EMR and Other Sources of Sensitive Patient Information - Essay Example

? What security policies and systems are in place to prevent un ized access to the EMR and other sources of sensitive patient information? Introduction An Electronic Medical Record (EMR) is a programmed medical record which is generated in the organization that provides care to the patients such as healthcare centers or hospitals (Carter, 2001). Electronic medical records incline to be a part of the system of healthcare information which facilitates storage, repossession and alteration of the records. EMR enables to augment sharing as well as accessibility of health related records among certified individuals (Skolnik, 2010). Policies in Place to Prevent Unauthorized Access to the EMR The security policies related to EMR have been considered as a major concern under the Health Information and Accessibility Act (AnestaWeb, Inc, 2011). The security policies should be provided major consideration in any organization in order to create an effective functioning environment. Various security policies in relation to EMR have been initiated under certain important measures which are needed to be considered for its development. They are as follows: 1. What the operators want to obtain from the system (i.e. functional requirements). 2. The objects that are required to be protected 3. The objectives which are needed to be acquired with the resources in hand. In the first part, the function of the security policy is to maintain equilibrium between the functional as well as the security aspects of the systems. The requirements for security can be quite difficult due to the costs incurred for the systems and also with the problems faced by the operators while implementing the security systems (Barrows & Clayton, 1996). In the second part, “Inside attacks” is another important aspect of security policy in relation to EMR (Barrows & Clayton, 1996). These attacks are mainly faced by individuals who are the actual users of the system. The actual users can manipulate or abuse the rights for searching different data for their personal motive or to harm the financial viability of the organization. If the information is leaked it can bring disastrous consequences and can affect the functioning environment of the organization. Policies such as management of access control as well as encryption method can enable to prevent such occurrences. Another important aspect for the security policy of EMR depicts threats generated from managed care corporations and insurance companies among others (Barrows & Clayton, 1996). These organizations can attempt to reveal protected patient information for their own benefits. The threats which are discussed describe about the secrecy of the patients information and also about the data available to be kept secure. If such information is leaked, it would be disastrous for the organizations’ welfare. In the third part, the security policies or standards for the data, which are needed to be safeguarded for the organization, are depicted in the threat model, which is provided by the Mayo Clinic/Foundation. These policies are as follows: a. Physical security in relation to data center sites: It deals with issues relating to prevention of theft, disaster recovery, backup of the required data and security of susceptible terminal locations among others (Barrows & Clayton, 1996). b. ‘Access control to system resources’: Issues related to controlling the physical devices as well as logical mechanism including computer programs (Barrows & Clayton, 1996). c. Data protection policies: Certain issues related to ensuring consistent protection of crucial data of organizational system is ascertained under this policy. Moreover, measures to be taken against the users who misuse the rights to use the systems properly (Barrows & Clayton, 1996). d. Security of hard copy materials: This security policy ensures to take relevant measures against security breaches of certain delicate documents, which can occur from paper copies of susceptible patient related data and electronic documents (Barrows & Clayton, 1996). e. Legal and liability issues: Issues related to the use and misuse of the system is considered which involves legal protections and liabilities for the organization to keep the records securely under the jurisdiction of the law so that the penalties cannot be charged (Barrows & Clayton, 1996). Systems in Place for protecting EMR and Other Sources of Sensitive Patient Information Systems as a security of electronic records for sensitive patients information is more safe and vivid than the records taken in paper by healthcare organizations. The accessing of the medical records can be safeguarded through passwords used by individuals who use the system. The advantages of this process are that it provides different levels of usage to the system. Through the EMR process, it is accessible to keep the data of the patients as well as backups which provide additional help in storage facilities which is required for protection against damages done through fire, water and other environmental disasters. Through the procedure of password accessing in the systems, it is possible to provide better systematic schedules for maintaining efficient records systems through which healthcare organization can be benefitted.. It provides effective functioning and it can limit malpractices to be conducted in the organization (South Shore Medical Center, 2012). Data privacy is required in the healthcare organization to safeguard the EMR or any sensitive patient information. In this process, the data of the patients is required to be used with the consents of the patients. It will significantly facilitate to protect sensitive patient information as with the clause of patient consent under the data privacy dimension unauthorized access can be prevented. The medical reports should be properly handled by the efficient doctors and nurses in the organizations who take proper care of the patients. Moreover, in relation to systems that are in place to protect unauthorized access it can be observed that ‘firewall’ system can be used to ensure network security. Similarly, multi-factor authentication can be used to ascertain the validity of the user which can enable to protect mishandling of crucial patient information. Controlled authorization is another option which can be used to provide access to actual and relevant users of patient information (Sadowski, 2012). Data confidentiality is also one of the important aspects as it has become a big challenge for the healthcare organizations to safeguard the information about the patients in particular. Data confidentiality solution is required to protect the access of data to from unwanted individuals who can harm the patients as well as affect the reputation of the organization (Information Governance The Foundation For Effective E-Health, 2010). Conclusion Electronic medical records have emerged as an important computerized record of patient information which facilitates medical practitioners to retrieve crucial and pertinent information conveniently. However, increase in terms of portability or accessibility of medical records can result in unauthorized access to any medical patient related information. In order to protect the misuse of such crucial information aspects such as data privacy, data confidentiality, identification of possible threats and certain crucial data protection policies have been enacted. References AnestaWeb, Inc. (2011). eMedical Records. Retrieved from http://www.emedicalrecords.org/ Barrows, R.C., JR. & Clayton, P.D. (1996). Privacy, Confidentiality and Electronic Medical Records. Journal of the American Medical Informatics Association 3(2), pp. 139-147. Carter, J.H. (2001). Electronic Medical Records: A Guide for Clinicians and Administrators. Australia: ACP Press. Information Governance The Foundation For Effective E-Health. (2010). Institute for Health and Public Service Value. Retrieved from http://www.accenture.com/SiteCollectionDocuments/PDF/Accenture_100473_InfoGovPoV_Final.pdf South Shore Medical Center. (2012). Electronic Medical Records (EMR) At South Shore Medical Center. Retrieved from http://www.ssmedcenter.com/about/emr.cfm Skolnik, N.S. (2010). Electronic Medical Records: A Practical Guide for Primary Care. New Mexico: Springer. Sadowski, R. (2012). Protecting Patient Information within the Cloud. Retrieved from http://www.healthcareitnews.com/blog/protecting-patient-information-within-cloud Read More