There are various types of patient information that are stored in electronic format within a health care system. This helps to avoid the re-entering of information that was obtained before. In past this information was used to be write on paper and it was saved in large filing cabinets. But in this current situation, with revolution brought by the technological advancements, the new concept of saving the information of patient in an electronic system has implemented. With the help of electronic record system, data can be saved and secured for long duration. Any health care organization that is supposed to store data and information of a sensitive nature should implement information security principles to ensure the security measures of that information. This research will be conducted on the basis of implementing the policies of a secure computer and information system within a health care organization.
Information Security - (IS 300)
Chapter 1: Introduction
Background of Study
With the implementation of electronic record system for storing information it is necessarily required to make policies for the security of that information. This study assist the health care practices in reviewing their present health information security policies as they are focus to adopt and implement emerging health information technology systems including electronic health information exchange and electronic health records.
Purpose of Study
The purpose of the study is to evaluate the importance of an information system in a health care organization and also to be acknowledged with the standards and techniques to be implemented in the control of information systems security.
Problem Statement
Information security is considered as the security of information as well as the information systems from illegal access, revelation, interruption, amendment or damage. A system based on information security can be attained by ensuring the privacy, reliability, and accessibility of information.
Rationale of the Study
The solutions, safeguards and tools that are used to adopt security measures should be administrative, objective and technical. Performing a transaction examination between the advantages received from utilization of information policy with the cost of implementing the information security system is considered to be a significant way to determine the importance of an information classification system.
Aims and Objectives
The main aims and objectives of this research are:
1. Actively assist the development and maintenance of an information classification system.
2. Design and implement a computer and network security and information privacy policy.
3. Contribute to the design of a secure physical environment for the processing and storage of electronic information.
4. Contribute towards the development of a business organization's computer incident response and disaster recovery plans.
5. Contribute to the development of appropriate authentication methods for user access, and devices.
6. Determine and apply appropriate security measures to the management of information Security.
7. Understand the corporate obligations for legal and statutory matters related to information security.
Theoretical Framework
The theoretical framework of this study is to involve the advance technologies in health care practice for both administrative and clinical purposes.
Research Questions
This thesis targets the following questions to be answered in a detailed and satisfactory way: