It is important to note that health information management (HIM) is a practice, which is comprised of a wide range of comprehensive functions aimed at analyzing, acquiring, collecting, storing, and protecting traditional or digital medical information. Although major technological and methodological advancements are being in all the mentioned areas of HIM, information protection can be considered the most challenging and critical one. The given assessment will primarily focus on intricate and multifaceted aspects of medical data protection in three dimensions physical security, technical security, and administrative security measures.
Security Measure Choices
In the case of selected security measure choices, these include physical security, technical security, and administrative security, where each can be achieved and established through a number of approaches. Firstly, physical security of health information is manifested in a collective utilization of protecting data through measures, such as facility access control, workstation use, device integration, media controls, and protection from natural disasters and fire. Secondly, technical security measures are mainly focused, but not limited to audit controls, integrity facilitation, and incorporation of authentication and access control systems. Thirdly, administrative security is comprised of measures, such as sanctions policy, assigned security responsibility, and workforce security.
Security Measure Rationale
One should be aware that although security risks can emerge in many different forms, the three major domains of threats and dangers are physical, technological, and operational. It is stated that in order to properly “investigate information security in hospitals, three main safeguards, namely administrative, technical, and physical safeguard should be taken into account” (Mehraeen et al., 2016, p. 48). In other words, the mentioned areas of security can be categorized as three fundamental elements of health information management, which includes data protection as one of its core responsibilities. As a HIM manager, one needs to ensure that all of the collected and acquired data is kept and transferred in a protected as well as secure manner, which means that the key threats need to be recognized as physical, technical, and administrative.
Importance of Data Security
Data security is of critical importance due to a wide range of reasons, which can range from financial to life-threatening to ethical. Protecting valuable medical information is a challenging task, which also highlights its importance since the dangers and threats can come in different forms. A study of hospital information safeguard shows that fire poses the greatest security risk, whereas human and other environmental factors pose the least danger (Ayatollahi & Shagerdi, 2017). However, the hospitals were the most prepared for technical threats, which indicates that there is a major imbalance in prioritization (Ayatollahi & Shagerdi, 2017). Therefore, health information managers need to protect medical data in all three key domains, such as physical, technical, and administrative, in order to ensure foolproof security.
Employees are mainly lie in the category of administrative risks, but they can also be a cause for other threats, which is why role-based access can enhance security within the medical facilities. Such a measure ensures that no to a minimal number of individuals have access to the entire network of information, which eliminates the risk of losing the entire database. Under such a framework, employees are able to access a fraction of the data.
In conclusion, health information managers perform a wide range of duties, which can include data acquisition, storage, transfer, and protection. In order to properly conduct the latter, the safeguards need to put in place in accordance with all three major domains of security threats, which are physical, technical, and administrative. Employees can be a source of all three types of risks, which is why implementing role-based access can be highly effective as a security measure.
Ayatollahi, H., & Shagerdi, G. (2017). Information security risk assessment in hospitals. The Open Medical Informatics Journal, 11(1), 37–43.
Mehraeen, E., Ayatollahi, H., & Ahmadi, M. (2016). Health information security in hospitals: The application of security safeguards. Journal of the Society for Medical Informatics of Bosnia & Herzegovina, 24(1), 47–50.