AHIMA Code of Ethics, and EHR systems
You are the HIM Director in an acute care hospital setting. Your facility has purchased an electronic health record (EHR) system, and pressure is mounting to deploy this system as soon as possible by the chief information officer (CIO) and chief of the medical staff (CMS). However, during a testing period, you and your team discover that the EHR system does not comply with applicable federal privacy and security standards. It is your recommendation to stop the deployment until these issues can be resolved; however, the CIO and CMS disagree.

Using the AHIMA Code of Ethics steps below (1-7) create your response as the HIM Director’s perspective to each of the steps as if you were writing the memorandum to the CIO and CMS. Consider your response from the legal, liability, and ethical perspectives.

Clearly define the issue.
Determine the facts of the situation.
Determine who the stakeholders are, the HIM values at stake, and the obligations and interests of each stakeholder.
Determine what options are available and evaluate them.
Decide what should be done.
Justify the decision made by identifying reasons that support the decision.
Implement the decision.
Evaluate the outcome of the decision.
Examine how to prevent the issue from recurring

Prepare a memo analyzing the key issues in this case and stating a recommendation. Be sure to address all steps listed above. A memo template is provided under the Ethics folder in the Files module or you may conduct an online search to find examples of memo templates.

Guidelines for Submission: Your short paper should be a submitted as a Memorandum Microsoft Word document between three and four pages with double spacing, 12-point Times New Roman font, one-inch margins, and sources cited in APA 7th Edition format.
Prepare a memo analyzing the key issues in this case and stating a recommendation. Be sure to address all steps listed above. A memo template is provided under the Ethics folder in the Files module or you may conduct an online search to find examples of memo templates.

Guidelines for Submission: Your short paper should be a submitted as a Memorandum Microsoft Word document between three and four pages with double spacing, 12-point Times New Roman font, one-inch margins, and sources cited in APA 7th Edition format.

AHIMA Code of Ethics, and EHR Systems
Over the years, privacy and security has been a major issue, especially with the growth of information technology systems (Vora, et, al.,2018). The biggest problem for healthcare consumers is the inability to control their health data. How information is collected, stored, and shared is the main issue, especially sharing personal data without the owners’ consent. The security management in health care systems have an ethical obligation of acting and dealing with security and privacy issues, according to the American Health Knowledge Management Association (AHIMA) (Vora, et, al.,2018). The AHIMA core values include preserving, protecting, securing, using information technology in the right manner, upholding customer rights, privacy, data protection, putting the interest of patients before, and revealing any unethical practices in the organization. The paper’s is a memorandum to the chief information officer and chief of medical staff concerning the legal and ethical perspective of information technology.
Clearly define the issue.
The main issue is that the electronic health records do not comply with the federal and security privacy standards. The electronic health record consists of patients’ medical information, such as medical history, investigation, treatment, and physical wellbeing (Keshta, and Odeh, 2020). The information is considered sensitive and confidential; hence the electronic health record should maintain privacy and ethical standards’ according to the national institute of standards and technology (NIST). Also, electronic health records’ privacy and security should be at par with the legal standards of the health insurance portability and accountability act (HIPAA) and the health information technology for economic and clinical health (HITECH). How to keep patients records safe is a major concern, where the system cannot control what information is being shared or stored in the system.
Determine the facts of the situation.
The likelihood of information being lost or the system being compromised is high; for instance, data can be hacked, lost, or destroyed by either internal or external attackers. Another security and privacy concern of the EHR is the misplacement of data, especially shifting from a paper-based filing system to the new technology (Vora, et, al.,2018).
Determine who the stakeholders are, the HIM values at stake, and each stakeholder’s obligations and interests.
The key stakeholders interested in the purchased electronic health records include the clinicians, for instance, the nurses, health staff, and physicians. The clinicians play an important role in ensuring the successful selection of the HER process. Another stakeholder includes the billing team. The billing team, especially in providing information concerning the HER systems’ performance, based on speed and accuracy (Keshta, and Odeh, 2020). The marketing team is another group of stakeholders that promote some of the unique features of the system. For instance, the online patient portal and the automatic scheduling.
Additionally, the board of members or administration would play an important role in developing the EHR project. The office staff is also part of the stakeholder’s team, including patient contacts and billing information of all patients in the system. HIM stakeholders are expected to comply with the laws, govern the health information systems, refuse to reveal patients’ confidential information, and follow security and privacy policies designed by employees. Honesty, integrity, knowledge, and advocacy are the health information management values at stake. The concerns and obligations of the stakeholders can manage values at stake (Keshta, and Odeh, 2020). For instance, the office staff can develop a platform that can collect feedback and important information concerning the opportunities and challenges of the EHR. On the other hand, clinicians can report and record various issues, especially with the live support to rectify the values at stake.
Determine what options are available and evaluate them.
To enhance the security and privacy of electronic health records, undertaking various privacy and security policies is the way to go in ensuring a safer security process. For instance, developing administrative controls, identifying workstation usage, employing device and media controls, auditing, monitoring system users, applying data encryption to the system and monitoring physical and system access (Keshta, and Odeh, 2020). Enhancing administrative controls can be done by updating policies, and procedures, running background checks on all health staff, guiding employees through developing and conducting a security training program. On the other hand, to identify workstation usage, privacy filters are important in every organization’s workstation. On the other hand, identifying various workstations’ capabilities would Help in identifying security issues and vulnerabilities. The audit trail program would Help in identifying who has unauthorized access to patient’s sensitive data.
Additionally, employing a device and media controls would play an important role in managing the system and dealing with uncertainty (Kruse, et, al.,2017). For instance, the media control would Help track processed hardware, develop a security plan, backing up all data from the hardware, and removing data from reusable hardware. The most critical option for HER security and privacy is encryption, which protects all data in the system through cryptography. The most reliable and applicable security protocol in the electronic health record is encryption, which makes data unreadable through unique prime numbers. Encryption protects the system against software failures that could damage patients’ files. For access control, applying HIPAA privacy and security compliance could help provide rights of access to patients and physicians (Kruse, et, al.,2017). According to HIPAA, patients can receive notification in case of unauthorized access to personal information and can select a communication mode with the healthcare providers.
Decide what should be done.
Since electronic health records’ security and privacy is the main challenge, identifying various ways to protect health records is key. The use of cryptography and firewall are the two main security techniques that can enhance the systems’ security, hence promoting implementation. Additionally, the use of anti-virus software and the development of privacy and security standards are other techniques that can be used. Firewalls very successful security and privacy method used to secure the whole health care network system and all information in the systems. The firewall filtering systems can help protect the system from receiving threats from inside and outside the system (Kruse, et, al.,2017). The types of firewall systems that can be implemented include the packet filtering firewall that protects the network from outside feeds, which is similar to using an internet protocol address.
Another firewall filtering system includes the status inspection firewall, which is more complex and effective than the packet-firewalls. Another firewall system that should be implemented is the level gateway system that Helps in scanning and identifying threats before the page reaches the end-user. Another firewall system creates a boundary between the organization’s intranet, and the local area network, hence protecting the system from intrusions from the local area network to its system. On the other hand, through the HIPPA final rule, the health organization should emphasize using the decryption method through digital signatures (Kruse, et, al.,2017). The final rule ensures patients’ information is protected during the creation, receiving, maintaining, and transmission of protected health information.

Justify the decision made by identifying reasons that support the decision.
The decision to apply firewall and cryptography before implementing the HER systems is important for the secure operation of the systems. Additionally, the security policies and techniques would cater for the systems, physical, technical, and administrative security. On administration, the decision would Help in developing and implementation of recovery plan, system security Assessment, and risk analysis, and management. The firewalls and cryptography would also promote workstation security, enhance radio frequency identification, physical access controls, and other security responsibilities assigned by the organization. The security team would keep up with the audit trails, virus checking, and entity authentication to identify the security techniques’ weaknesses and strengths.
Implement the decision.
Implementing the security management decision for the electronic health record systems would follow designed steps. Some of the steps include selecting a security tea for the systems, learn about the security techniques, and lead the culture. Additionally, documenting the process is the next step, and documenting findings concerning the systems. Also, review the existing organization’s security of patients’ health information, such as the paper-work filling system (Islam, et, al.,2021). The review process is also considered as the security risk analysis process. After conducting an analysis process, develop an action plan, mitigate and manage the underlying security risks, and develop reasonable security-related objectives. The last implementation step includes monitoring, auditing, and updating the firewall and cryptography security system frequently.
Evaluate the outcome of the decision.
Evaluating the outcome of firewall and cryptography in the HER system is very important, especially in determining service quality (QoS). Outcome Assessment focus on delay, throughput, jitter, and packet-loss-rate, which are the main issues related to the use of the security technique. Evaluating the outcome of the firewall security protocol can be conducted by using FTP and HTTP services to determine the latency and total transaction of the system. The system’s latency involves the time a system completes a task, for instance, a single transaction. Additionally, data inspection would be a good method to evaluate the outcome, where the process prolongs the time required to conduct data communication. During the process, the HTTP session test provides information used to compare the outcome of the firewall security level one with security levels two and three. The observations discovered in evaluating the firewall security technique’s outcome include performance loss, low volume, and high-volume connection settings (Islam, et, al.,2021). Also, network scanning tools are used to evaluate the performance of firewall security techniques, where the common issue with a firewall is performance degradation, which can be managed by designing an optimal firewall technology that could protect the organization’s private network without recording performance loss.
Examine how to prevent the issue from recurring
Firewall configuration can be a game-changer and an effective method of preventing the issue of delay and loss of performance from occurring; firewall configuration could be a game-changer. Implementation of firewall requires configuration, which allows the system to operate effectively. Updating the firewall to the latest version, and creating a secure community string, for patients (Islam, et, al.,2021). On the other hand, architecting the system IP address and firewall zones, such as the DMZ. Configuring the access control lists and the firewall services and loggings would promote the nature of security, hence protecting the EHR systems from security threats, risks, and vulnerabilities. Before implementing the firewall, testing the firewall configuration, and developing firewall management to monitor, the firewall’s performance is vital for the security and privacy of health records.

References

Islam, N., Shamim, S. M., Rabbi, M. F., Khan, M. S. I., & Yousuf, M. A. (2021). Building Machine Learning Based Firewall on Spanning Tree Protocol over Software Defined Networking. In Proceedings of International Conference on Trends in Computational and Cognitive Engineering (pp. 557-568). Springer, Singapore.
Keshta, I., & Odeh, A. (2020). Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal.
Kruse, C. S., Smith, B., Vanderlinden, H., & Nealand, A. (2017). Security techniques for the electronic health records. Journal of medical systems, 41(8), 1-9.
Vora, J., Italiya, P., Tanwar, S., Tyagi, S., Kumar, N., Obaidat, M. S., & Hsiao, K. F. (2018, July). Ensuring privacy and security in e-health records. In 2018 International conference on computer, information and telecommunication systems (CITS) (pp. 1-5). IEEE.
Zaw, T. (2017). U.S. Patent No. 9,705,909. Washington, DC: U.S. Patent and Trademark Office.

Published by
Essays
View all posts