): 279-314.

Sanghyun P., and Kyungho L., “Advanced Approach to Information Security Management System Model for Industrial Control System,” The Scientific World Journal, vol. 2014, Article ID 348305, 13 pages, 2014. doi:10.1155/2014/348305

J. Said, “Information Security : Risk , Governance and Implementation Setback,” Procedia Econ. Financ., vol. 28, no. April, pp. 243–248, 2015.

Sang H. K.,, Kyung H. Y., and Sunyoung P., “An Integrative Behavioral Model of Information Security Policy Compliance,” The Scientific World Journal, vol. 2014, Article ID 463870, 12 pages, 2014. doi:10.1155/2014/463870

T. Ermakova, B. Fabian, S. Kelkel, T. Wolff, and R. Zarnekow, “Antecedents of Health Information Privacy Concerns,” Procedia - Procedia Comput. Sci., vol. 63, no. Icth, pp. 376–383, 2015.

K. M. Kuo, C. C. Ma, and J. W. Alexander, “How do patients respond to violation of their information privacy?,” Heal. Inf. Manag. J., vol. 43, no. 2, pp. 23–33, 2014.

Abdelhak M, Grostick S, Hanken MA (eds) (2012). Health information management of a strategic resource, 4th edn. Elsevier 2015.

Brender J. Handbook of evaluation methods for health informatics. MA: Elsevier Academic Press; 2006.

Amatayakul M. Electronic health records: A practical guide for professionals and organizations. American Health Information Management; 2007.

Gans, D., Kralewksi, J., Hammons, T., & Dowd, B. Medical groups’ adoption of electronic health records and information systems. Health Affairs 24: 1,323-1,333 (2005).

A. R. Ahlan and B. Isma, “User Acceptance of Health Information Technology ( HIT ) in Developing Countries : A Conceptual Model,” Procedia Technol., vol. 16, pp. 1287–1296, 2014.

S. Bhartiya, D. Mehrotra, and A. Girdhar, “Issues in Achieving Complete Interoperability while Sharing Electronic Health Records,” Procedia - Procedia Comput. Sci., vol. 78, no. December 2015, pp. 192–198, 2016.

Terry, A, Chesworth, B, Stolee, P, Bourne, R, Speechley, M. Joint Replacement Recipients´ Post-Surgery Views about Health Information Privacy and Registry Participation. Health Policy 2008; 85: 293-304.

Gagnon MP, Simonyan D, Ghandour EK, Godin G, Labrecque M, Ouimet M, Rousseau M. Factors influencing electronic health record adoption by physicians: A multilevel analysis. Int J Inform Manage 2016;36:258-70.

Pourasghar F, Malekafzali H, Koch S, Fors U. Factors influencing the quality of medical documentation when a paper-based medical records system is replaced with an electronic medical records system: an Iranian case study. Int J Technol Assess Health Care 2008;24:445-51.

Narayana G., Universiti S., Physical C., and View S., “Security threats categories in healthcare information systems Health Informatics, Health Infor Journal”no. September, 2010.

Halliday, Sharon, Badenhorst, Karin, Solms, Rossouw von. A business approach to effective information technology risk analysis and management. Information Management & Computer Security.Bradford:1996.Vol.4,Iss.1: 19-31

T. Mather, S. Kumaraswamy, S. Latif, Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, O’Reilly Media, Inc., 2009.

Bansal, G, Zahedi, F, Gefen, D. The Impact of Personal Dispositions on Information Sensitivity, Privacy Concern and Trust in Disclosing Health Information Online. Decision Support Systems 2010; 49(2): 138-150.

Terry, A., Chesworth, B., Stolee, P., Bourne, R., Speechley, M. Joint Replacement Recipients´ Post-Surgery Views about Health Information Privacy and Registry Participation. Health Policy 2008; 85: 293-304.

Fitch, C.J. and Adams, C. (2006) ‘Managing mobile provision for community healthcare support: issues and challenges’, Business Process Management, Vol. 12, No. 3,

Hodge, J.G., Gostin, L.O. and Jacobbson, P.D. (1999) ‘Legal issues concerning health information: privacy, quality, and liability’, Journal of American Medical Association, Vol. 282, No. 15, pp1466–1471.

Ancker, J, Silver, M, Miller, M, Kaushal, R. Consumer Experience and Attitude toward Health Information Technology: A Nationwide Survey. American Medical Informatics Association 2012; 1: 152–156.

Anderson, C, Agarwal, R. The Digitization of Healthcare: Boundary Risks, Emotion, and Consumer Willingness to Disclose Personal Health Information. Information Systems Research 2011; 22(3): 469-490.

Ohno-Machado, L., Silveira, P.S.P. and Vinterbo, S. (2004) ‘Protecting patient privacy by quantifiable control of disclosures in disseminated databases’, International Journal of Medical Informatics, Vol. 73, Nos. 7–8, pp.599–606.

Win KT. Web-based personal health record systems evaluation. Int J. Healthcare Technol Manage 2006;7(3–4):208–17.

Mandl, K.D., Szolovits, P. and Kohane, I.S. (2001) ‘Public standards and patients’ control: How to keep electronic medical records accessible but private’, British Medical Journal, Vol. 322, No. 7281, pp.283–287.

J. Kissi, B. Dai, K. B. Boamah, J. Owusu-marfo, and I. Asare, “An Integrated Cloud Based Platform for Managing Employees Pension Schemes : The Case of Ghana .,” vol. 8, no. 1, 2018.

T. Ermakova, B. Fabian, and T. Ermakova, “Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios Security and Privacy System Requirements for Adopting Cloud Computing in Healthcare Data Sharing Scenarios,” no. August, 2013.

Knut H., Srdan D., and Knud B., “Proposal for a Security Management in Cloud Computing for Health Care,” The Scientific World Journal, vol. 2014, Article ID 146970, 7 pages, 2014. doi:10.1155/2014/146970

B. T. Rao, “A Study on Data Storage Security Issues in Cloud Computing,” Procedia - Procedia Comput. Sci., vol. 92, pp. 128–135, 2016.

O.D. Alowolodu, B.K. Alese, A.O. Adetunmbi, O.S. Adewale, O.S. Ogundele, Elliptic curve cryptography for securing cloud computing applications, Int. J.Comput. Appl. 66 (2013).

P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology,” Nist Spec. Publ., vol. 145, p. 7, 2011.

C. Wang, Q. Wang, K. Ren, N. Cao, W. Lou, Toward secure and dependable storage services in cloud computing, IEEE Trans. Services Comput. 5 (2)(2012) 220–232

Reddy, V. Krishna, B. Thirumala Rao, and L. S. S. Reddy. "Research issues in cloud computing”. Global Journal of Computer Science and Technology 11.11 (2011).

Duncan, Adrian, Sadie Creese, and Michael Goldsmith. "Insider attacks in cloud computing." Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012.

Khorshed, Md Tanzim, ABM Shawkat Ali, and Saleh A. Wasimi. "A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing." Future Generation computer systems 28.6 (2012): 833-851.

Patel, Ahmed, et al. "An intrusion detection and prevention system in cloud computing: A systematic review." Journal of Network and Computer Applications 36.1 (2013): 25-41.

A. Andrieux, K. Czajkowski, A. Dan, K. Keahey, H. Ludwig, T. Nakata, J. Pruyne, J. Rofrano, S. Tuecke, M. Xu, Web services agreement specification.

S. Marston, Z. Li, S. Bandyopadhyay, J. Zhang, A. Ghalsasi, Cloud computing the business perspective, Decis. Support Syst. 51 (1) (2011) 176–189.

C. S. Kruse, B. Smith, H. Vanderlinden, and A. Nealand, “Security Techniques for the Electronic Health Records,” 2017.

Jannetti, M.C., Safeguarding patient information in electronic health records. AORN J. 100(3):C7–C8, 2014.

Liu, V., Musen, M.A., and Chou, T., Data breaches of protected health information in the United States. Amercian Journal Medical. Assoc. 313(14):1471–1473, 2015. doi:10.1001/jama.2015.2252.

Tejero, A., and de la Torre, I., Advances and current state of the security and privacy in electronic health records: Survey from a social perspective. J. Med. Syst. 36(5):3019–3027, 2012.

Amer, K. Informatics: Ethical use of genomic information and electronic medical records, J. Am. Nurses Assoc. 20(2), 2015.

Wang, C.J., and Huang, D.J., The HIPAA conundrum in the era of mobile health and communications. JAMA. 310(11): 1121–1122, 2013.

Lemke, J., Storage and security of personal health information. OOHNA J. 32(1):25–26, 2013.

Lee, H.C., and Chang, S.H., RBAC-matrix-based EMR right management system to improve HIPAA compliance. J. Med. Syst. 36(5):2981–2992, 2012.

Chen, H.M., Lo, J.W., and Yeh, C.K., An efficient and secure dynamic id-based authentication scheme for telecare medical information systems. J. Med. Syst. 36(6):3907–3915, 2012.

Masi, M., Pugliese, R., and Tiezzi, F., Security analysis of standards-driven communication protocols for healthcare scenarios. J. Med. Syst. 36(6):3695–3711, 2012.

Pisto, L., The need for privacy-centric role-based access to electronic health records. J. Health Life Sci. Law. 7(1):79–112, 2013.

Sittig, D., and Singh, H., Electronic health records and National Patient-Safety Goals. N. Engl. J. Med. 367(19):1854–1860, 2012.

Vockley, M., Safe and secure? Healthcare in the Cyberworld. J Biomed. Instrum. Technol. 46(3):164–173, 2012.


Refbacks

  • There are currently no refbacks.