Safeguards Protect Against Security Threats
The use of Electronic Health Records (EHR) has transformed how healthcare facilities operate and conduct their business. EHRs have multiple benefits, including enhancing, recording, and ensuring that information storage is more secure. The majority of the organizations find it challenging to implement and invest in electronic health records due to the substantial cost ( McDermott, Kamerer, and Birk, 2019). The paper is a report addressing electronic health records and health IT risk assessment and the use of EHR safeguards within Florida MIS Radiology.
Safeguards for EHR and other Health IT in Florida MIS Radiology
Florida MIS radiology is skeptical about introducing EHRs and health IT due to data breach concerns. The practice needs to asses risks regarding the use of electronic health records to ensure that security is achieved (Fisch, Chung, and Accordino, 2016). Assessment will also help in disclosure and the control of unauthorized access to medical information. The Assessment process will involve checking on the confidentiality, integrity, and availability of the systems through the use of security safeguards.
System integrity in Florida MIS facility would be determined by checking whether the EHR and health IT have been tampered with in a way that could interfere with data protection. Physicians and technical safeguards are at a higher risk, especially on the access and facility control (Murugesan, 2019). System integrity ensures the existence of the confidentiality of the system, where the most critical data sets whose integrity is essential to include medical treatment and the medical condition of patients in the organization. Availability is closely associated with usability; therefore, faulty systems are less available and hence less usable, for instance, dormant user accounts.
As Fisch, Chung, and Accordino (2016) indicate, Security safeguards are considered as the three pillars that protect health information in the electronic health records. The Florida MIS health center needs to use security safeguards in the implementation of security policies. Safeguards are categorized into administrative, physical, or technical safeguards. According to Martin (2017), the application of protection is based on the risks identified when accessing the organization’s information technology.
Physical Safeguards
Physical safeguards are vital for Florida MIS radiology, which acts as a foundation in protecting the organization from potential data threats. Physical safeguards will involve policies, procedures, and physical measures applied to secure electronic health records such as the ultrasound and X-ray from unauthorized access and external hazards (Mokalled, et, al., 2019). For instance, some of the physical safeguards suitable for Florida MIS radiology include device and media control, control over the facility access, which is essential as well as a workstation security application and use. Facility security would involve protecting the facility against theft of the EHR and health IT systems because once the orders are stolen, information is compromised. Taking the EHR, such as the imaging services, would disclose sensitive information and identity of most Florida patients.
Establishing an effective access control in Florida MIS would limit physicians from accessing excess data instead of limited data used for treatment. Most small healthcare facilities face issues of a data breach due to the failure of having an active control system. Proper disposal of health records is vital for Florida MIS radiology, where improper disposal would lead to security threats and data breaches. Some of the appropriate disposal techniques include burning of available documents, paper shredding as well as deletion of patients’ data under patient’s instructions. The organization requires to implement the physical security policies for the electronic information devices. Regardless of the high increase in the use of digital methods of holding data, physical safeguards are vital and vital for every organization.
Technical Safeguards
Technical safeguards use digital formats to hold data in place by accessing and monitoring data in motion and at rest, for instance, passkeys, passwords, and authentification controls. Florida, as a small healthcare facility, deals with medical data shared with patients and other organizations as well as stored in HER and health IT. Florida should implement all technical procedures and policies to secure medical data from a breach. First and foremost, every HER and health IT user in Florida MIS radiology should have a secure user identification used to monitor and keep track of user’s activities. Secondly, the organization’s use of audit controls would Help in examining patient health information in EHR and health IT access.
Users of EHR logging off from accounts after use and closing dormant accounts would reduce security threats and protect the systems from attack. Nevertheless, encrypting, decrypting, and the use of firewalls in electronic health records would enhance the confidentiality of medical information done to data in motion and data at rest (Mokalled, et, al.,2019). Although firewalls might be expensive for small healthcare, the methods are effective in protecting health information and the network system. To preserve and enhance integrity in Florida MIS radiology, the security team should develop emergency access procedures helping incase of threat incidents. Florida MIS radiology is, however, advised to use both role-based and personal-based authentification, data discard models, Bluetooth all other privacy-enhancing technologies.
Administrative Safeguards
Administrative safeguards are all the strategies and procedures designed by Florida MIS radiology to protect health information. Florida administration office is the most vital part of the organization, especially in the enforcement of security policies (Murugesan, 2019). For instance,the organization moves on training employees on security measures and adherence to the HIPAA security rules. Additionally, Florida MIS facility carrying out risk assessment process and developing security measures would save the organization from data breaches and other security threats.
The organization selecting the type of information to be disclosed essential to avoid sharing sensitive information and to the wrong recipients. For instance, when the administration decides to on sharing via social media sites such as Linked-In, Facebook, Google Plus, and YouTube (Murugesan, 2019). Other administrative safeguards to be applied by Florida MIS radiology to safeguard EHR and health IT includes, assignment of security officials that would implement policies, conducting security training programs for employees. Information access management and regular monitoring of the effectiveness of EHR systems and security policies. Lastly, to avoid security issues in the information systems, Florida MIS radiology should keep track of security policies used as well as ensure policies are regularly updated to prevent future security issues and data breach.
References
Fisch, M. J., Chung, A. E., & Accordino, M. K. (2016). Using technology to improve cancer care: social media, wearables, and electronic health records. American Society of Clinical Oncology Educational Book, 36, 200-208.
Martin, S. M. (2017). Security and Privacy. In The Project Manager’s Guide to Health Information Technology Implementation (pp. 69-76). Productivity Press.
McDermott, D. S., Kamerer, J. L., & Birk, A. T. (2019). Electronic health records: A literature review of cyber threats and security measures. International Journal of Cyber Research and Education (IJCRE), 1(2), 42-49.
Mokalled, H., Pragliola, C., Debertol, D., Meda, E., & Zunino, R. (2019). A Comprehensive Framework for the Security Risk Management of Cyber-Physical Systems. In Resilience of Cyber-Physical Systems (pp. 49-68). Springer, Cham.
Murugesan, S. (2019). The Cybersecurity Renaissance: Security Threats, Risks, and Safeguards. IEEE ICNL, Jan-Mar.