Healthcare It Security and Cloud Computing Essay

AbstractThrough the passage of the Patient testimonial and Affordable C atomic number 18 Act of 2010, the federal g overnment is push health keeping providers and hospitals to quickly move towards electronic documentation systems or be penalized for non-compliance. This push has presented numerous problems for medical students and hospitals alike. Probably the most important issue that needs to be kept in mind when making a decision on a system is security and patient privacy. These two pieces present technological ch solelyenges as well(p) as practical contests including where and how the patient info is captured, stored, and attacked.HIPAA (wellness Insurance Portability and Accountability Act of 1996) is the dictating law that must be kept in mind when choosing a health check charting system and the devices needed to access the system. Patient information and privacy must remain confidential and protected above any some other concerns regarding electronic systems. Clou d calculate is a hot-solelyton topic that is becoming popular in business and healthcare. The convenience of access info from anywhere and from multiple hardware platforms has many benefits, but this ease of access comes with security concerns. These concerns must be reviewed and policies put in ramble to ensure that confidential patient data is not exposed. earnest Issues wellnesscare I.T. and Cloud ComputingIntroductionThe digital age has brought ab go forth many changes in the fashion certain tasks are performed, the way communication takes place, the way education is performed, and the way that medicine is practiced. As government regulation regarding healthcare practice and reimbursement takes more strict and requires documented evidence to back up medical decisions before Medicare or Medicaid exit pay the providers, it is becoming increasingly important for medical personnel and hospitals to not only conform to the new technological standards, but to embrace the technol ogy that is driving it.In the past, organizations were required to host, store, and back-up the data and coatings that were utilized both inside and outside of the facilities. This presented many difficulties frequently(prenominal) as application maintenance, data storage and maintenance, and hardware maintenance. Cloud computing byes some solutions to these issues by allowing IT departments to rely slight on physical hardware, perform backups and duplicate them easily to offsite facilities, and provide application support to platforms that previously were unsupported. However, this presents significant security risk and legal liabilities with regards to HIPAA (Health Insurance Portability and Accountability Act) laws.PurposeThe purpose of this report is to discuss the options available for implementing and accessing electronic checkup Record Systems and the issues inherent with the different options, focusing on the security and privacy concerns specific to besmirch computi ng.ScopeThis report will identify the reasons and methods for implementing streak computing in spite of appearance the healthcare purlieu. It will also point out the security risks inherent to electronic storage of confidential health information and compounded by access to this information through the internet. As background information, the core components and functions of Healthcare IT will be discussed. The research will also cover the laws that govern the tribute of PHI ( individual(prenominal) health information), who has access to PHI, and what are the differences in the laws with regards to hosting a service versus being a user of the service.Sources and Methods of Collecting infoThe research for this report was done in the main through secondary resources including the transcript from a webinar performed for healthcare IT and compliance personnel covering regulatory compliance within healthcare software as well as articles from Information engineering science and Hea lthcare journals covering issues with security and cloud environments. A survey was also performed in 2009 of the physicians on active staff at Terrebonne General Medical Center. The primary research is also used to demonstrate the deprivation of acceptance within the local physician community.Healthcare Information TechnologyHealthcare IT is not that different from IT in other industries. The maintenance of pcs, servers, software, and network connectivity is the same regardless of the business. The difference between Healthcare and most other industries is that the nature of the data being held within the estimator systems is incredibly personal and the protection of that data is highly regulated by government entities. Up until the closing curtain few years, it was primarily hospitals that had to be concerned with ensuring that electronic patient data was stored and protected correctly. Some technologically advanced physicians have already implemented Electronic Medical Record Systems, but most physicians are only now havening to explore the multitude of options available due to the passage of the Patient Protection and Affordable deal Act of 2010 by the US Congress.ApplicationsWithin the realm of healthcare, there are typically two study divisions in computer applications. in that location are financial systems and clinical systems. Financial systems have been adopted in most hospitals and physician offices, largely due to requirements from insurance companies and government bodies that require data to be transmitted electronically for payment. Clinical systems, however, have not been implemented wide due to lack of knowledge and workflow interruption concerns. Elaborate didactics in new e-healthcare systems is not a luxury that is typically available to healthcare professionals i.e., doctors, paraprofessionals, (e.g., nurses) and administrative personnelbecause of the 247 nature and criticality of operations of healthcare organizations, especiall y hospitals, thus making peer interactions and support a notice driver of or barrier to such e-healthcare system use (Venkatesh, Zhang, & Sykes, 2011).Data and securityWhile a paper could be written solely regarding the storage and maintenance of electronic data, for the purposes of this paper only an overview and outperform practices will be discussed. Data can be stored in a multitude of different manners, all of which have benefits and downfalls. Saving data locally to a particular computer or other device can be dangerous. Should that device fail, the data saved to it could be lost. Also, data that has been saved locally to a device is more difficult to secure and guarantee that the data will only be accessed by the book person or persons. From an enterprise or business level, the best practice for data storage is to ALWAYS save data to a central location so that is can be support up regularly and can be accessed from multiple locations. It is also recommended for larger bu siness such as hospitals to have duplicated backups and in some cases the data may be backed up to an off-site facility for disaster management purposes.Though proper backup practices are vital, data security is just as important. Software applications such as Microsoft Active Directory and Novell NETWare are used to provide security to a computer network and the data stored within. Through these systems, users must log into individual workstations and establish upon the credentials provided to this log in, the user will only be allowed to access certain portions of the data which is stored somewhere else on the network. This method of access and storage is much safer and more easily controlled than it would be if the data were stored to the hard drive of the device the user is accessing.Security has become more difficult to enforce with the increased adoption of mobile devices. The rapid growth in the number, types, and functionality of mobile devices has been stunning currently th ere are over 17,000 healthcare mobile applications listen in major app stores, of which 50% are directed to healthcare professionals (Laverty, Kohun, Wood, & Turchek, 2011). Securing data accessed by Smartphones, tablet computers, iPads, and other handheld devices presents a host of new difficulties. In many cases, these devices are not owned by the facility and thus are not being accessed in the same manner as desktop pcs and laptops.ChallengesControlling devices that access patient data while working within the confines of HIPAA is a key challenge for healthcare organizations. HIPAA privacy rules apply to all healthcare providers, health plans, healthcare clearinghouses, and business associates (Roach & Wunder, 2009). Internally, data security can be achieved by proper user habits such as logging out of a session when the user is not actively using the system, screensavers that require a password, and automatic timeouts during periods of inactivity all help to ensure that private data cannot be accessed by someone that does not have the legal rights to view the data. Many organizations undergo periodic security audits to assist in finding vulnerabilities within the systems being run. Not only is it a challenge to provide data access security, but it is even more difficult to physically secure a device that someone carries around with them and is not stationary.Some programs like Microsoft Exchange (for email) can require that a security threshold be in place before the program can be accessed from a particular device and have the ability to remotely wipe the data from a device should it become compromised. The mobile nature of handheld devices is also a major challenge. In years passed, laptop computers were the only valid threat to data being accessed from off-campus sites. As cellular data technology has gotten fast and now mobile devices can access these wireless systems from nearly anywhere, the threat of data security breaches has increased. Another cha llenge is keeping up dated with users that should no longer have access to the available systems. Internally, a systems administrator can keep track of employees that are soothe employed with the organization. It becomes a much more difficult task to police the accessibility of users outside of an organization.Cloud ComputingWhat is cloud computing?The term cloud computing originates from the telecommunications world of the 1990s, when providers began using virtual private network (VPN) services for data communication. (Kaufman, Lori M.BAE Systems, 2009) Cloud computing shares its resources among a cloud of service consumers, partners, and vendors. (Kaufman, 2009) In simpler terms, cloud computing is a dual-lane infrastructure where hosting and accessing of services is not site specific. The data does not live only on a server in an office or building. Cloud computing can be used to offsite data backup. In lieu of housing a set of storage servers at an offsite facility, organizati ons can choose to back up their data to the cloud where it will be stored by someone else for a fee. The same process can be applied to applications. Rather than having to invest in expensive hardware that requires maintenance, organizations may choose to run web based applications that are hosted by someone else over the internet for a fee. Cloud computing allows for some systems to interconnect and share data, which is the end goal of electronic medical cross-files and forming a personal health record for patients.Cloud computing has begun to take off as vendors such as Google and Apple have begun to open up their own cloud offerings. Some vendors offer these services for free, such as Google has with its Google Documents offering. Others, such as Apples iCloud are offered to users for a fee. Services such as these have enabled users to access personal data from anywhere at any time.Benefit to Implementing in HealthcareThough the upside to implementing EMR systems and sharing dat a is evident, there are drawbacks. One key concern is that practitioners will be slowed down due to the learning curve involved with using new systems. Physicians have grown accustomed to providing medicine in a certain manner, which does not ceaselessly work well with electronic charting systems. Another issue at hand is who owns the data? Physicians are not always excited to share their personal notes regarding patient care. The whole point of cloud computing is economy (Delaquis & Philbin, 2011). With the passage of the passage of the Patient Protection and Affordable Care Act of 2010, physician and hospital organization reimbursement for Medicare and Medicaid will be tied to meeting certain meaningful use guidelines. In order to get abounding reimbursement for services provided, these providers are being pushed to document their practice of medicine electronically and in turn this information will be the property of the patient and shared with other providers to ensure proper continuity of care.The idea behind this is that there will be fewer medical errors and the patient will have access to all the information necessary to make informed decisions regarding their healthcare. From a provider stand point, this means that hopefully all medically necessary information will be available to medical professionals in order to provide the necessary medical care and fewer errors will be made due to lack of patient health history. Electronic documentation and ordering also has a few other side effects. Fewer errors should be made due to less human intervention and interpretation of orders and, with luck, better coding and documentation of services rendered will lead to increased revenue. Because physician adoption is low, the building of personal health records is moving much more slowly (see Illustration below for EMR adoption rates at a local hospital) than the growth of cloud computing as a whole.Illustration 1ConclusionThough there are definite risks involved with the storage and transfer of protected personal health information, the use of mobile devices in the work place is driving cloud computing and will continue to do so. In order to get healthcare providers to begin adopting electronic systems, the systems must be user friendly and work well within the flow of the practice of medicine and not inhibit the proper care from provided. The environment of healthcare is changing and the delivery of healthcare information must change with it. Patients no longer expect to just be given appropriate care, but they now insist on being involved with the decision making regarding how that care is rendered. Moving health information into a cloud environment and allowing that information to be shared will eventually lead to better healthcare for everyone, no matter which hospital the patient is in or which physician is providing the care.Works CitedDelaquis, R. S., & Philbin, G. (2011). To Cloud or Not to Cloud? Issues in Information Systems, Volu me XII, No. 1, 54-58. Kaufman, Lori M.BAE Systems. (2009, July/August). http//www.computer.org. Retrieved from IEEE Computer Society http//www.computer.org/csdl/mags/sp/2009/04/msp2009040061.html Laverty, J. P., Kohun, F. G., Wood, D. F., & Turchek, J. (2011). Vulnerabilities and Threats to Mobile Device Security from a Practitioners Point of View. Issues in Information Systems Vloume XII, No. 2, 181-193. Miller, Esp., W. J. (November 3, 2011). New World of Medical Appls Beware Regulatory Traps Progressive Healcare Conferences. Malvern, PA. Mishra, S., Leone, G. J., Caputo, D. J., & Calabrisi, R. R. (2011). Security Awareness for Health Care Information Systems A HIPAA Compliance Perspective. Issues in Information Systems, Volume XII, No. 1, 224-236. Pardue, J. H., & Patidar, P. (2011). Threats to Healthcare Data A Threat Tree for Rick Assessment. Issues in Information Systems, Volume XII, No. 1, 106-113. Paullet, K. L., Pinchot, J. L., Douglas, D., & Rota, D. R. (2011). Mobile Tech nology Plugged In and Always On. Issues in Information Systems Volume XII, No. 1, 141-150. Roach, W., & Wunder, G. (2009). Privacy Under Health Insurance Portability and Accountability Act (HIPAA) of 1996 The Impact of RFID. Issues in Information Systems, 237-241.