Information Systems Security in Healthcare
I attest that this document is an original creation submitted in accordance with the requirements for RPP1d: Final Draft of Research Plan in BCIS 5311 during the Fall 2017 academic term.
In accordance with the requirements for RPP1a: Early Draft of Research Plan, I submitted an early draft of this document through Turnitin for self-review and peer-review using PeerMark.
In accordance with the requirements for RPP1a: Early Draft of Research Plan, I submitted an early draft of this document to Chris Tatman on 9/24/17 for feedback. This external reviewer can be contacted at (817)437-0213 and chris.tatman2@gmail.com.
In accordance with the requirements for RPP1c: Peer Review of Early Draft of Research Plan, I used PeerMark to complete my self-review and provide peer-review feedback to the following students: Alexandria Taylor, Bradley Crenshaw, Leslea Williams, and Mustafa Awde.
Abstract
Healthcare providers utilize high-risk patient information (i.e. social security number, medical history, payment information, etc.) to identify the patient, develop a diagnosis and treatment, and to process payment. Most the time, to fulfill these functions, healthcare providers need to communicate patient information within their respective organization or to outside organizations (i.e. insurance companies, other healthcare providers, pharmacies, etc.). The personal information patients release is vulnerable to identity theft and are entrusted to the healthcare provider. Before the development of computerized information systems, patient information was secured by physical means, such as within a locked filing cabinet or room. Today, information can be transferred from one individual to another through electronic means such as through email, a cloud storage system, specialized software, or fax. Implementing a security policy within healthcare information systems is needed to prevent identity theft; however, the level of security needed can sometimes be subjective. This paper explores legislation, breaches, current information systems, innovations, and future needs in healthcare information system security.
Information Systems Security in Healthcare
In depth patient information – to include social security number, financial information, and patient history – is critical in the healthcare industry. Patient information is utilized to process payments through financial institutions and insurance companies, to send prescriptions to pharmacies, and to relay pertinent information to other healthcare providers. With new technologies comes not only greater ease of information transfer, but also potential for information theft that can lead to identity theft (Laudon & Laudon, 2018, p. 303). Even with the Health Insurance Portability and Accountability Act (HIPAA), which was passed to ensure patient information security, there are still instances of data breaches, such as the significant breach at Anthem Health Insurance in 2015 (Laudon & Laudon, 2018, p. 304-307).
Tentative Outline
Research will include an encompassing literature review of information systems in healthcare. This will include articles that describe current legislation and prior breaches, current implemented systems, future information system technology, and needs of greater security.
Legislation and Breaches
This section will address the current legislation and prior breaches in healthcare information systems. Research that highlights specific legislative policies will describe current laws that ensure patient information security and difficulties that providers face in being compliant. The breaches will highlight either needs for new legislation or the consequences of non-compliant providers.
Current Systems
This section will address current systems utilized by healthcare providers. More specifically, research will not only explore technology used by providers but also information security systems that are in place. This will assist in the understanding of how technology development ties into requirements set by legislation.
Needs and the Future
This section will address developing information system technologies and what they bring to providers and to compliance. Additionally, the research will address additional security needs that would inhibit future breaches.
Conclusion
Preliminary research revealed sufficient articles for most subsections. The gaps from the research are within the developing technologies subsection. The next steps include further time spent looking for developing technologies or perhaps replacing developing technologies with highlighting the more “high-tech” or newest information systems.
Appendix A
Content Requirements Checklist for RPP1a and RPP1d
| CR | Content Requirement | Author’s Initials or N/A |
| Front Matter | ||
| 1 | The information included on the title page is complete and accurate (both informational & presentational). | CL |
| 2 | The information included on the abstract page is complete and accurate (both informational & presentational). | CL |
| Text | ||
| 3 | The information included on the text pages is complete and accurate (both informational & presentational). | CL |
| 4 | The text of the document is 1 ½ to 3 pages in length. | CL |
| 5 | The document begins with an introduction that describes how the topic is related to information systems. Specifically, demonstrate the relationship between this topic and a specific information systems concept introduced in the Laudon and Laudon (2018) textbook. | CL |
| 6 | The tentative outline section begins with an opening paragraph that previews the information included under this Level 1 heading. | CL |
| 7 | The text includes levels 2 headings for each subtopic. Each level 2 heading is followed by a one paragraph description of the subtopic. | CL |
| 8 | The text concludes with the next steps in conducting your research project. | CL |
| End Matter | ||
| 9 | The information included in the reference list is complete and accurate (both informational & presentational). | CL |
| 10 | The information included in Appendix A is complete and accurate (both informational & presentational). | CL |
| 11 | The information included in Appendix B is complete and accurate (both informational & presentational). | CL |
| 12 | The information included in Appendix C is complete and accurate (both informational & presentational). | CL |
| 14 | The information included in Appendix D is complete and accurate (both informational & presentational). | CL |
| 15 | The information included in other appendices is complete and accurate (both informational & presentational). | N/A |
Appendix B
Concise Writing Standards Checklist for Fall 2017
| PWS | Standards based on the Publication Manual of the American Psychological Association (6th ed.) and the Instructor’s additional expectations | Author’s Initials or N/A |
| Front Matter: Title Page (PWS 1 to 7) | ||
| 1 | The header includes a running head (left margin) and page number “1” (right margin). a. The text Running head: (without Bold or italics) appears before the running head on this page. b. The text of the running head is a shortened version of the title. c. The text of the running head is presented in ALL CAPS. | CL |
| 2 | The title: a. summarizes the main idea of the text in 12 words or less, b. is centered in Title Case (without Bold or italics) between the left and right margins (see PWS 32 for capitalization), c. appears in the upper half of the page, and d. is the first line of text on the title page. | CL |
| 3 | The author name(s) is centered and appear in the line below the title (without Bold or italics). | CL |
| 4 | For written assignments with two or more co-authors, the authors are listed on one line and in the appropriate order of authorship. | N/A |
| 5 | The institutional affiliation(s) is centered and appears in the line below the author name(s). | CL |
| 6 | Only the author name(s) and institutional affiliation(s) appear between the title and the author note (i.e., no course or assignment information). | CL |
| 7 | The author note is formatted correctly (e.g., left justify & indent first line of each paragraph). Note: Make sure that the entire author note appears on page 1. | CL |
| Front Matter: Abstract (PWS 8 to 11) | ||
| 8 | The header includes a running head (left margin) and page number “2” (right margin). a. The text “Running head:” does not appear before the running head on this page. b. The text of the running head will match the text of the running head from page 1. c. The running head is presented in ALL CAPS. | CL |
| 9 | The label Abstract (without Bold or italics) is centered at the top of the page. | CL |
| 10 | The abstract is presented as a single paragraph without paragraph indentation. | CL |
| 11 | The abstract is 150 to 250 words. Note: Make sure that the entire abstract appears on page 2. | CL |
| First Page of the Text (PWS 12 & 13) | ||
| 12 | The header includes a running head (left margin) and page number “3” (right margin). a. The text of the running head on this page, and all remaining pages will match the text of the running head from page 2. b. All remaining pages will include the page number at the right margin. c. The running head is presented in ALL CAPS. | CL |
| 13 | The Introduction does not carry a heading labeling it as the introduction. Rather, the title (from the Title Page) is centered in Title Case (without Bold or italics) between the left and right margins at the top of the page (above the introduction). | CL |
| All Pages of the Text (PWS 14 to 36) | ||
| 14 | The length of the text meets the expectations outlined in the assignment. | CL |
| 15 | The text is appropriately organized using headings. | CL |
| 16 | Headings are formatted correctly. | CL |
| 17 | Seriation is appropriately used to organize a list within the text (If within a sentence you have three or more elements in a list, then seriate the list. – See APA p. 64). | CL |
| 18 | Seriation is correctly applied to the text. | CL |
| 19 | Transitional words are used to achieve continuity. | CL |
| 20 | The document uses clear and logical communication. | CL |
| 21 | The tone of the document is scientific. | CL |
| 22 | Wordiness and redundancy are eliminated from the text. | CL |
| 23 | The length of each paragraph in the text is more than one sentence, and less than one page. | CL |
| 24 | Colloquial expressions and jargon are eliminated from the text. | CL |
| 25 | Linguistic devices (e.g., clichés) are eliminated from the text. | CL |
| 26 | The text reduces bias in language: | CL |
| 27 | Past tense is used when describing the published work of others. | CL |
| 28 | Incorrect grammar and careless construction of sentences are eliminated from the text. a. Agreement of subject and verb b. Pronouns c. Misplaced and dangling modifiers, and use of adverbs d. Relative pronouns and subordinate conjunctions e. Parallel construction | CL |
| 29 | Punctuation is appropriately applied throughout the text. a. Spacing after punctuation marks b. Periods c. Comma d. Semicolon e. Colon f. Dash g. Quotation marks h. Double or single quotation marks i. Parentheses (including “back to back”) j. Brackets k. Slash | CL |
| 30 | Preferred spelling of words is used. | CL |
| 31 | Hyphenation is used in accordance with guidelines. | CL |
| 32 | Capitalization is used in accordance with guidelines. a. Words beginning a sentence b. Major words in titles and headings c. Proper names and trade names d. Nouns followed by numerals or letters e. Titles of tests f. Names of conditions or groups in an experiment g. Names of factors, variables, and effects | CL |
| 33 | Italics and Bold are used in accordance with guidelines. | CL |
| 34 | Abbreviations are used in accordance with guidelines. a. Use of abbreviations b. Explanation of abbreviations c. Abbreviations accepted as words d. Abbreviations used often in APA journals e. Latin abbreviations f. Scientific abbreviations g. Statistical abbreviations h. Plurals of abbreviations i. Abbreviations at the beginning of a sentence | CL |
| 35 | Numbers in the text are presented in accordance with guidelines. a. Numbers expressed in numerals (e.g., >= 10) b. Numbers expressed in words c. Combining numerals and words to express numbers d. Ordinal numbers e. Decimal fractions f. Roman numerals g. Commas in numbers h. Plurals of numbers | N/A |
| 36 | Statistical and mathematical copy (e.g., %) is presented in accordance with guidelines. | N/A |
| Citations in the Text (PWS 37 to 41) | ||
| 37 | Direct quotations are presented in accordance with guidelines (e.g., quotation marks, includes page numbers or paragraph numbers for unpaginated documents). | N/A |
| 38 | Direct quotations are accurate. | N/A |
| 39 | Changes in Quotations a. Quotation changes that do not require explanation are presented in accordance with guidelines. b. Quotation changes that require explanation are presented in accordance with guidelines. | N/A |
| 40 | Paraphrased materials include page numbers (or paragraph numbers for unpaginated documents) and are presented in accordance with guidelines. *It is the instructor’s expectation that paraphrased materials include page numbers (or paragraph numbers for unpaginated documents). | CL |
| 41 | In-text citations are presented in accordance with guidelines. a. One work by one author b. On work by multiple authors c. Groups as authors d. Authors with the sane surname e. Works with no identified author or with an anonymous author f. Two or more works with the same parentheses g. Secondary sources h. Classical works i. Citing specific parts of a source (See PWS 40) j. Personal communications k. Citations in parenthetical material | CL |
| End Matter: Reference List (PWS 42 to 48) | ||
| 42 | The header includes a running head (left margin) and page number (right margin). The page number on the first page of the reference list is one greater than the last page of the text. | CL |
| 43 | Start the reference list on a new page. | CL |
| 44 | The label References (without Bold or italics) is centered at the top of the page. | CL |
| 45 | The reference list is accurate and complete. a. The information included in each reference is accurate and complete (e.g., author, year of publication, title, & publishing data) b. Except for classical works (6.18) and personal communications (6.20), every source cited in the text is included in the reference list. c. Every source included in the reference list is cited in the text. | CL |
| 46 | The sources in the references list are presented in alphabetical order. | CL |
| 47 | Sources in the reference list are presented in APA style (e.g., hanging indent) and include required elements: a. Author b. Publication date c. Title d. Publication Information | CL |
| 48 | For every electronic source in the reference list, electronic retrieval data (i.e., “doi:10.####” or “Retrieved from …”) is presented in accordance with guidelines. | CL |
| End Matter: Appendices (PWS 49 to 54) For an example of an appendix, see page 10 of sample paper at https://owl.english.purdue.edu/media/pdf/20090212013008_560.pdf | ||
| 49 | For this course, it is the instructor’s expectation, all tables and figures will be presented as appendices. | CL |
| 50 | The header for each appendix includes a running head (left margin) and page number (right margin). The page number on the first page of the appendix is one greater than the previous page of the document. | CL |
| 51 | Unless otherwise specified by the instructor, appendices are referenced in the text (e.g., see Appendix A). | N/A |
| 52 | If one appendix is included in the document, then the label Appendix (without Bold or italics) is centered at the top of the page. | CL |
| 53 | If more than one appendix is included in the document, then each appendix is identified by Appendix (without Bold or italics) and followed by a capital letter (e.g., Appendix A). The label Appendix X (without Bold or italics) is centered at the top of the page Unless otherwise specified by the instructor, the appendices are lettered in the order that they appear in the text starting with “A”. | CL |
| 54 | The title of the appendix (without Bold or italics) is centered below the label Appendix or Appendix followed by a capital letter (e.g., Appendix A). | CL |
| Applies to the Entire Document (PWS 55 to 60) | ||
| 55 | All instances of plagiarism and self- plagiarism are eliminated from the text by providing in-text citations with page numbers (or paragraph numbers for unpaginated documents)* to credit sources. *It is the instructor’s expectation that all in-text citations include page numbers (or paragraph numbers for unpaginated documents). | CL |
| 56 | The entire document (including the header) uses a Times New Roman (TNR) 12 point typeface. | CL |
| 57 | The entire document (including the header) is double-spaced. If needed, remove extra space between paragraphs (see http://office.microsoft.com/en-us/word-help/video-adjust-the-spacing-between-paragraphs-in-word-2010-VA102605459.aspx). | CL |
| 58 | The entire document (including the header) uses 1” margins (workspace is 6.5″ wide by 9” long”) using flush-left style. If the document is double-spaced and uses TNR 12 typeface, then each page includes 23 lines of text that extends between the margins. | CL |
| 59 | Except as noted in 8.03, the first line of each paragraph is indented ½ inch. | CL |
| 60 | The pages of the document are presented in the correct order (e.g., title page followed by abstract). | CL |
Appendix C
Tentative Bibliography
Acharya, S., Coats, B., Saluja, A., & Fuller, D. (2013). Secure electronic health record exchange: achieving the meaningful use objectives. 2013 46th Hawaii International Conference on System Sciences, 46, 2555-2564. doi:10.1109/hicss.2013.473
Chen, H., & Fu, Z. (2015). Hadoop-based healthcare information system design and wireless security communication implementation. Mobile Information Systems, 2015, 1-9. doi:10.1155/2015/852173
Dudin, L. (2017). Networked medical devices: Finding legislative solution to guide healthcare into the future. Seattle University Law Review 40(3), 1085-1106. Retrieved from http://digitalcommons.law.seattleu.edu/cgi/viewcontent.cgi?article=2419&context=sulr
Huang, C. D., Behara, R. S., & Goo, J. (2014). Optimal information security investment in a healthcare information exchange: An economic analysis. Decision Support Systems, 61, 1-11. doi:10.1016/j.dss.2013.10.011
Jensen, T. B. (2013). Design principles for achieving integrated healthcare information systems. Health Informatics Journal, 19(1), 29-45. doi:10.1177/1460458212448890
Jun Zhou, Zhenfu Cao, Xiaolei Dong, Xiaodong Lin, & Vasilakos, A. V. (2013). Securing m-healthcare social networks: challenges, countermeasures and future directions. IEEE Wireless Communications, 20(4), 12-21. doi:10.1109/mwc.2013.6590046
Kleyman, B. (2017, October 2). Maintaining healthcare data security with file sharing options. Retrieved from https://healthitsecurity.com/news/maintaining-healthcare-data-security-with-file-sharing-options
Kwon, J., & Johnson, M. E. (2014). Proactive versus reactive security investments in the healthcare sector. MIS Quarterly, 38(2), 451-471. doi:10.25300/misq/2014/38.2.06
Laudon, K. C., & Laudon, J.P. (2018). Management information systems managing the digital firm (15th ed.). Hoboken: Pearson.
Mishra, S., Caputo, D., Leone, G., Kohun, F., & Draus, P. (2014). The Role Of Awareness And Communications In Information Security Management: A Health Care Information Systems Perspective. International Journal Of Management & Information Systems (IJMIS), 18(2), 139-148. doi:10.19030/ijmis.v18i2.8495
Pendergrass, J. C., Heart, K., Ranganathan, C., & Venkatakrishnan, V. N. (2014). A threat table based assessment of information security in telemedicine. International Journal of Healthcare Information Systems and Informatics, 9(4), 20-31. doi:10.4018/ijhisi.2014100102
Shahzad, B., Orgun, M. A., & Thuemmler, C. (2016). Fundamental issues in mobile healthcare information systems. Mobile Information Systems, 2016, 1-2. doi:10.1155/2016/6504641
Shultz, C. G., & Holmstrom, H. L. (2015). The use of medical scribes in health care settings: a systematic review and future directions. The Journal of the American Board of Family Medicine, 28(3), 371-381. doi:10.3122/jabfm.2015.03.140224
Sines, C. C., & Griffin, G. R. (2017). Potential Effects of the Electronic Health Record on the Small Physician Practice: A Delphi Study. Perspectives in Health Information Management, 14(Spring), 1f. Retrieved September 23, 2017, from http://perspectives.ahima.org/potentialeffectsoftheehr/
Solove, D. (2013). HIPAA turns 10: analyzing the past, present and future impact. Retrieved from http://library.ahima.org/doc?oid=106325#.WdMuU7pFyEY
Yang, C., & Lee, H. (2015). A study on the antecedents of healthcare information protection intention. Information Systems Frontiers, 18(2), 253-263. doi:10.1007/s10796-015-9594-x
Zhang, K., & Shen, X. (2015). Health data sharing with misbehavior detection. Wireless Networks, 47-80. doi:10.1007/978-3-319-24717-5_4
Appendix D
Literature Map
