Information Systems Security

Information systems security

Introduction

This report projects the information security issues of a small pharmacy which has recently been opened in the local shopping mall. The daily operation of a pharmacy is a unique business that requires a combination of both physical and logical access controls to protect medication and funds maintained located on the premises and personally identifiable information and protected health information of your customers. This report identifies the inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate the risks identified.

Discussion

Pharmacies and health care providers have implemented complicated, distributed software systems which deal with real time information of patients. The examinations, vaccinations, prescription and vaccine of the patients are stored in the data repositories. The conventional lab systems and patients records systems are substituted by an electronic medication administration record and point of care on line medication administration system, having the nursing documentation like patient care summary, rules based triggers, that is, pain, pressure ulcers, falls, and admission assessment, Patient Access List (PAL), patient education communication, discharge instruction template, communication to providers, assessments (critical care, pediatrics, psych, acute rehab, surgical, medical), transfer/discharge documentation, admission history, intake & output, weight, height, and vital signs, and clinical documentation.

The pharmacy contains wireless networks which permit production and storage of medical prescription information by means of data terminals, LCD screens, smart phones, personal digital assistants, and more. The addition of novel technologies like the nano-electronics and robotic surgery connected by means of wireless networks are backed by a complicated middleware layer. The electronic medical record in the pharmacy efficiently becomes a cyber-physical system in case it entails programming concepts which support the operating system and middleware layers for functions like;

Interface for accessing similar types of controls irrespective of the fundamental network topology;

“Dynamic real-time groups” and topology control in the form of packaged service classes of loss, jitter, and bounded delay under accurately mentioned conditions;

Constant views of distributed states in real-time within the sphere of influence; and

Real-time Event Triggers

The major component in the system is the adaptive middleware amid the back end databases and the application server. The adaptive middleware entails the policy engines, sensor algorithms, and expert rule engines which administer the coordination amid the physical and the computational segments of the system. The results from medical scans and robotic scans can be stored, transmitted and evaluated in real time. The medical information of the patients is stored in various distinct databases.

Cyber intrusion Risks and Vulnerabilities

The major risk to the medical privacy is the misuse of the invalid access by the insiders and the most widespread risk vector is social engineering. The best defense-in-depth technical measures and security training for individuals are not able to secure a system wherein a lot of individuals can access the information and data. For the order of protecting the patients, there is an act called the Health Insurance Portability and Accountability Act which requires the national standards for electronic heath care transactions and imparts secure measures for ...