The European Union Health Monitoring Programme - Literature review Example

?Literature Review Risk Assessment in Hospitals Non-profit organizations tend to avoid risk assessments mainly due to insufficiency of funds. If theyallot huge amounts to risk assessment programs, they would find difficulties in their day to day operations. However, risk assessment is vital for hospitals as they deal with a numerous documents including inpatient data, outpatient data, pricing data, hospital room rates, hospital financial data, patient case sheets, medicine stock data, medicine details, length of patient stay and discharge data, staff data, and other administrative and strategic documents. Evidently, the industry is highly vulnerable to information theft more than ever before. In modern healthcare settings, risk factors are impulsive and hence comprehensive risk assessment programs are essential to meet the challenges. According to the current day concept, risk assessment is not simply a precaution but a preventive healthcare approach that mitigates the impacts of a number of risk factors (The National Patient Safety Agency, 2007). Why Risk Assessment It has been stated that “each technical advance brings new security holes” (Rogers, 2011, p. 2). According to the writer, storing data over the internet involves incessant threat from hackers and malware. Burger (2010) describes the Kern medical center’s intense struggle with computer virus to regain its data, for the virus had downloaded ‘tons of porn documents’ and crashed all computers causing great dilemma. The incident has been cited by many experts to show that hospital data is always vulnerable to identity theft. For instance, Fell (2010) also points out that hospital computer systems are under the threat of information theft referring to the mayhem caused by virus at Kern Medical Center. According to the officials of UC Davis Police Department, the author says that "Hospitals are a soft target where a cyber attack can cause a lot of damage quite easily” (as cited in Fell, 2010). Current methodologies and concepts in risk assessment practices along with multiple risk assessment techniques have been well explained by Covello and Merkhoher (1993) in their book Risk Assessment Methods: Approaches for Assessing Health and Environmental Risks. According to Covello and Merkhoher (1993, pp. 3-5), the business environment highly involves intense competition and technical complexity which raise considerable amount of vulnerability risk to organizations of every type. Hence it is important to have a reliable risk assessment program for every firm to ensure the security of their data and other areas of organizational functions. And risk assessment in the view of the writers is “a systematic process for describing and quantifying the risks associated with hazardous substances, processes, action, or events” (Covello & Merkhoher 1993, p.3). Risk Assessment Tools There are certain effective free vulnerability scanning tools that can help non-profit organizations to address this issue. Nessus is one of the most important security vulnerability scanning tools. The website gives very detailed information about the vulnerability scanning tool-Nessus. The site has included several frequently asked questions and their answers along with the basic instructions for its users. A close analysis of Nessus’ official website gives a clear picture of its total functions (Nessus). The relevance of Nessus has been well described in Rogers (2011). According to the author, tools like Nessus have been helping organizations to assess the vulnerability of their systems. It can also be used to check for misconfiguration vulnerabilities like open mail relay and missing patches (p.291). Evidently, Nessus is widely accepted as the most comprehensive vulnerability scanning program available today, for it helps clients to assess the level of their system’s vulnerability to data theft or virus attack (Nessus: online encyclopedia). The website, SecTools.Org conducts regular surveys to identify and list the community’s favorite software through multiple methods including ratings, reviews, searching, sorting etc. It lists top 125 Network Security Tools after reviewing web scanners, password crackers, network sniffers, and exploitation tools and many more. The European Union Health Monitoring Programme (HMP)’s Hospital Data Project (HDP) is an example of how well hospital data could be integrated for the common use in a safe and reliable way. The program intends ‘to develop comparable hospital utilization data and indicators between Member States (MS)’ (HDP, 2003). According to the Hospital Data Project, “hospital data are now required to serve a variety of purposes including supporting activity monitoring, performance measurement, casemix-based funding, service planning, and epidemiological analysis” (HDP, 2003). The data provided this way has become the hub of health information for all its beneficiaries. Risk Factors & Assessment Management The risk factors in modern organizational settings include but not limited to issues associated with internal information transfers and SSH integration. The emerging trends, legal requirements, and challenges associated with internal information transfers and the SSH integration process have been well described by Liu (2011, pp. 90-93) in the book Next Generation SSH2 Implementation: Securing Data in Motion. The author identifies SSH2 as a reliable tool that complies with the latest standards of communication security norms. As Liu (2011, p.92), points out, the popularity of key logging software also raise potential challenges to the security of hospital data According to Sorgente, Fernandez & Petrie (n.d.), “the medical information of a patient is one of the most sensitive types of information”, and its security becomes a matter of high concern as several persons other than a particular medical practitioner deal with the data. Undoubtedly, risk assessment has become an integral part in the operational activities of hospitals in the United States. At the same time, as Keddy, Johnson, & McKerrow (1998) point out, Canadian hospital industry differs from that of the United States in terms of risk assessment practices. According to the authors, the current major issues associated with risk assessment in the US healthcare setting include ensuring health insurance compliance. Clinical Risk Assessment Management (CRM) has become one of the vital elements of hospital management. However, in order to pace with the changes and innovations in the medical field and business environment, hospitals have to develop their own strategies for ‘clinical risk assessment management’. Briner, Kessler, Pfeiffer, Wehner & Manser (2010) have proposed an instrument for assessing development stages of CRM in hospitals. According to Briner et al (2010), such an instrument is essential, because risks associated with patient care are unpredicable in the current-day hospital settings. The writers believe that the instrument they propose would ‘allow hospitals to achieve comprehensive and systematic data’ on Clinical Risk Management.     Another important area of hospital management today is Customer Relationship Management (CRM), the effectiveness of which determines the success of the firm’s customer retention strategies. According to Reddy and Acharyulu (n. d.) customer relationship is a very sensitive aspect that requires high level security and confidentiality. In the same way, detecting the chances of medical errors is also important. Adibi1, Khalesi1, Ravaghi1, Jafari & Jeddian (2012) identify an increase in the mortality rate among hospitalized patients which could be attributed to unsafe health care provisions. According to the writers, only an effective risk assessment system can improve this situation. Colling and York (2009) also point to the need of developing an effective risk assessment system that can address the growing issue of hospital security. According to the authors, infant security and other issues in the healthcare environment needs immediate attention (p. 525). Ciampa (2008) also discusses the vulnerabilities of computer networks and different ‘defense mechanisms’ that can overcome such issues. For instance, Ciampa (2008) proposes that vulnerability assessments can identify the weaknesses in the computer networks (p. 542). In order to curb the expenses of hospitals on keeping confidentiality of personal health records, Paton (2006) recommends frequent risk assessment programs. Johns (2002) also reiterates the significance of information in the field of health care. The writer adds that risk assessment techniques would assist healthcare professionals to improve information management (pp. 334-335). HIROC (2011) guidelines specify various risk management practices for healthcare organizations. It also discusses some risk assessment frameworks that would assist a hospital/health institution to identify different risk factors in time. According to Carroll (2009, npn.), modern hospitals are to develop a comprehensive risk management program so as to ensure quality of care, patient safety, and confidentiality. Another relevant thought in this regard is that risk assessment would greatly assist a healthcare organization to meet its long term objectives (ECRI Institute, 2009). Assessment, controls, and compliance are the major aspects of effective risk management; and well developed risk assessment mechanisms would help to prevent unauthorized access to patients’ medical records (Symantec). Another area of risk is associated with the illegal/unfair use of different medical products. According to U.S. Department of Health and Human Services Food and Drug Administration (1999), creating a risk management framework in order to reduce people’s exposure to harmful medical products is essential. In order to address security and privacy risks, a strong and comprehensive risk assessment system is very essential. a strong and comprehensive risk assessment system (Houlding, Casey & Rosenquist, n.d.). In total, hospital data sources are highly prone to malware attacks or hacking. Data theft affects the availability, integrity, and confidentiality of data and thereby the care quality and patient safety. Security threats normally cause hospitals to incur huge financial losses. Risk assessment management is an inevitable functional area in modern hospital management. This involves clinical risk assessment (CRM), and customer relationship management (CRM), medical error risk assessment, drug abuse risk assessment etc. Nessus is found to have the potential to assess the vulnerability of systems on time. Read More