4-1 Discussion: Issues in Security and Privacy

Privacy of Medical Information
Student’s Name
Institutional Affiliation
Date
Privacy of Medical Information
Patients must be assured that their health information will not be shared with other parties. Failure to assure patients of their health information privacy may make them withhold particular vital information that could affect the quality and outcome of healthcare. The issue of insecurity on patient’s data has been prevalent in a health clinic in Massachusetts. Patient’s information such as gender, patient’s names, health insurance information, and addresses was shared with unauthorized individuals. The paper will discuss policies and procedures that protect the health information of patients.
Administrative and technical and safeguards should be established to maintain secrecy of patient’s data. The physical safeguards involve device separation, data backup, and proper device disposal (Acquisti, Brandimarte & Loewenstein, 2015). Moreover, technical safeguards may include installation of secure communication systems such as secure sockets layers and virtual private networks. Furthermore, administrative safeguards involve documentation of departmental security policies and training employees about the policies (Fernández-Alemán et al., 2013). Workers should be trained on how to use logins for identification and how to retain the electronic data.
Furthermore, electronic medical records should have specific components in their system security policies. These components include data integrity, authentication, non-repudiation, and confidentiality (Wu & Xu, 2013).

Authentication involves the process of verifying the identity of the user by use of passwords, logins, smartcards and digital certificates. Confidentiality involves preventing third parties from accessing the medical data. Confidentiality can be achieved through prevention of physical access of data by use of technology such as encrypted data. Transferred information should be verified to ensure that it was sent and that it was not modified (Patil & Seshadri, 2014). Methods such as message digest and tripwire may be used to maintain the integrity of the medical data. Furthermore, nonrepudiation helps ensure that the transferred data has been received and sent to the intended person. It may involve the use of digital signatures and audit logs. In conclusion, these policies can ensure the privacy of medical information thus encouraging patients to share any sensitive information.
References
Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509-514.
Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics, 46(3), 541-562.
Patil, H. K., & Seshadri, R. (2014, June). Big data security and privacy issues in healthcare. In Big Data (BigData Congress), 2014 IEEE International Congress on (pp. 762-765). IEEE.
Wu, F., & Xu, L. (2013). Security analysis and improvement of a privacy authentication scheme for telecare medical information systems. Journal of medical systems, 37(4), 9958.