This document discusses security issues related to health information systems. It notes that as more patient data is stored electronically, ensuring privacy and security of electronic health records is important. The document outlines advantages of electronic health records like providing complete patient histories, but also disadvantages such as privacy and confidentiality concerns. It discusses laws like HIPAA that are meant to protect patient privacy and discusses methods used to increase security, such as encryption, authentication, and educating staff.

1. Health Information System Security
Kristin Clark
MHA 616
Prince Ordu
April 16, 2012

2. Introduction
 Health management information systems (HMIS) are the
accumulation of paper and electronic patient data
 As more data is stored electronically the need for
security and confidentiality of patient information is
increased
 Use of electronic health records is increasing
 Provide a complete patient history
 “Ensuring the privacy and security of electronic health
information is a key challenge for organizations that
collect, store, and exchange such information.”
(Dimitropoulos and Rinzk, 2009, p. 428)

3. Electronic Health Records
 EHR are “a system that
will allow doctors and
nurses to access data,
and give clarifications to
clinicians performing
follow up care, to whom
a patient’s previous
treatment or medical
information is often
needed.” (Tan, 2010, p.
120)

4. Electronic Health Records
Advantages
 Provides a complete
patient history
 Increased patient safety
 Reduce medical
errors
 Improved quality of care
 Reduces costs
 Decreases number of
repeat testing
 Decrease fraud
Disadvantages
 Privacy/confidentiality
concerns
 Cost to implement EHR
systems
 Lack of standardization

5. HIPAA
 Health Insurance Portability and
Accountability Act (HIPAA)
 Passed in 1996
 Designed to protect the
freedom, security, privacy, and
confidentiality of patients
medical records
 Protects personal records,
diagnosis, treatments, progress,
recommendations, radiology
images, and lab results

6. Patient Privacy/Confidentiality
Concerns
 EHRs use of wireless networks require increased security
 Anti-virus software
 Firewalls
 Passwords
 Security codes
 Intrusion detections systems
 Intrusion prevention systems
 Requires a back up system for power outages or disaster
recovery

7. Ways To Increase Security
 Educate those with access to HMIS about HIPAA
 Only use patient data for healthcare purposes
 Keep from those with malicious intent
 Privacy Rule
 Consumer control- have the right to release information
 Setting boundaries- ensure health information is used
for healthcare purposes only
 Accountability- Responsible for actions
 Public responsibility- only release information for
emergency circumstances
 Security- release information for public and national
health

8. Ways To Increase Security
 Privacy screens on computers
 Blur and black outs
 Only the individual entering information can see the
screen
 Encryption
 Scrambles text so a key is needed to decipher the text
 Authentication
 Fingerprints
 Palm scans
 Retinal scans
 Voice recognition

9. HMIS Security Systems In Place
 Duke University Medical Center and
Health System
 Implementation of single sign on
system
 Allows access to multiple
systems simultaneously
 St. Vincent’s Hospital and Healthcare
Center
 Implemented biometric
authentication
 Implemented a single sign on
system

10. Issues With Security Methods
 Authentication Issues
 Protective clothing such as gloves, masks, and
goggles are often used which can hinder access to
scanning
 Dirt and blood can decrease biometric scanner
reliability
 It is not fail proof
 Smart cards/Passwords
 Cards can be lost
 Passwords can be forgotten or hacked

11. Conclusion
 Electronic health records are on the rise
 Has both advantages and disadvantages
 Compliance with HIPAA is necessary for HMIS to protect
patient confidentiality
 Many ways to increase security
 Educations
 Anti-virus, firewalls, passwords
 Authentication

12. References
 Dimitropoulos.L, Rizk. S. (2009). A state-based approach to privacy
and security for interoperable health information exchange. Health
Affairs. 28(2). 428-434. Retrieved from proQuest database.
 Harrisoin, P. J., Samanujan. S. (2011). Electronic medical records:
great idea or great threat to privacy? The Review of Business
Information Systems. 15(1). 1-7. Retrieved from proQuest
database.
 Hewitt, B., McLeod, A. (2011). Modeling security in acceptance of
electronic health record systems. Journal Of Information Privacy &
Security. 7(3). 23-45. Retrieved from proQuest database.
 Nataraj. S. (2011). Security concerns in e-prescribing. The Review
of Business Information Systems. 15(1). 15-18. Retrieved from
proQuest database.
 Tan, J. K. H. (2010). Adaptive Health Management Information
Systems (3rd ed.). Sudbury: Jones and Bartlett.