Electronic Software Security in Medical Institutions - Research Paper Example

 Electronic Software Security in Medical Institutions Software Security in Health Settings As technological advances emerged, many experts laced maximum efforts to integrate its more advanced principles in government and economic industries. Its character knows no finite boundaries; it is both flexible and dynamic (Otto, 2009). This very nature of electronic systems enhances the risks of information intrusion; hence, software security has been established. Software system security is a program specific in safeguarding the integrity of database, warding off “unauthorized (actions)...destruction and disclosure” (Hahn & Farrar, n.d.; Kabay, 2004). Computer systems of various purposes are constantly plagued by threats of invasion, thus, preventive defense is supposedly at hand with software system security. One of the most profound breaches in software attack is the breach of trust through online exploitation (Hahn & Farrar, n.d.). Vulnerable parties can be fraudulently led into a trap, and unauthorized information is acquired by outside sources. Such incidence is extremely damaging, especially when utilized in health care settings--medical advances is now focusing on the optimum application of software technologies in health services (Clarke, Avrunin, & Osterweil, 2008). The development is approved by several technological advocates; reasoning that the collaborative medical services necessitates a system networking which will provide a more accessible method between service providers (Roach, Hoban, Broccolo, Roth, & Blachard, 2006). Like the economic industries, the health care division is now marking the electronic use of electronic system services in catering to the growing needs of public consumers. Amidst the provision of quality health delivery is the concept of “communication and cooperation” (Surjan, Engelbrecht, & McNair, 2002). Allied professionals have the moral obligation to work within the boundaries of their profession. At the same time, consumers, in return, expect their personal files to be strictly concealed at all cost (Bushko, 2002). Medical records are restricted, yet they are utilized not only in delivery of health care but also in “health insurance...(and) research” (Covvey & McAllister, 1980). Extensive use portrays the numerous agencies employing such data, from hospitals to private insurance firms. The sensitivity on the medical records depends on the competency of the medical team, for mistakes can instigate both socioeconomic and mental destruction (Barrows & Clayton, 1996). In truth, the duty of health care practitioners is to protect of consumer confidences (American Medical Association, 2010). The privacy of medical records is an ethical and legal obligation that all health service personnel must maintain, as specified by the “Health Insurance Portability and Accountability Act (HIPAA) of 1996” (United States General Accounting Office, 1999). This policy protects the rights of patients to their private domains, even in medical records secured by electronic software systems. Pros and Cons of Security System Many had expressed constructive feed backs on the accessibility of medical records in health settings. It generally aids against dilemmas in “patient data explosion and...complex diagnostic information” (Hamilton, 1992). With such intensive data, security software assures not only access to such information, confidentiality and accountability are also guaranteed with the system. In turn, equity in care delivery and cost-efficiency is substantiated in the process (Allaert, Blobel, Louwerse & Barber, 2002). With several security policies, such as the standardized Continuity of Care Record (CCR), health collaboration in health allied fields are achieved without compromising security of medical records (Medo, n.d.). Even in billing sections, precision and economical activities are ensured (“30 Things,” n.d.). Transfer of data from medical institutions to insurance companies are performed efficiently and with minimum errors; all because of a more secured billing software. On the other hand, Hanlon (2010) revealed about 13% of U.S. medical organizations have fully applied the principles of electronic medical record, while in a year, almost 250,000 health consumers fall for medical identity scams. This is the principal drawback with software improvements in health intuitions. Even though security systems are being installed, its unpredictable quality makes it liable to numerous human attacks. Yet, Barrows and Clayton (1996) explained that technology must not be solely blamed in this matter; faulty security regulation also worsens the conflict. The eventual violation of confidential records can be traced on authorized users, such as medical personnel in direct contact to patients. Distribution of restricted information can occur, as mistakes are committed, or when curiosity and personal gains push them to trade pertinent medical information (Anderson & Goodman, 2002). Inter-operational dilemmas, then, can cause security breach and not the electronic program themselves. Even in the conduct of health-related studies, privacy of samples is breached. At some point, access to large files is acceptable when conducting epidemiological research; where it is impractical to obtain individual consent for thousands of samples (United States General Accounting Office, 1999). At this point, if accidental discoveries of grave threats in medical records transpire, patients’ confidence on their privacy is still disregarded. Even health insurance companies add constraint to the mounting tension with system security breach. An estimate of 11% refused to file for insurance policy due to distrust on information security (Anderson & Goodman, 2002). There is indiscretion in passing out medical records from one medium to another. Human factor, then, plays a role in privacy breach--placing both software systems and authorized sources as root sources for information breach in medical institutions. Security Resolution in Medical Institutions The matter on medical records privacy exploitation by several health agencies leaves a foul taste on the general public. Such distrust on the electronic security software had come to the point wherein 27% of clients believed in unwarranted medical disclosure while 24% of medical institutions admitted such privacy intrusion (Anderson & Goodman, 2002). Upon tracing such irregularities in confidential breach, two things must be taken into account: specificity of employed software security systems and the authorized people handling such system. From creating a security access programs, such as logging in on specific areas or validating authorization of attempted users, electronic systems possibilities are quite limitless. Software security may be complex in structure, but its vulnerability still depends on experts in the field--man has created such systems, hence, they are also capable of breaking them. Simply placing security measures against unlawful reproduction of records is not sufficient actions against confidentiality breach (Dick Steen, & Detmer, 1997). There is the additional conflict of human factor in application and control of such programs worsens the lack of privacy of medical records. Lawful limitations seem unsatisfactory in deterring profitable gains with pertinent medical records (“New Laws Protects,” 2010). By focusing on noteworthy goals, not only in the application of modernized software security programs, but also with authentication and access to medical files, privacy issues may be put to rest. Numerous actions are initiated to protect the integrity of confidential files, from “security policy development, dissemination, and monitoring” (Caruso, 2003). In spite these, several situations proved its failure. Regardless of natural calamities, definite identification of authorized personnel can be starting point for improvement; employing advances in digital comparison of signatures and biometrics identification. The act of segregating general information from more medically sensitive data is also important. With the additional presence of reliable software and physical audits and filter systems, the transfer of data from one medium to another can be surveyed more closely (Hamilton, 1992). Through the process of software encryption, corruption of unknown sources are prevented, thus, invasion is relatively hampered (Anderson, 1997). In the case of covert transfer of medical files from one agency to another, periodical updates in security policies and allotting severe legal penalties are all medical institutions can allow (Stetson, 1997). With the supplemental obligations specified by state laws and regulations, unauthorized violations may lessen. However, it takes maximum efforts on both sides, government and technological sectors, for a better software security system in medical institutions. Rewards can be worth all the efforts, allied professionals are better equipped in their fields while health consumers obtain quality care without fear of privacy infringement. References Allaert, F.A., Blobel, F., Louwerse, K & Barber, B. (2002). Security standards for health care information systems: A Perspective from the EU ISIS MEDSEC Project. Amsterdam: IOS Press. American Medical Association. (2010). Patient confidentiality. Patient Physician Relationship Topics. Retrieved from http://www.ama-assn.org/ ama/pub/physician-resources/legal-topics/patient-physician-relationship-topics/patient-confidentiality.shtml Anderson,R. (Ed.). (1997). personal medical information: security, engineering, and ethics. New York: Springer-Verlag. Anderson, J.G., & Goodman, K.W. (2002). Ethics and Information Technology: a case-based approach to a health care system n transition. New York: Springer-Verlag. Barrows, R.C., & Clayton, P.D. (1996). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3 (2), 139-148. Bushko, R.G. (Ed.). (2002). Future of health technology. Netherlands: IOS Press. Caruso, J.B. (2003). Information technology security policy: Keys to success. EDUCAUSE Center for Applied Research, 2003 (23), 1-14. Clarke, l., Avrunin, G.S., & Osterweil, L.J. (2008). Using Software engineering technology to improve the quality of medical processes. Retrieved from http://laser.cs.umass.edu/techreports/08-20.pdf Covvey, H.D., & McAllister, N.H. (1980). Computer-assisted medicine: Privacy and security. CMA Journal, 123, 231-235. Dick, R.S., Steen, E.B., & Detmer, D.E. (1997). The computer-based patient record: an essential technology for health care. United States of America: National Academy of Sciences. Hahn, R.W., & Farrar, L. (n.d.). The law and economics of software security. Retrieved from http://www.law.harvard.edu/students/orgs/jlpp/Vol30_No1_Hahnonline.pdf Hamilton, D.L. (1992). Proceedings from IEEE Symposium on Computer-Based Medical Systems: identification and evaluation of the security requirements in medical applications. North Carolina: Hewlett Packard. Hanlon, T. (2010). The electronic medical record: Diving into a shallow pool? Clevelanc Clinic Journal of Medicine, 77 (7), 408-411. Kabay, M.E. (2004). Educating the medical community about medical information security. Medical Information Security. Retrieved from http://www.mekabay.com/overviews/medical.pdf Medo, D. (n.d.). Do electronic medical records respect your privacy? ArticleSoft.com Retrieve from http://articlesoft.com/health/ do-electronic-medical-records-respect-your-privacy.html New laws protects privacy of medical records. (2010). Retrieved from http://usgovinfo.about.com/library/weekly/aa122200b.htm Otto, P.N. (2009). Reasonableness meets requirements: Regulating security and privacy software. Duke Law Journal, 59 (309), 309-342. Roach, W.H., Hoban, R.G., Broccolo, B.M., Roth, A.B., & Blachard, T.P. (2006). Medical Records and the Law. (4th ed.). United States of America: Jones and Barlett Publishers. Stetson, D.M. (1997). Proceedings from 1997 ASIS mid-year meeting preview: Achieving effective medical information security: Understanding the culture. Retrieved from http://www.asis.org/Bulletin/Feb-97/stetson.html Surjan, G., Engelbrecht, R., & McNair, P. (Eds.). (2002). Health data in the information society: proceedings of MIE2002. Netherlands: IOS Press. United States General Accounting Office. (1999). Access needed for health research, but oversight of privacy protections is limited. Medical Records Privacy. Retrieved from http://epic.org/privacy/medical/gao-medical-privacy-399.pdf 30 things you didn’t know about medical billing software. (n.d.). Writum.com. Retrieved from http://www.scribd.com/doc/16177916/30-Things-You-Didnt-Know-About-Medical-Billing-Software Read More