Information security policies and data protection measures in healthcare organizations

Bacon County Hospital and Health System

In your opinion, how well developed are your organization's information security policies?

The organizations current information security policies are adequate. However, in order to remain effective, the organization must have a profound emphasis on innovation. Technology, particularly in regards to information security, is becoming more difficult to protect. Hackers and those with large capabilities are gaining more insights as to the methods to effectively target individual companies. In fact, many of America's large financial institutions fell victim to hacker attacks. These attacks, all coordinated in both time and geography, overloaded the institutions mainframes causing slower servicing time. Pundits were quick to indicate that the attacks were not at all sophisticated and only required a handful of individuals to conduct. However, the results interrupted the natural flow of business activity in some the world's largest and most protected financial institutions. Bacon County Hospital is no different in this regard. Currently, the system in place adequately protects patient's personal information and identity. However, as technology becomes more ubiquitous and widespread, the institution must innovate to further protect patient information. In my opinion, I believe the organization does not possess the sense of urgency needed to adequately protect patient information in the future. This could be the result of financial contracts or lack of will from leadership.

Describe policies and measures used by your organization to ensure confidentiality, availability and reliability of data and information.

First, confidentiality is insured through separation of powers within the organization. Only certain individuals can access patient records and data. Those individuals who can access confidential information are monitored when they access these files. Personnel are required to input their username and password to verify their identity. In regards to availability, the internet allows for personnel to access information irrespective of location. Information is available to qualified individuals when and where they need it. The organizations intranet allows for information to maintain only within the organization itself, free from the views of outsiders. Internet is particularly helpful in regards to the reliability of data. The organization double and triple checks various inputs within the system. Qualified personnel who identify an error can seamlessly correct it, or inquired further about its origins.

Describe how the organization could (or does) protect from the loss its data. What steps could (or do) they take to make sure that data remains accessible in the event of a catastrophic event such as a fire or other natural disaster?

The organization takes makes many steps to protect against loss of data. The first step is to have both paper and digital copies of documents within the system. The paper copies ensure the accuracy of documents within the digital framework. In addition to the hardcopies, each digital document is copied and maintained on a differing network, completely separate from that of the company intranet. This separate mainframe provides a separate database in the event of a catastrophe or system failure. In the event of a fire of natural disaster, the separate database would ensure that the entire information system runs smoothly and efficiently (Dhillon, 2007). To further insure that data is accessible, the back up system is maintained in a differing location that that of the primary one.

What things do you think your organization could do to further enhance information security?