Network Security Plan for Medical Record Organizations

As organizations continue to adopt the use of technology in their service delivery, there is need to address the emerging issues such as network security. One of the key concerns of medical record organizations is the security of data that they gather from their clients and employees. Network security focuses on the measures that can be adopted to ensure maximum protection of information from unauthorized users. Medical record organizations have to abide by the HIPPA Act of 1996, which require medical and insurance companies to protect and keep patients/clients’ data confidential at all times. Firms must develop network security plans in order safely share patient information between doctors, administrators, clerical personnel, and nurses. The proposed network security plan outlines the key areas that will be critical for effective data security within a medical record organization. The key components are addressed below;

Data to be Used

Databases refer to a collection of data records that are stored for future reference or answering queries. It consists of tables with records or values about particular attributes of the data or information to be captured. The point of data storage can be a laptop or capture. Organizations have various types of databases to choose from when setting up a network security plan. Examples of such databases include desktop, relational, and text databases. According to Soomro, Shah & Ahmed (2016), desktop databases are appropriate for storage of less complex information regarding the clients and company records. Text databases are essential for storage of a wide range of information in an organization. Thus, retrieval and access of such data become easier. Relational databases, on the other hand, are a collection of various databases thereby making it easier to share information between different users (Collen & Ball, 2015).

The plan will adopt the three types of databases for different purposes. The practitioners and administrators can utilize patients’ hospital visit data and other relevant information stored in Microsoft Access to contribute to positive health outcomes. Therefore, Microsoft Access is the best alternative for a desktop database. Due to the ease of accessing data stored in text databases, the plan will incorporate it to make information regarding doctors, clerical personnel, nurses, and administrators readily available. Moreover, the relational database will be essential for linking related information regarding clients and their relations.

Domain Configuration

Based on the number of data users, the technology infrastructure adopted must cater for the potential risks and delays that may occur in the process of data access or retrieval. The plan will use applications, workstation, user, and local area network domains. The organization’s policies and guidelines regarding access and use of patients’ data must be strictly followed before allowing users to access information through the given domain. The user domain will allow doctors and nurses to access medical history of patients (Filkins et al., 2016). Moreover, they are considered the end users of the patient information stored in the databases.

Various policies will guide data access by the different authorized users. Examples of policies that will be utilized in the plan include acceptable use policy, privacy policy, system access policy, social networking policy, and the physical security policy. The policies intended to guide users on how to use company emails, engagement on social media platforms, handling portable disks and hard drives, and access and utilization of patients’ data. According to Soomro, Shah & Ahmed (2016), depending on the organizational needs, different policies must be adopted to offer guidance on data usage thereby effectively implementing data security. Issues relating to user IDs and passwords are crucial for information security. Thus, users will be educated on the dangers of saving passwords online or sharing their login credentials with other users or third parties.

            Huang, Behara & Goo (2014) argue that authentication of users is very crucial when configuring domains. The organization is a medical record company; a security plan must use restricted access to authenticate users. Besides, they must change their passwords after every three months to prevent cases of hacking and other cybercrime related issues. The workstation domain will be useful in restricting the software that users can install on the desktops. There will need to track the devices and their connections to the local area network to make them less vulnerable to attacks. The LAN domain will be appropriate given that the company is centrally located. Moreover, possibilities of system hacking will be reduced using switches. Filkins et al. (2016) point out that switches and firewall effective in the filtering of traffic and protecting segmented networks. Secure communication between the software and the end users will be established through application and system software. Different types of workstation management will be utilized to ensure there is proper control within the workplace. According to Naveed, Kamara & Wright (2015), the management practices will not only help in curbing the issues relating to vulnerabilities and fraud but also make it easy to provide support to users. Matters relating to activity logs, software configuration, and diagnosis of devices will be better managed if security weaknesses and vulnerabilities can be detected in good time.

Data Transmission Requirements and Operating System

Medical record companies gather both simple and complex data which must be secured from invasion or fraud. Given that desktop database will be utilized, the recommended operating system will window 10. It is preferred operating system since Microsoft Access will be used to store clients’ hospital visits and financial history (Unni et al., 2015). Moreover, most end users are familiar with Microsoft Access thereby making information in desktop databases more secure and confidential.

The data access and transmission will follow the policies and standards in place that guides and regulate the data usage in healthcare settings. Other than following the laid down procedures, data encryption will be regarded as a fundamental requirement for transmission. Both email and application transcription will help in promoting data safety.

Confidential Records Protection and Authentication Process

According to Unni et al. (2015), data encryption is the best way to ensure confidential information are protected from possible attacks by hackers. Role-based access control can be utilized to encrypt the confidential patients’ records. Although different encryption techniques can guarantee data safety and protection during sharing between the different end users, barring access through authorization can help in reinstating more the data security. Users will be asked their usernames and passwords before allowing them to view confidential data available in the database. Moreover, users cannot view all the confidential information unless approved by the administrators.

Strong Information on Separate Databases

The goal of ensuring separate databases have strong information are reasons behind database connections. Relational databases are essential for sharing related information from different databases. Trusted database connections accelerate the process for strong information for separate databases. According to Huang, Behara & Goo (2014), trusted subsystems and impersonation techniques enable the users to access different databases and get the response to queries. Moreover, the trusted databases ensure there is a secure connection to guarantee access to own information while excluding other tenants. Secure databases restrict access to patients’ database from a wide-level database through the encryption of patients’ data. Data encryption within the various types of databases will protect both patients and organizational data by restricting their access and ascertaining that relevant data are availed for their intended users. The process seeks to keep patients data safe even when wrong people receive it.

Conclusion

Although organizations are improving the quality of their services and value addition to information technology, data security in organizations is faced with a lot of challenges. Security threats emanating from attacks and hacking make company databases more vulnerable and weak. Thus, network security planning becomes a priority for managers. Health records firms are more vulnerable to such attacks since they keep a lot of information regarding clients’ medical and financial history, which are the point of interest to hackers and fraudsters. Network security planning will help health records organizations to protect their clients from potential phishing of information, protect the organization from attacks, and maintain their reputation by eliminating the chances of lawsuits challenging their data usage and security. The company will use a desktop, text, and relational databases. The three databases will ensure easy access to wide range of information by different end users. Various policies relating to authentication and access to information will be adopted to limit how users access patients’ information from the databases.

References

Collen, M. F., & Ball, M. J. (Eds.). (2015). The history of medical informatics in the United States. Springer.

Filkins, B. L., Kim, J. Y., Roberts, B., Armstrong, W., Miller, M. A., Hultner, M. L., ... & Steinhubl, S. R. (2016). Privacy and security in the era of digital health: what should translational researchers know and do about it?. American journal of translational research, 8(3), 1560.

Huang, C. D., Behara, R. S., & Goo, J. (2014). Optimal information security investment in a Healthcare Information Exchange: An economic analysis. Decision Support Systems, 61, 1-11.

Naveed, M., Kamara, S., & Wright, C. V. (2015, October). Inference attacks on property-preserving encrypted databases. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (pp. 644-655). ACM.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225.

Unni, S., Yao, Y., Milne, N., Gunning, K., Curtis, J. R., & LaFleur, J. (2015). An evaluation of clinical risk factors for estimating fracture risk in postmenopausal osteoporosis using an electronic medical record database. Osteoporosis International, 26(2), 581-587.