Within the contemporary, hyper-connected and interlinked business landscape, organizations – large and small – are continually under attack.
A computer crime and security survey conducted in 2005 through the joint efforts of the Computer Security Institute (CSI) and the San Francisco Office of the Federal Bureau of Investigation (FBI) demonstrated that six in every ten organizations were victims of unauthorized computer use during the past 12 months (Johnston & Hale, 2009).
These unauthorized uses, according to the authors, included “…malicious acts such as theft or destruction of intellectual property, insider abuse and unauthorized access to information that resulted in loss of data integrity and confidentiality, as well as malware threats such as viruses, spyware, worms, and Trojans” (p. 126).
It is against this background that the present paper aims to put into perspective some critical issues regarding information security, particularly in healthcare organizations.
In layman’s language, information security can be defined as the protection of data against unauthorized or illegal access through the employment of authentication protocols such as passwords, fingerprints, and digital certificates, as well as employing encrypting processes for highly sensitive data (Bodin, Gordon & Loeb, 2008).
A computer system that asks users to input personal identification numbers (PIN) demonstrates a good example of how information security functions.
In more complex terms, however, the concept of information security is often viewed under the lens of protecting data and complex information systems from unauthorized or illegal access, use, revelation, interruption, modification, examination, inspection, recording or obliteration of information, whether in print, electronic or any other format, and against the denial of access to authorized users (Khansa & Liginlal, 2009).
In practice, therefore, information security entails taking proactive measures and strategies aimed at detecting, documenting, and countering any form of unauthorized use, access or modification of information systems (Bodin et al, 2008).
A good example here is the heavy investments organizations make to install antivirus software, firewalls and other internet security tools to ensure that cyber criminals do not have access to their networks, and to incapacitate any attempts made by these criminals to modify the information systems and databases through malware threats.
Today, more than ever before, the daily functioning of contemporary healthcare organizations is becoming more intricately tied to the investments made in terms of adopting information technology, as well as the integrity and accountability of the information systems by virtue of the fact that “…patient care, research, operations, and finance all rely on highly available, trustworthy, and robust applications, data, and infrastructure” (Glaser & Aske, 2010, p. 40).
The very fact that health organizations must continuously invest in latest information technologies demonstrate the importance of adopting information security technology; they, as is the case in other business organizations, deal with particularly sensitive data that must be protected from unauthorized access, use or modification (Bernstein & McCreless, 2007).
Patient and health data, which are the mainstay of most heath organizations, are particularly sensitive to a point where client trust and satisfaction levels are largely evaluated on account of how well the organizations are able to secure confidential information on behalf of their clients (Cooper & Collman, 2003).
Away from patient-related issues, it is very important for health organizations to protect their information systems, which are often costly to design and implement, from any possible attack or unauthorized access (Weems, 2010).
It simply does not make any business sense for health organizations to expose themselves to these attacks or unauthorized access of information systems since such actions always come with high financial and reputational implications for the healthcare organizations involved.
Consequently, it is always advisable and beneficial to assume a proactive stance and invest heavily on information security technology.
Lastly, it is generally believed that information security in healthcare settings can only be achieved by addressing the germane issues of confidentiality, integrity/veracity, availability/accessibility, reliability, and accountability.
While confidentiality implies that sensitive patient and health data should not be made available or disclosed to unauthorized individuals or processes, integrity implies that such kind of data or information must not be altered, modified and/or destroyed in an unauthorized manner (Cooper & Collman, 2003).
Availability as a critical component in healthcare information security implies that data or information should always be accessible and useable upon demand by any authorized entity, while accountability is used to describe the capability to audit the actions of all parties, procedures and processes which continually interact with the data or information, and to intrinsically determine if such actions or interactions are appropriate (Cooper & Collman, 2003).
It goes without saying that data or information contained in information systems within the healthcare context must be reliable and free of error at all times.
Reference List
Bernstein, M.L., McCreless, T., & Cote, M.J. (2007). Five constants of information technology adoption in healthcare. Hospital Topics, 85(1), 17-25. Retrieved from MasterFILE Premier Database
Bodin, L.D., Gordon, L.A., & Loeb, M.P. (2008). Information security and risk management. Communications of the ACM, 51(4), 64-68. Retrieved from Business Source Premier Database
Cooper, T., & Collman, J. (2003). Managing information security and privacy in healthcare data mining: State of the art. In: C.J. Alberts & A.J. Derofee (Ed.), Managing information security risks: The octave approach. Boston, MA: Addison-Wesley Professional
Glaser, J., & Aske, J. (2010). Healthcare IT trends raise bar for information security. Healthcare Financial Management, 64(7), 40-44. Retrieved from MasterFILE Premier Database
Johnston, A.C., & Hale, R. (2009). Improved security through information security governance. Communications of the ACM, 52(1), 126-129. Retrieved from Business Source Premier Database
Khansa, L., & Liginlal, D. (2009). Quantifying the benefits of investing in information security. Communications of the ACM, 52(11), 113-117
Weems, K. (2010). Health IT the road so far. Health Financial Management, 64(6), 86-90. Retrieved from MasterFILE Premier Database