SlideShare a Scribd company logo

Audit trails

Download as DOCX, PDF
David Battle
David Battle
TechnologyBusiness
1 of 6
David Battle Advanced Health Info
Audit Trails Part 1 As the adoption of technology in the health field spreads rapidly technologists are making information more accessible for doctors giving them the ability to access records from mobile devices. Critics and health professionals question this decision wondering how mobile devices will measure up to computers as far as compatibility with EMR software and the security needed to protect the information the software manages. Even with these doubts progress has allowed some EMR systems to be integrated with mobile technology and is currently being used by medical professionals. With the implementation of EMR software on mobile devices it has given medical providers an simple tool to use while having the freedom of motion. This new freedom comes with added responsibility requiring extra monitoring due to the lack of security that mobile devices provide. If I was to use a mobile device to connect to a medical facility I doubt it would be a blackberry, but first the device would have to be encrypted to reduce the chances of hacking. If a network isn’t secured properly packets sent over these internet connections can be intercepted and used for other purposes resulting in a security breach. Mobile devices are not as secure as computers are due to the lack of software applications and hardware available. I would then have to log into the EMR system using a username and password. I would place an audit check here at this location checking to see who logged in and what device they used. After I logged into the system I would then search for the patient that I was looking for through the patient lookup. An audit check would be placed here to see what links I clicked on before finding the patient and how long it took to select a patient. A check would also be run to see whether that patient actually had an appointment that day or not. The amount of times I had accessed the patient’s information and why would also be recorded to see if there were any abnormal correlations between each occasion the data was accessed. When I found the patient I would then go under the treatment section and prescribe the prescription that they needed.An audit check would be placed at this location and possible red flag might be raised because a prescription was prescribed at random. If the patient had seen the doctor for a regular visit before the prescription was prescribed then a flag wouldn’t be raised but it would still be checked. If the patient had not visited the doctor but the prescription was prescribed a check would be placed to see if the prescription was a refill or just some random medicine. If it was some random medicine a check would ran to see what type of medicine it was and how often the doctor prescribes the medicine. The audit check would also measure how often the patient receives that type of prescription and if relates to any problems
that they have had in the past. After prescribing the medicine to the patient I would then log out of the EMR system and continue doing whatever I was doing before logging into the system. An audit check would be placed here to see what time I logged out of the system. Role Based Access Control (RBAC) When a medical facility makes the transition to a computer based system to operate their organization certain precautions have to be taken to ensure that patient information remains secure in any situation. This requires the facilities to abide by HIPAA policies while creating ways to keep the information safe. The information must be protected from outside threats such as hackers as well as interior threats which usually directs the attention towards the employees of the organization. This is why Role Based Access Control was introduced to organizations. RBAC is a feature usually controlled by the administrators which limits the amount of permissions each member of the organization has. Before RBAC permissions were granted to each member of the organization individually. The administrator would have to select permissions they were allowed to have separately which would be very tedious if it was a large company. With RBAC you can create a role with the permissions you want that role to have and then add different members to that role. Whatever permissions that were granted to that role would then be given to the members. Creating roles prevents members from accessing the root level of a system and seeing information they shouldn’t have access to. In a medical facility you wouldn’t want a Registered Nurse to have the same permission as a Medical Doctor. If a RN had the same role as a MD they would have ability to prescribe medicine to patients even though they’re not a real doctor. In most facilities the CIO has unlimited access and the IT technicians are directly under them. After the technicians the permissions trickle down from the directors all the way down to the maintenance employees with each group having less permissions than the previous role. Providing Privacy In today’s modern health system a patient’s medical information is viewed as some of the most important data floating in a cloud. Though this cloud this cloud is surrounded by steel bars it can still be accessed if the proper actions are taken. When it comes to privacy electronic medical records the government has gone to great lengths to protect patient data. With this effort the Health Insurance Portability and Accountability Act was passed in 1996 to ensure the safety of this data. Medical facilities have designed different systems as well to protect data including the administering of HIPAA exams to all personnel who come in contact with this information to creating secure facilities to house the information. With the security precautions
set in place health information managers have made it possible for these records to be accessed while following HIPAA regulations. The current design of our health system has it set up where most medical providers have control over patient records and in some instances the health information managers or chief information officers control the records. I feel that having CIOs manage the information is the best method to keep information safe from inside and outside threats. Before technology was embraced by the health field paper records were kept in places that were in plain sight. This information was available for the taking if the person desired it enough. Records could also be seen by any personnel that worked in the medical facility leaving patient information extremely vulnerable. With these assessments came the introduction of digitalizing and encrypting patient information to keep it safe from unqualified eyes. I agree with the idea of keeping patient records secured for none to see without authorization, but I don’t necessarily agree with keeping the information from the patient themselves. There have been many arguments as to whether patients should be given full control over their information. I believe that the patient should have full access to their records whenever they request them being that the information is about them and wouldn’t exist without them. Arguments as to whether the patient is responsible enough to manage their records and keep them private still persist making the task of retrieving records quite tedious. The only way for patients to receive their records is by filling out request forms which could take up to a week to process. It could possibly take longer to actually receive the records depending on the practice inconveniencing the patient. As pointed out by McClanahan the health system has a few adjustments to make in order to provide a better service to consumers with the first change granting patient’s ownership of their records (2008). I also agree with McClanahan that medical providers should oversee the patient’s records as they already do. Though patient records belong to the patient most are health and technology illiterate making the job of managing their own records difficult and sometimes impossible because of the lack of technology. I believe the way our system is currently setup is the best possible way to manage the privacy and access to electronic medical records until patients are more knowledgeable. Who Can Be Trusted With Health Information My health informatics knowledge has developed over time from classroom encounters and hands on experience providing me with a modern insight as to how information should be archived. I’ve learned that the responsibility of managing health information should not be left up to one entity but a combination of different professionals all playing their specific roles. I believe keeping medical information secure should be a joint effort between physicians, the government, the consumer, CIOs, and RHIO. Whether these entities can be trusted or not is still
up for debate but the due to the rush for technology implementation into medical facilities there are no other alternatives. Placing medical records in someone’s possession for safe keeping is a decision that should be carefully thought out before acting. Medical information has the chance of beingmishandled in many instances which could lead to the downfall of a carefully designed infrastructure if not managed properly. I believe that the role of the doctor should be to create the patient records as they already do with no other responsibilities. A doctor has substantial amount of tasks to perform as far running a medical facility and being a doctor helping patients. Medical providers shouldn’t have to worry about whether a copy of a patient’s record was secured. The government’s role in operation should only be enforcing laws such as HIPAA and making sure that everyone plays a role. Due to the way the government is ran I don’t believe they can be trusted with a patient’s information. The government already violates human rights and privacy by ceasing control of other electronic information to do as they please they shouldn’t be given control over these records as well. Being that the government likes to approve laws like CISPA they can’t be trusted with consumer information. I believe the consumer should be given more responsibility when it comes to managing their records. There are too many consumers who are illiterate to health informatics. They should be educated on what EMRs are and how they are used to keep records secure. They should then be given a copy of their records for easy access. I don’t agree with making them pay to receive their own records, which is the case in many instances. Government officials and other healthcare affiliates say that they don’t trust consumers with their own information but not many trust them with the information either. Patient information should be handled directly by the CIO of a medical facility. They have acquired the knowledge needed to secure the information with encryptions and backups and should be solely responsible for all data. RHIO should be responsible for making sure the information is able to be transferred between different organizations. As far as I’m concerned they have been failing at this task for years so that should be their only concern. With the infrastructure setup this way it will lead to a better system and possibly help RHIO advance a little faster. Information management cannot be left to one individual because the job requires assistance from people of many professions. Through months of studying Health Informatics I have observed a medical system progress successfully using a CIO as the gatekeeper for patient information. CIO’s possess skills to secure a network preventing hackers from accessing information. They also possess the knowledge of how to set up servers to back up files which is important when dealing with
electronic data. There’s always a chance of information being lost or deleted accidentally. In fact I’ve witnessed information get deleted then get recovered by a CIO because they knew how to use a database and was able to find the information. When it comes to managing information there’s no other person I would trust with the information than a Chief Information Officer who was trained to manage information. Though doctors play an important role in patient records I’ve seen them make mistakes such as entering information into the wrong patient files or adding documents to the wrong files. These errors require information technologist to retrieve the information and put it in its proper place. Most instancesmistakes are corrected by health information technicians not because they have administration rights to the system but because doctors don’t possess the knowledge to correct the error themselves. CIOs not only possess IT skills but they also know health information such as HIPAA policies qualifying them even more for this responsibility. These reasons are why I trust IT professionals to manage patient records over all other entities that currently deal with medical data. Sources McClanahan, K. (2008). Balancing Good Intentions: Protecting the Privacy of Electronic Health Information. Bulletin of Science, Technology & Society.

Recommended

Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Clear health clinical
Clear health clinicalClear health clinical
Clear health clinicalTony TRAN
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informaticskmcanty
 
Compliance
ComplianceCompliance
ComplianceMark Lanterman
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training Kendra Guyton-Sheppard
 
45 (1)
45 (1)45 (1)
45 (1)aissmsblogs
 
Records management
Records managementRecords management
Records managementDavid Battle
 

Recommended

Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
Clear health clinical
Clear health clinicalClear health clinical
Clear health clinicalTony TRAN
 
Sample HIPAA Training
Sample HIPAA Training Sample HIPAA Training
Sample HIPAA Training Tara Goodwin
 
Hippa final JU nursing informatics
Hippa final JU nursing informaticsHippa final JU nursing informatics
Hippa final JU nursing informaticskmcanty
 
Compliance
ComplianceCompliance
ComplianceMark Lanterman
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training Kendra Guyton-Sheppard
 
45 (1)
45 (1)45 (1)
45 (1)aissmsblogs
 
Records management
Records managementRecords management
Records managementDavid Battle
 
Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryAmber Guy
 
HIPAA
HIPAAHIPAA
HIPAAAutumn Funderburg
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Rise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcareRise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcareZymr Inc
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_articleLauren Rosen
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersWirehead Technology
 
Biz Jrnl 071810
Biz Jrnl 071810Biz Jrnl 071810
Biz Jrnl 071810Vim Anand
 
Technologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceTechnologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceJack Shaffer
 
Smart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoftSmart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoftCustom Soft
 
HCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOWHCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOWNelson Walker
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system IJECEIAES
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska SchroederHXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska SchroederHxRefactored
 
Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.IJRES Journal
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Nur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrNur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrdublin11
 
HIPAA
HIPAA HIPAA
HIPAA ravelo1212
 
Evaluating emr vendors
Evaluating emr vendorsEvaluating emr vendors
Evaluating emr vendorsDavid Battle
 
Emr training
Emr trainingEmr training
Emr trainingDavid Battle
 

More Related Content

What's hot

Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryAmber Guy
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Rise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcareRise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcareZymr Inc
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_articleLauren Rosen
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersWirehead Technology
 
Biz Jrnl 071810
Biz Jrnl 071810Biz Jrnl 071810
Biz Jrnl 071810Vim Anand
 
Technologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceTechnologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceJack Shaffer
 
Smart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoftSmart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoftCustom Soft
 
HCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOWHCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOWNelson Walker
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA ComplianceCBIZ, Inc.
 
Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system IJECEIAES
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)Sanjeev Bharwan
 
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska SchroederHXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska SchroederHxRefactored
 
Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.IJRES Journal
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Nur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrNur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrdublin11
 

What's hot (20)

Information Governance in the Healthcare Industry
Information Governance in the Healthcare IndustryInformation Governance in the Healthcare Industry
Information Governance in the Healthcare Industry
 
HIPAA
HIPAAHIPAA
HIPAA
 
Sarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small ProvidersSarah Kim HIPAA for Small Providers
Sarah Kim HIPAA for Small Providers
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)
 
Rise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcareRise of on demand apps and services in healthcare
Rise of on demand apps and services in healthcare
 
lauren_rosen_compliance_article
lauren_rosen_compliance_articlelauren_rosen_compliance_article
lauren_rosen_compliance_article
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumers
 
Biz Jrnl 071810
Biz Jrnl 071810Biz Jrnl 071810
Biz Jrnl 071810
 
Technologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA complianceTechnologies and procedures for HIPAA compliance
Technologies and procedures for HIPAA compliance
 
Smart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoftSmart health prediction using data mining by customsoft
Smart health prediction using data mining by customsoft
 
HCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOWHCA496 HEALTH INFORMATICS NOW
HCA496 HEALTH INFORMATICS NOW
 
Keys To HIPAA Compliance
Keys To HIPAA ComplianceKeys To HIPAA Compliance
Keys To HIPAA Compliance
 
Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system Security framework for cloud based Electronic Health Record (EHR) system
Security framework for cloud based Electronic Health Record (EHR) system
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
 
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
HIPPA COMPLIANCE (SANJEEV.S.BHARWAN)
 
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska SchroederHXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
HXR 2016: The Health IoT: Remote Care and Mobile Solutions -Valeska Schroeder
 
Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.Plug In Generator To Produce Variant Outputs For Unique Data.
Plug In Generator To Produce Variant Outputs For Unique Data.
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
 
Nur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehrNur 3563 group project team 6 ehr
Nur 3563 group project team 6 ehr
 
HIPAA
HIPAA HIPAA
HIPAA
 

Viewers also liked

Evaluating emr vendors
Evaluating emr vendorsEvaluating emr vendors
Evaluating emr vendorsDavid Battle
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocentdanish3
 
Large data sets analysis florida airports
Large data sets analysis florida airportsLarge data sets analysis florida airports
Large data sets analysis florida airportsDavid Battle
 
Health website analysis
Health website analysisHealth website analysis
Health website analysisDavid Battle
 
五位數 (Lesson plan)1
五位數 (Lesson plan)1五位數 (Lesson plan)1
五位數 (Lesson plan)1Eric Lau
 
Connecting with hit
Connecting with hitConnecting with hit
Connecting with hitDavid Battle
 
Alzheimer safehaven presentation
Alzheimer safehaven presentationAlzheimer safehaven presentation
Alzheimer safehaven presentationDavid Battle
 
C++ Sample Codes (Data Structure)
C++ Sample Codes (Data Structure)C++ Sample Codes (Data Structure)
C++ Sample Codes (Data Structure)Jenelyn Pañoso
 
2Narrative [introduction reference]
2Narrative [introduction reference]2Narrative [introduction reference]
2Narrative [introduction reference]Jenelyn Pañoso
 

Viewers also liked (11)

Evaluating emr vendors
Evaluating emr vendorsEvaluating emr vendors
Evaluating emr vendors
 
Emr training
Emr trainingEmr training
Emr training
 
Hit prototype
Hit prototypeHit prototype
Hit prototype
 
Hackers are innocent
Hackers are innocentHackers are innocent
Hackers are innocent
 
Large data sets analysis florida airports
Large data sets analysis florida airportsLarge data sets analysis florida airports
Large data sets analysis florida airports
 
Health website analysis
Health website analysisHealth website analysis
Health website analysis
 
五位數 (Lesson plan)1
五位數 (Lesson plan)1五位數 (Lesson plan)1
五位數 (Lesson plan)1
 
Connecting with hit
Connecting with hitConnecting with hit
Connecting with hit
 
Alzheimer safehaven presentation
Alzheimer safehaven presentationAlzheimer safehaven presentation
Alzheimer safehaven presentation
 
C++ Sample Codes (Data Structure)
C++ Sample Codes (Data Structure)C++ Sample Codes (Data Structure)
C++ Sample Codes (Data Structure)
 
2Narrative [introduction reference]
2Narrative [introduction reference]2Narrative [introduction reference]
2Narrative [introduction reference]
 

Similar to Audit trails

Why Can't More People Use My Health Records.pdf
Why Can't More People Use My Health Records.pdfWhy Can't More People Use My Health Records.pdf
Why Can't More People Use My Health Records.pdfssuserbed838
 
My Health Records Enhanced Patient Care Process.pdf
My Health Records Enhanced Patient Care Process.pdfMy Health Records Enhanced Patient Care Process.pdf
My Health Records Enhanced Patient Care Process.pdfssuserbed838
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfJacob Li
 
Week 1 dq1
Week 1 dq1Week 1 dq1
Week 1 dq1SNikki
 
Does My Health Records Grooms Patient Or Medical Practice.pdf
Does My Health Records Grooms Patient Or Medical Practice.pdfDoes My Health Records Grooms Patient Or Medical Practice.pdf
Does My Health Records Grooms Patient Or Medical Practice.pdfssuserbed838
 
Computerized Clinical Decisions are supported by My Health Records..pdf
Computerized Clinical Decisions are supported by My Health Records..pdfComputerized Clinical Decisions are supported by My Health Records..pdf
Computerized Clinical Decisions are supported by My Health Records..pdfssuserbed838
 
Clear health clinical
Clear health clinicalClear health clinical
Clear health clinicalTony TRAN
 
Clinical Information System In HealthcareOlufunmilayo Adelek.docx
Clinical Information System In HealthcareOlufunmilayo Adelek.docxClinical Information System In HealthcareOlufunmilayo Adelek.docx
Clinical Information System In HealthcareOlufunmilayo Adelek.docxbartholomeocoombs
 
My Health Records Force Full Medication Plans.pdf
My Health Records Force Full Medication Plans.pdfMy Health Records Force Full Medication Plans.pdf
My Health Records Force Full Medication Plans.pdfssuserbed838
 
Medical Software and Hardware
Medical Software and HardwareMedical Software and Hardware
Medical Software and HardwareHridyanshSharma5
 
Mha 690 week 1 discussion
Mha 690 week 1 discussionMha 690 week 1 discussion
Mha 690 week 1 discussionMoeHamdan5
 
My Health Records Helps Patients To Manage All Medical Visits.pdf
My Health Records Helps Patients To Manage All Medical Visits.pdfMy Health Records Helps Patients To Manage All Medical Visits.pdf
My Health Records Helps Patients To Manage All Medical Visits.pdfssuserbed838
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityTravisDC4
 
information technology in healthcare
information technology in healthcareinformation technology in healthcare
information technology in healthcareSamiksha Parab
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptxAmanBora5
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratchTechugo
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentialitysuzettedavis
 
My Health Record Gives Worthy Support to Doctors.pdf
My Health Record Gives Worthy Support to Doctors.pdfMy Health Record Gives Worthy Support to Doctors.pdf
My Health Record Gives Worthy Support to Doctors.pdfssuserbed838
 
My Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfMy Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfssuserbed838
 
Confidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysConfidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysJessica Tanner
 

Similar to Audit trails (20)

Why Can't More People Use My Health Records.pdf
Why Can't More People Use My Health Records.pdfWhy Can't More People Use My Health Records.pdf
Why Can't More People Use My Health Records.pdf
 
My Health Records Enhanced Patient Care Process.pdf
My Health Records Enhanced Patient Care Process.pdfMy Health Records Enhanced Patient Care Process.pdf
My Health Records Enhanced Patient Care Process.pdf
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
Week 1 dq1
Week 1 dq1Week 1 dq1
Week 1 dq1
 
Does My Health Records Grooms Patient Or Medical Practice.pdf
Does My Health Records Grooms Patient Or Medical Practice.pdfDoes My Health Records Grooms Patient Or Medical Practice.pdf
Does My Health Records Grooms Patient Or Medical Practice.pdf
 
Computerized Clinical Decisions are supported by My Health Records..pdf
Computerized Clinical Decisions are supported by My Health Records..pdfComputerized Clinical Decisions are supported by My Health Records..pdf
Computerized Clinical Decisions are supported by My Health Records..pdf
 
Clear health clinical
Clear health clinicalClear health clinical
Clear health clinical
 
Clinical Information System In HealthcareOlufunmilayo Adelek.docx
Clinical Information System In HealthcareOlufunmilayo Adelek.docxClinical Information System In HealthcareOlufunmilayo Adelek.docx
Clinical Information System In HealthcareOlufunmilayo Adelek.docx
 
My Health Records Force Full Medication Plans.pdf
My Health Records Force Full Medication Plans.pdfMy Health Records Force Full Medication Plans.pdf
My Health Records Force Full Medication Plans.pdf
 
Medical Software and Hardware
Medical Software and HardwareMedical Software and Hardware
Medical Software and Hardware
 
Mha 690 week 1 discussion
Mha 690 week 1 discussionMha 690 week 1 discussion
Mha 690 week 1 discussion
 
My Health Records Helps Patients To Manage All Medical Visits.pdf
My Health Records Helps Patients To Manage All Medical Visits.pdfMy Health Records Helps Patients To Manage All Medical Visits.pdf
My Health Records Helps Patients To Manage All Medical Visits.pdf
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
information technology in healthcare
information technology in healthcareinformation technology in healthcare
information technology in healthcare
 
Presentation1.pptx
Presentation1.pptxPresentation1.pptx
Presentation1.pptx
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
 
MHA 690-Confidentiality
MHA 690-ConfidentialityMHA 690-Confidentiality
MHA 690-Confidentiality
 
My Health Record Gives Worthy Support to Doctors.pdf
My Health Record Gives Worthy Support to Doctors.pdfMy Health Record Gives Worthy Support to Doctors.pdf
My Health Record Gives Worthy Support to Doctors.pdf
 
My Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdfMy Health Records Be Helpful To Patients.pdf
My Health Records Be Helpful To Patients.pdf
 
Confidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysConfidentiality Of Health Information Essays
Confidentiality Of Health Information Essays
 

Recently uploaded

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Audit trails

  • 2. Audit Trails Part 1 As the adoption of technology in the health field spreads rapidly technologists are making information more accessible for doctors giving them the ability to access records from mobile devices. Critics and health professionals question this decision wondering how mobile devices will measure up to computers as far as compatibility with EMR software and the security needed to protect the information the software manages. Even with these doubts progress has allowed some EMR systems to be integrated with mobile technology and is currently being used by medical professionals. With the implementation of EMR software on mobile devices it has given medical providers an simple tool to use while having the freedom of motion. This new freedom comes with added responsibility requiring extra monitoring due to the lack of security that mobile devices provide. If I was to use a mobile device to connect to a medical facility I doubt it would be a blackberry, but first the device would have to be encrypted to reduce the chances of hacking. If a network isn’t secured properly packets sent over these internet connections can be intercepted and used for other purposes resulting in a security breach. Mobile devices are not as secure as computers are due to the lack of software applications and hardware available. I would then have to log into the EMR system using a username and password. I would place an audit check here at this location checking to see who logged in and what device they used. After I logged into the system I would then search for the patient that I was looking for through the patient lookup. An audit check would be placed here to see what links I clicked on before finding the patient and how long it took to select a patient. A check would also be run to see whether that patient actually had an appointment that day or not. The amount of times I had accessed the patient’s information and why would also be recorded to see if there were any abnormal correlations between each occasion the data was accessed. When I found the patient I would then go under the treatment section and prescribe the prescription that they needed.An audit check would be placed at this location and possible red flag might be raised because a prescription was prescribed at random. If the patient had seen the doctor for a regular visit before the prescription was prescribed then a flag wouldn’t be raised but it would still be checked. If the patient had not visited the doctor but the prescription was prescribed a check would be placed to see if the prescription was a refill or just some random medicine. If it was some random medicine a check would ran to see what type of medicine it was and how often the doctor prescribes the medicine. The audit check would also measure how often the patient receives that type of prescription and if relates to any problems
  • 3. that they have had in the past. After prescribing the medicine to the patient I would then log out of the EMR system and continue doing whatever I was doing before logging into the system. An audit check would be placed here to see what time I logged out of the system. Role Based Access Control (RBAC) When a medical facility makes the transition to a computer based system to operate their organization certain precautions have to be taken to ensure that patient information remains secure in any situation. This requires the facilities to abide by HIPAA policies while creating ways to keep the information safe. The information must be protected from outside threats such as hackers as well as interior threats which usually directs the attention towards the employees of the organization. This is why Role Based Access Control was introduced to organizations. RBAC is a feature usually controlled by the administrators which limits the amount of permissions each member of the organization has. Before RBAC permissions were granted to each member of the organization individually. The administrator would have to select permissions they were allowed to have separately which would be very tedious if it was a large company. With RBAC you can create a role with the permissions you want that role to have and then add different members to that role. Whatever permissions that were granted to that role would then be given to the members. Creating roles prevents members from accessing the root level of a system and seeing information they shouldn’t have access to. In a medical facility you wouldn’t want a Registered Nurse to have the same permission as a Medical Doctor. If a RN had the same role as a MD they would have ability to prescribe medicine to patients even though they’re not a real doctor. In most facilities the CIO has unlimited access and the IT technicians are directly under them. After the technicians the permissions trickle down from the directors all the way down to the maintenance employees with each group having less permissions than the previous role. Providing Privacy In today’s modern health system a patient’s medical information is viewed as some of the most important data floating in a cloud. Though this cloud this cloud is surrounded by steel bars it can still be accessed if the proper actions are taken. When it comes to privacy electronic medical records the government has gone to great lengths to protect patient data. With this effort the Health Insurance Portability and Accountability Act was passed in 1996 to ensure the safety of this data. Medical facilities have designed different systems as well to protect data including the administering of HIPAA exams to all personnel who come in contact with this information to creating secure facilities to house the information. With the security precautions
  • 4. set in place health information managers have made it possible for these records to be accessed while following HIPAA regulations. The current design of our health system has it set up where most medical providers have control over patient records and in some instances the health information managers or chief information officers control the records. I feel that having CIOs manage the information is the best method to keep information safe from inside and outside threats. Before technology was embraced by the health field paper records were kept in places that were in plain sight. This information was available for the taking if the person desired it enough. Records could also be seen by any personnel that worked in the medical facility leaving patient information extremely vulnerable. With these assessments came the introduction of digitalizing and encrypting patient information to keep it safe from unqualified eyes. I agree with the idea of keeping patient records secured for none to see without authorization, but I don’t necessarily agree with keeping the information from the patient themselves. There have been many arguments as to whether patients should be given full control over their information. I believe that the patient should have full access to their records whenever they request them being that the information is about them and wouldn’t exist without them. Arguments as to whether the patient is responsible enough to manage their records and keep them private still persist making the task of retrieving records quite tedious. The only way for patients to receive their records is by filling out request forms which could take up to a week to process. It could possibly take longer to actually receive the records depending on the practice inconveniencing the patient. As pointed out by McClanahan the health system has a few adjustments to make in order to provide a better service to consumers with the first change granting patient’s ownership of their records (2008). I also agree with McClanahan that medical providers should oversee the patient’s records as they already do. Though patient records belong to the patient most are health and technology illiterate making the job of managing their own records difficult and sometimes impossible because of the lack of technology. I believe the way our system is currently setup is the best possible way to manage the privacy and access to electronic medical records until patients are more knowledgeable. Who Can Be Trusted With Health Information My health informatics knowledge has developed over time from classroom encounters and hands on experience providing me with a modern insight as to how information should be archived. I’ve learned that the responsibility of managing health information should not be left up to one entity but a combination of different professionals all playing their specific roles. I believe keeping medical information secure should be a joint effort between physicians, the government, the consumer, CIOs, and RHIO. Whether these entities can be trusted or not is still
  • 5. up for debate but the due to the rush for technology implementation into medical facilities there are no other alternatives. Placing medical records in someone’s possession for safe keeping is a decision that should be carefully thought out before acting. Medical information has the chance of beingmishandled in many instances which could lead to the downfall of a carefully designed infrastructure if not managed properly. I believe that the role of the doctor should be to create the patient records as they already do with no other responsibilities. A doctor has substantial amount of tasks to perform as far running a medical facility and being a doctor helping patients. Medical providers shouldn’t have to worry about whether a copy of a patient’s record was secured. The government’s role in operation should only be enforcing laws such as HIPAA and making sure that everyone plays a role. Due to the way the government is ran I don’t believe they can be trusted with a patient’s information. The government already violates human rights and privacy by ceasing control of other electronic information to do as they please they shouldn’t be given control over these records as well. Being that the government likes to approve laws like CISPA they can’t be trusted with consumer information. I believe the consumer should be given more responsibility when it comes to managing their records. There are too many consumers who are illiterate to health informatics. They should be educated on what EMRs are and how they are used to keep records secure. They should then be given a copy of their records for easy access. I don’t agree with making them pay to receive their own records, which is the case in many instances. Government officials and other healthcare affiliates say that they don’t trust consumers with their own information but not many trust them with the information either. Patient information should be handled directly by the CIO of a medical facility. They have acquired the knowledge needed to secure the information with encryptions and backups and should be solely responsible for all data. RHIO should be responsible for making sure the information is able to be transferred between different organizations. As far as I’m concerned they have been failing at this task for years so that should be their only concern. With the infrastructure setup this way it will lead to a better system and possibly help RHIO advance a little faster. Information management cannot be left to one individual because the job requires assistance from people of many professions. Through months of studying Health Informatics I have observed a medical system progress successfully using a CIO as the gatekeeper for patient information. CIO’s possess skills to secure a network preventing hackers from accessing information. They also possess the knowledge of how to set up servers to back up files which is important when dealing with
  • 6. electronic data. There’s always a chance of information being lost or deleted accidentally. In fact I’ve witnessed information get deleted then get recovered by a CIO because they knew how to use a database and was able to find the information. When it comes to managing information there’s no other person I would trust with the information than a Chief Information Officer who was trained to manage information. Though doctors play an important role in patient records I’ve seen them make mistakes such as entering information into the wrong patient files or adding documents to the wrong files. These errors require information technologist to retrieve the information and put it in its proper place. Most instancesmistakes are corrected by health information technicians not because they have administration rights to the system but because doctors don’t possess the knowledge to correct the error themselves. CIOs not only possess IT skills but they also know health information such as HIPAA policies qualifying them even more for this responsibility. These reasons are why I trust IT professionals to manage patient records over all other entities that currently deal with medical data. Sources McClanahan, K. (2008). Balancing Good Intentions: Protecting the Privacy of Electronic Health Information. Bulletin of Science, Technology & Society.