Healthcare It Security and Cloud Computing Essay

AbstractThrough the passage of the Patient auspices and low-cost C are effect of 2010, the federal organization is pushing wellnesscare put uprs and hospitals to rapidly move towards electronic documentation systems or be penalized for non-compliance. This push has presented numerous problems for m final stageeleviums and hospitals alike. Probably the most important issue that needs to be unbroken in look when making a decision on a system is protection and tolerant of privacy. These two pieces present technological ch whollyenges as well as practical challenges including where and how the patient selective learning is captured, stored, and accessed.HIPAA (Health Insurance Portability and answerableness Act of 1996) is the dictating law that must be kept in mind when choosing a medical exam charting system and the dodges needed to access the system. Patient selective information and privacy must remain hole-and-corner(a) and protected above either other concerns regarding electronic systems. Cloud figure is a hot- justton topic that is change state popular in business and healthcare. The convenience of access entropy from anyplace and from multiple hardware platforms has many benefits, but this ease of access comes with hostage concerns. These concerns must be re ramped and policies put in place to ensure that confidential patient entropy is not exposed.Security Issues Healthcare I.T. and Cloud figureIntroductionThe digital age has brought about many changes in the modal value trustworthy tasks are performed, the dash communication takes place, the way education is performed, and the way that medicine is practiced. As government regulation regarding healthcare practice and reimbursement becomes more(prenominal) strict and requires documented evidence to bear out up medical decisions in the first place Medicare or Medicaid allow for pay the providers, it is becoming increasingly important for medical strength and hospitals to not further conform to the advanced technological standards, but to embrace the technology that is driving it.In the past, organizations were required to host, store, and back-up the data and practises that were utilise both inside and outside of the facilities. This presented many difficulties such as application support, data ready reckoner storage and maintenance, and hardware maintenance. Cloud computing offers some(prenominal) solutions to these issues by allowing IT departments to rely less on physical hardware, perform backups and duplicate them soft to offsite facilities, and provide application support to platforms that previously were unsupported. However, this presents significant security jeopardy and legal liabilities with regards to HIPAA (Health Insurance Portability and Accountability Act) laws.PurposeThe purpose of this newspaper is to hold forth the options uncommitted for implementing and accessing electronic medical examination Record Systems and the issues inherent with the different options, counsel on the security and privacy concerns specific to slander computing.ScopeThis report testament identify the reasons and methods for implementing cloud computing within the healthcare environment. It leave alone besides point out the security risks inherent to electronic storage of confidential health information and compounded by access to this information through the profit. As background information, the core components and functions of Healthcare IT will be discussed. The research will also cover the laws that govern the protection of PHI (personal health information), who has access to PHI, and what are the differences in the laws with regards to hosting a military service versus creation a user of the service.Sources and Methods of Collecting entropyThe research for this report was done in the first place through secondary resources including the transcript from a webinar performed for healthcare IT and compliance p ersonnel covering regulatory compliance within healthcare software as well as articles from breeding technology and Healthcare journals covering issues with security and cloud environments. A survey was also performed in 2009 of the physicians on expeditious staff at Terrebonne General Medical Center. The primary research is also used to demonstrate the lack of adoption within the local physician community.Healthcare Information TechnologyHealthcare IT is not that different from IT in other industries. The maintenance of pcs, servers, software, and net connectivity is the same regardless of the business. The difference between Healthcare and most other industries is that the nature of the data being held within the computer systems is incredibly personal and the protection of that data is super regulated by government entities. Up until the last few years, it was in the stock hospitals that had to be concerned with ensuring that electronic patient data was stored and protect ed correctly. more or less technologically advanced physicians strike already implemented Electronic Medical Record Systems, but most physicians are except now beginning to explore the multitude of options available due to the passage of the Patient Protection and Affordable Care Act of 2010 by the US Congress.ApplicationsWithin the farming of healthcare, in that respect are typically two major divisions in computer applications. There are financial systems and clinical systems. Financial systems eat been select in most hospitals and physician offices, largely due to requirements from insurance companies and government bodies that require data to be transmitted electronically for payment. Clinical systems, however, have not been implemented wide due to lack of knowledge and workflow interruption concerns. Elaborate training in new e-healthcare systems is not a luxury that is typically available to healthcare professionals i.e., doctors, paraprofessionals, (e.g., nurses) and administrative personnelbecause of the 247 nature and criticality of operations of healthcare organizations, especially hospitals, frankincense making peer interactions and support a bring out driver of or barrier to such e-healthcare system use (Venkatesh, Zhang, & Sykes, 2011).Data and security eon a paper could be written solely regarding the storage and maintenance of electronic data, for the purposes of this paper only an overview and best practices will be discussed. Data can be stored in a multitude of different rooms, all of which have benefits and deckfalls. Saving data locally to a particular computer or other trick can be dangerous. Should that device fail, the data unlessd to it could be lost. Also, data that has been saved locally to a device is more difficult to secure and guarantee that the data will only be accessed by the appropriate person or persons. From an enterprise or business level, the best practice for data storage is to ALWAYS save data to a central location so that is can be backed up regularly and can be accessed from multiple locations. It is also recommended for larger business such as hospitals to have duplicated backups and in some cases the data may be backed up to an off-site initiation for disaster management purposes.Though proper backup practices are vital, data security is just as important. Software applications such as Microsoft bustling Directory and noneell NETWare are used to provide security to a computer electronic network and the data stored within. Through these systems, users must log into individual workstations and based upon the certificate provided to this log in, the user will only be allowed to access certain portions of the data which is stored somewhere else on the network. This method of access and storage is overmuch safer and more easily controlled than it would be if the data were stored to the hard drive of the device the user is accessing.Security has become more difficult to enforce wi th the increase adoption of mobile devices. The rapid growth in the number, types, and functionality of mobile devices has been arresting currently there are over 17,000 healthcare mobile applications hear in major app stores, of which 50% are directed to healthcare professionals (Laverty, Kohun, Wood, & Turchek, 2011). Securing data accessed by Smartphones, tablet computers, iPads, and other hold devices presents a host of new difficulties. In many cases, these devices are not owned by the installment and thus are not being accessed in the same manner as desktop pcs and laptops.ChallengesControlling devices that access patient data while working within the confines of HIPAA is a key challenge for healthcare organizations. HIPAA privacy rules apply to all healthcare providers, health plans, healthcare clearinghouses, and business associates (Roach & Wunder, 2009). Internally, data security can be achieved by proper user habits such as logging out of a session when the user is no t actively using the system, screensavers that require a password, and automatic timeouts during periods of inactivity all help to ensure that private data cannot be accessed by somebody that does not have the legal rights to view the data. Many organizations undergo periodic security audits to assist in finding vulnerabilities within the systems being footrace. Not only is it a challenge to provide data access security, but it is even more difficult to physically secure a device that someone carries around with them and is not stationary. both(prenominal) programs like Microsoft Exchange (for email) can require that a security wand be in place before the program can be accessed from a particular device and have the ability to remotely jump the data from a device should it become compromised. The mobile nature of handheld devices is also a major challenge. In years passed, laptop computers were the only valid threat to data being accessed from off-campus sites. As cellular data technology has gotten fast and now mobile devices can access these receiving set systems from nearly anywhere, the threat of data security breaches has increased. Another challenge is guardianship up dated with users that should no longer have access to the available systems. Internally, a systems administrator can keep track of employees that are nevertheless employed with the organization. It becomes a much more difficult task to legal philosophy the accessibility of users outside of an organization.Cloud ComputingWhat is cloud computing?The margin cloud computing originates from the telecommunications world of the 1990s, when providers began using virtual private network (VPN) run for data communication. (Kaufman, Lori M.BAE Systems, 2009) Cloud computing contends its resources among a cloud of service consumers, partners, and vendors. (Kaufman, 2009) In simpler terms, cloud computing is a shared infrastructure where hosting and accessing of services is not site specific. T he data does not live only on a server in an office or building. Cloud computing can be used to offsite data backup. In lieu of house a set of storage servers at an offsite facility, organizations can choose to back up their data to the cloud where it will be stored by someone else for a fee. The same process can be applied to applications. kinda than having to invest in expensive hardware that requires maintenance, organizations may choose to run web based applications that are hosted by someone else over the internet for a fee. Cloud computing allows for some systems to interconnect and share data, which is the end goal of electronic medical enrolls and forming a personal health record for patients.Cloud computing has begun to take off as vendors such as Google and apple have begun to open up their own cloud offerings. whatsoever vendors offer these services for free, such as Google has with its Google Documents offering. Others, such as Apples iCloud are offered to users for a fee. Services such as these have enabled users to access personal data from anywhere at any time. turn a profit to Implementing in HealthcareThough the upside to implementing EMR systems and sharing data is evident, there are drawbacks. One key concern is that practitioners will be slowed down due to the learning curve involved with using new systems. Physicians have grown accustomed to providing medicine in a certain manner, which does not always work well with electronic charting systems. Another issue at hand is who owns the data? Physicians are not always excited to share their personal notes regarding patient care. The whole point of cloud computing is frugality (Delaquis & Philbin, 2011). With the passage of the passage of the Patient Protection and Affordable Care Act of 2010, physician and hospital organization reimbursement for Medicare and Medicaid will be tied to face-off certain meaningful use guidelines. In order to generate replete reimbursement for services pro vided, these providers are being pushed to document their practice of medicine electronically and in turn this information will be the property of the patient and shared with other providers to ensure proper continuity of care.The idea idler this is that there will be fewer medical errors and the patient will have access to all the information necessary to make certain decisions regarding their healthcare. From a provider stand point, this means that hopefully all medically necessary information will be available to medical professionals in order to provide the necessary medical care and fewer errors will be made due to lack of patient health history. Electronic documentation and ordering also has a few other side effects. Fewer errors should be made due to less human encumbrance and interpretation of orders and, with luck, better coding and documentation of services rendered will reach to increased revenue. Because physician adoption is low, the building of personal health reco rds is pitiful much more slowly (see Illustration below for EMR adoption judge at a local hospital) than the growth of cloud computing as a whole.Illustration 1ConclusionThough there are definite risks involved with the storage and transfer of protected personal health information, the use of mobile devices in the work place is driving cloud computing and will continue to do so. In order to get healthcare providers to begin adopting electronic systems, the systems must be user cozy and work well within the flow of the practice of medicine and not inhibit the proper care from provided. The environment of healthcare is changing and the oral communication of healthcare information must change with it. Patients no longer want to just be given appropriate care, but they now avow on being involved with the decision making regarding how that care is rendered. paltry health information into a cloud environment and allowing that information to be shared will eventually lead to better h ealthcare for everyone, no matter which hospital the patient is in or which physician is providing the care. whole caboodle CitedDelaquis, R. S., & Philbin, G. (2011). To Cloud or Not to Cloud? Issues in Information Systems, muckle XII, No. 1, 54-58. Kaufman, Lori M.BAE Systems. (2009, July/August). http//www.computer.org. Retrieved from IEEE Computer Society http//www.computer.org/csdl/mags/sp/2009/04/msp2009040061.html Laverty, J. P., Kohun, F. G., Wood, D. F., & Turchek, J. (2011). Vulnerabilities and Threats to Mobile Device Security from a Practitioners Point of View. Issues in Information Systems Vloume XII, No. 2, 181-193. Miller, Esp., W. J. (November 3, 2011). bran-new World of Medical Appls Beware Regulatory Traps Progressive Healcare Conferences. Malvern, PA. Mishra, S., Leone, G. J., Caputo, D. J., & Calabrisi, R. R. (2011). Security ken for Health Care Information Systems A HIPAA Compliance Perspective. Issues in Information Systems, Volume XII, No. 1, 224-236. Pardu e, J. H., & Patidar, P. (2011). Threats to Healthcare Data A Threat steer for Rick Assessment. Issues in Information Systems, Volume XII, No. 1, 106-113. Paullet, K. L., Pinchot, J. L., Douglas, D., & Rota, D. R. (2011). Mobile Technology Plugged In and Always On. Issues in Information Systems Volume XII, No. 1, 141-150. Roach, W., & Wunder, G. (2009). Privacy Under Health Insurance Portability and Accountability Act (HIPAA) of 1996 The tinct of RFID. Issues in Information Systems, 237-241.