Security and Integrity of Clinical Information Systems
Establishing security standards that protect patient data is an important step in the database design process. Protecting the confidentiality of personal health information is not optional; it is mandated under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA violations can result in both fines and legal consequences. Failing to protect private information can also damage a health care organization’s reputation as well as result in the loss of patients’ peace of mind.
For this Discussion, you consider the clinical information systems presented in the case studies below and identify the security and integrity problems and risks that need to be addressed.
Case Study 1:
A busy academic hospital has grown rapidly and acquired multiple clinical information systems that interface with each other. Physicians and practitioners require access to each system and frequently have workflows that require access to multiple systems at the same time. In addition, practitioner responsibilities often require them to complete documentation or access clinical information at home and during off hours.
Case Study 2:
An increase in the number of clinical research studies and the use of undergraduate students as research assistants for subject recruitment was perceived as a risk for a medium-sized academic hospital. Students were enrolled at the hospital-affiliated university but still required a credentialing process to be able to access clinical areas of the hospital and clinical systems. The hospital wants to meet IRB and HIPAA research regulations, and to exceed HIPAA’s minimum necessary principle.
Case Study 3:
As a large multi-specialty academic medical practice, providers are often utilizing laptop computers and mobile devices in patient care and research-related activities. Tracking, securing, and managing the numerous devices to mitigate loss, theft, or other breaches is important to the enterprise.
- Review the information in this week’s Learning Resources, focusing on the security and integrity of clinical information systems. Consider the importance of security and integrity, as well as the consequences of failing to address these aspects of database design.
- Select one of the case studies above to examine further for this Discussion.
- Determine the security or integrity problems in the clinical information system in the case study. What legal, ethical, and organizational risks do these issues pose?
- Begin to formulate a potential solution or strategy to address the security and integrity problems. How would this solution or strategy mitigate the security or integrity risks you identified?