Data Sharing, Implementation, and Compliance, Essay Example

1. Implications for healthcare organization implementing databases

When implementing database systems in a healthcare setting, i.e. electronic medical record systems, there are two prime areas of concern. (1) Privacy – ensuring that patient information is kept confidential and may only be accessed by authorised persons. (2) Security – ensuring there are suitable security procedures put in place to prevent internal access of confidential datasets or external intrusion by hackers or others trying to gain unauthorised access of the data. Communications are another important aspect particularly around the security of wireless networks . Adequate control systems should be put in place to prevent unauthorized entry. This often around complex encryption around the required secure network areas.

2. Ethical and legal considerations in database management

Ethical considerations evolve around the Doctors and Nurses professional code of conduct and to ensure appropriate due diligence in the use and management of the systems. IT professionals have had a much looser ethical code imposed upon them, as compared to the medical profession. Things are changing and in most States patients are allowed access to their medical records. They are allowed to make changes to any inaccuracies in their medical files. Equally items covered under HIPAA require written consent from the patients to use their files. Health care companies are legally bound to hire a data privacy officer who has the task of training employees on how to handle sensitive data. Mis-use of information can result in large fines or up to 10 years imprisonment. (Wilder, C. 2013).

3. Functioning of regional health organization

Regional clinical health exchanges are at the core of US IT health information strategy. Regional Health Information Organizations (RHIO’s) are designed to exchange information within a specific community based area. They provide professional advice on how best to manage secure IT systems within a healthcare context. Designed to be free from government intervention the aim was to facilitate other healthcare organizations that had less IT expertise. As to date they have not been very successful and widely criticised. (Proti, D. 2013).

4. Compliance reporting act

The Privacy Act (1974), was initially designed for the purpose of allowing more freedom of access to government information but this excluded medical records. There was no significant treatment of Data Protection unlike the position in Europe and UK. The rules pertain to the collection and use of personal information and the security systems maintained to protect it. This particularly falls around patient records and the act of written consent from the patient to access these records. Most Healthcare Organizations will have a database administrator and a Data Protection Officer who will work closely together in order to ensure that the legal requirements are complied with. (Woulds, J. 2004).

The concept of litigation seems most prevalent in the area of IT Security. Nearly all forms of electronic media have the potential for being involved in litigation cases. When these instances arise one of the most important aspects will be the gathering of data or information for evidence. Where it is believed that a criminal act has taken place the computers and network devices may be removed for evidence. This type of confiscation can impose a serious threat and disruption to the business as the court may instruct the system to be frozen which means that the back-up recovery system could not be immediately invoked. Failure to comply with court orders can result in very severe penalties.

5. Significance of PRIVACY act (1974)

The Computer Security Act of 1987 is perhaps a more applicable update covering personal information retained within government systems. This act has attempted to establish public sector wide standards for security and control of information security. (Stratford, J. 2013)

References

Proti, D. (2013, 2 6). US regional health information organizations… Retrieved from Longwoods Electronic Healthcare: http://www.longwoods.com/content/19625

Stratford, J. S. (2013, 2 6). Data Protection and Privacy in the United. Retrieved from Iassist Quarterly: http://www.iassistdata.org/downloads/iqvol223stratford.pdf

Wilder, C. (2013, 2 6). The Ethics of data. Retrieved from Information week : http://www.informationweek.com/837/prdataethics.htm

Woulds, J. (2004). Practical guide to the data protection act. Washington DC: Constitution Unit.