Security and Privacy of Health Data
Class Name and Code
Section Number
Student’s Name
Due Date
Table of Contents
Executive Summary ……………………………………………………………………………………………………. 3
Literature review ………………………………………………………………………………………………………… 3
Discussion of Findings ………………………………………………………………………………………………… 8
Implications for this Class and the Health Care Field …………………………………………………… 9
Conclusion ………………………………………………………………………………………………………………… 9
References ……………………………………………………………………………………………………………….. 11
Executive Summary
The recent government support the adaptation of common electronic health records
across the health care institutions. Further the information systems play an essential function
in improving the quality of healthcare services and reducing the medical costs. Inadequate
security controls within the healthcare databases might result in data breaches. Such data
breaches expose the patients to economic difficulties, social stigma and mental anguishes.
Recent studies conducted in the US indicates that 75% of the patients are more concerned
about sites that illegally share patient’s information without their consent (Thapa & Camtepe,
2020). The main cause of such concern us that healthcare information disclosure is the
second-highest in the reported data breaches. The researchers in the healthcare information
system have implement several reference disciplines in data security risk management.
Therefore, the healthcare facilities’ management need to adopt new technological
advancements like the use of electronic health management systems, user authentication, and
controlling the access of the network systems.
Literature review
Healthcare information confidentiality pertains to the capability of the healthcare
institutions to protect the sensitive records of the patients. further, it entails the governance
and application of patient’s identity and the medical data. According to Keshta and Odeh
(2020), the healthcare information privacy includes making the policies, which govern the
gathering and sharing of patient’s confidential information. however, the information security
refers to the protection of personal health records against unauthorized access. Some of the
health information security protections encompasses of the explicit description of data
availability and integrity. In line with Wilkowska and Ziefle (2012), typically the healthcare
data security mainly focuses on the protection of the health records of patients from malicious
attacks and data theft. Despite being perceived as significant for the information protection,
the data security is essentially insufficient for handling the issue of data security within the
healthcare department. The research conducted by Shakeel et. al. (2018) indicates that the use
of user authentication is the first step in ensuring information security in the healthcare
institutions. The user authentication entails the confirmations of the validity of the user before
they can access the information. Authentication is a critical function in the information
systems of healthcare organizations as it secures access to the organizations” networks. Also,
it protects the identities of system users and ensures that the users are who they claim to be
before they are allowed to access the data. Besides, the healthcare institutions can utilize
cryptographic measures and controls like the transport layer security, TLS, and the secure
sockets layers, SSL, to protect their network communications. Another essential tool
applicable for user authentication is the Bull eye algorithm, which assists in effectively
monitoring all the confidential data within the databases of the healthcare facility. This tool is
broadly applied to protect the healthcare data and promptly manage the patients original, as
well as the reproduced information. Keshta and Odeh (2020) in their research assessed the
application of the Bull eye algorithm and expressed that the tool only gives the authorized
individual access to the confidential healthcare data on the system. Overall, the healthcare
data systems must often authenticate the identity data of the patients and service providers
before they are granted the access to the facility’s information systems.
After proper authentication, the users can access the database systems to obtain
medical records they need, though the access to the databases is essentially managed by the
access control policy that is founded on the rights granted to the physician by the patient.
Besides, the access policy is a flexible and effective way that allows the users to access the
data system (Simoens et al., 2012). It offers the users with complex controls which only allow
them to perform the tasks for which they have permission. For example, the users may be
authorized to perform several tasks like cluster administration, job submissions and data
access. In the health care system, several solutions such as Role-based and attribute-based
access control help in addressing data security and access control issues (Keshta & Odeh,
2020). These are some of the most popular modes of electronic health record (EHR) models.
Therefore, healthcare facilities should adopt technologies with security access controls and
data encryption techniques. This helps them to satisfy the fine-grained access control while
preserving patients’ data privacy and security.
The application of electronic health records system combines the field of healthcare
and information technology. Healthcare practitioners must record every data they either
perceive or gather utilizing other strategies in the treatment process or from patients.
Additionally, the practice of recording health data is a necessity; it is also an effective
technique of tracking records of a particular patient. Besides, it would be extremely hard to
track a patient’s health history without properly recording the data they encounter (Hussien et
al., 2019). This difficulty would translate to the treatment process of the patient, which would
be equally hard since the information would be gathered each time the patient seeks medical
attention. Also, the patients are prone to forgetting miner attributes of their previous
conditions, which would lead to difficulties in synthesizing the accurate medication for their
present condition. Moreover, there is a possibility of the patient describing their condition
differently than they did in the past, which might result in different interpretations by
different physicians, leading to a different technique of treatment or medication that could
lead to additional complications.
Additionally, the health data can be secured through the application of data protection,
which refers to the statement outlining how the healthcare facilities protects the health
information. it encompasses of principles, rules, and guidelines, which illustrates how the
firm would consistently comply with the information protection regulations. Besides, the
organizational policies are as significant as the technical processes that the firm applies to
protect patient’s privacy and electronic health information. such policies aids in the firm
creating objectives for technical mechanisms and outlines the automatic utilization and
information release. According to Abouelmehdi, Beni-Hessane and Khaloufi (2018), the
institutions utilize the data protection guidelines to set regulations for punishing the violators
and established strategies of detecting and promptly averting the information violations.
Policies and practices must balance patients’ right to privacy against the need for physicians
to access relevant health data during service provision. This balance makes patients more
willing to reveal sensitive health information to their healthcare providers. Healthcare
institutions have adopted several formal policies to help them outline their goals while
maintaining patient’s privacy and security. These policies include the procedures related to
exchanging health information, authorized uses, and patient-centered approaches. Examples
encompasses of the confidentiality approaches, security strategy, and guidelines on research
uses of health care data. They are primarily intended to help the institution promote a stronger
relationship between the physicians and the patients while maintaining patient privacy. The
contents of data protection policies and the techniques used to develop them play a vital role
in ensuring the employees stick to them. Generally, policy documents are very effective
when they are made as ongoing reference materials and easily accessible to the service
providers. Besides, they should be introduced to the employees at the start of the employment
and regularly used in employee training.
Moreover, another strategy of ensuring healthcare data security is the application of
user profile, which pertains to the directory of installed user information and settings for
related user accounts. For example, a user profile can have settings for the operating system
and installed programs (Barrigón et al., 2017). However, when a user profile is in an
operating system, it is usually unique to the same operating system on which it is stored. In
healthcare systems, a user profile can cover information accounts relating to healthcare
insurance of the patients, public and private financing, and general healthcare spending. Also,
the user profile offers an overview cover for the health system facilities, information
governance, information relating to patients’ disparities and evidence-based practices of
healthcare services (Kostkova et al., 2016). They aid in protecting the patients’ health data,
which might entail a consideration attributable to the firm’s general security program. It
involves necessary protection based on the type of healthcare information protected from
access by third parties.
Medical records in healthcare database systems can be misused unless they are
protected from unauthorized users. Patients’ identifying data, therefore, should be coded to
ensure that they are hidden from any authorized users. Whether the patient received treatment
from a medical institution for a particular disease, their healthcare records must be
confidential. Failure to protect such information, a company selling products relating to the
condition can directly contact the patient (Wang et al., 2017). However, this may not pose a
problem, but in some cases, the patient may not want the medical information to leak to the
family members through their mail. An example of such a case is when the patient has
received treatment for a sexually transmitted disease. Also, there are concerns about
discrimination resulting from health record to determine eligibility of the patient for
employment, housing, and other related services. In the US, HIPAA’s main objective is to
handle with such challenges. The United States government enacted this legislation to
address security and privacy issues surrounding personal medical data (Wilkowska & Ziefle,
2012). The Act required that physicians, healthcare givers and health plans implement
privacy rules regarding health information. In 2001, the US Congress proposed an additional
protection rule in at least three bills. The main objective of these bills was to prevent
discrimination based on patient’s genetic data concerning healthcare cover.
Discussion of Findings
As assessed in the literature review, healthcare data security and protection are a
significant issue that should be properly evaluate. One of the ways of ensuring data security
through the installation of separate database servers, and implementing the EHR systems.
Database systems should have security measures and controls to protect them from
cybersecurity risks. Having the organizational data on the same database server as its site
exposes it to all security vulnerabilities that target the websites. Healthcare organizations can
use website security protocols provided by the hosting service to protect patients’ medical
records from cyber-attacks (Keshta & Odeh, 2020). Nevertheless, their sensitive data in the
same database servers and websites are always vulnerable to attacks from online platforms
and the site itself. Any attack breach in the organization’s website allows the cybercriminal to
access the medical records in its databases.
Also, the hospitals can protect their information centers as well as the private servers
from physical attacks by mainly installing extra security controls. Typically, it is often
challenging for the institutions to detect the physical attacks by the employees or from the
outside threat, since these attacks can be simply bypassed as digital security protocol and
control, thus allowing the cybercriminals to access the firm’s physical database servers.
Thapa & Camtepe (2020) proposes that the healthcare organizations should install extra
security measures like multiple layers independent systems, which could consist of parameter
intrusion prediction, deterrent systems, and CCTV surveillance. This would avert the
cybercriminals from accessing the database servers of the health centers.
Lastly, the application of real-time monitoring of hospitals’ databases involves an
active scanning of their databases from security breach attempts. It allows the facility to react
to all possible security vulnerabilities. Healthcare institutions should adopt monitoring
software such as Tripwire’s real-time file integrity monitoring (FIM) within their databases.
According to Shakeel et. al. (2018), this software will aid the company in scanning every
database breach and enable the firm to respond to the plausible attacks. Besides, the
healthcare facilities should set up escalation procedures that would protect their confidential
data from any potential attack. Finally, auditing the database system would enable the firm to
effectively discover security threats in the database systems and develop strategies of
addressing them before they become a threat to the patients’ medical records.
Implications for this Class and the Health Care Field
Usually, medical students are not trained to possess computing skills since they do not
use the skills attained from learning to compute. Nevertheless, with the swift advancement in
technology, computers have evolved to become essential equipment; hence lacking
computing skills is perceived as a challenge. The outlined research outcome for the class
implies that medical students are obligated to attain the data security and protection skills like
strategies of detecting the data threats and approaches of addressing such threats to ensure
that they do not affect the daily operations of the facility. also, the knowledge will go a long
way in assessing the facility’s trends on the privacy and security of database systems, which
includes human error, malware or hacking, and assessing the insider threats. Overall, the
implication of the research outcomes for the healthcare industry is that the organizations and
practitioners should spend additional time and resources in ensuring that the patients’ medical
data is secure from unauthorized users and install strategies of guaranteeing that only the
authorized personnel can access the data.
Overall, the healthcare system has grown from a patient-physician relationship
dynamics to a complex network that links patients to various stakeholders in the healthcare
sector. The adoption of the new technologies into the healthcare industry is, therefore, likely
to improve the quality of healthcare services. Also, this transformation has dramatically
influenced the reduction of healthcare costs and the advancements in medical science.
Despite being beneficial to the whole industry, the transformation in technology has
adversely influenced the healthcare systems. They have tremendously increased the threat
and risk of privacy and security violation of the medical records of the patients. The growing
digitization of health and medical records has led to rising cases of medical identity theft. In
this research paper, we have discussed the security and privacy issues of medical records. We
have reviewed the existing body of knowledge across several issues about the security and
privacy of healthcare information. the research showed that the healthcare facilities must not
share or disclose the patient’s health records to unauthorized personnel without the patient’s
knowledge or consents. Due to the increasing reliance on web-based systems in managing
patients’ medical records, patients’ concerns have been given priority in security and privacy
rules. However, future studies may be conducted on the variance in security and privacy
preferences among different users in the context of online systems.
Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: preserving
security and privacy. Journal of Big Data, 5(1), 1-18.
Barrigón, M. L., Berrouiguet, S., Carballo, J. J., Bonal‐Giménez, C., Fernández‐Navarro, P.,
Pfang, B., … & MEmind study group. (2017). User profiles of an electronic mental
health tool for ecological momentary assessment: MEmind. International journal of
methods in psychiatric research, 26(1), e1554.
Hussien, H. M., Yasin, S. M., Udzir, S. N. I., Zaidan, A. A., & Zaidan, B. B. (2019). A
systematic review for enabling of develop a blockchain technology in healthcare
application: taxonomy, substantially analysis, motivations, challenges,
recommendations and future direction. Journal of medical systems, 43(10), 1-35.
Keshta, I., & Odeh, A. (2021). Security and privacy of electronic health records: Concerns
and challenges. Egyptian Informatics Journal, 22(2), 177-183.
Kostkova, P., Brewer, H., de Lusignan, S., Fottrell, E., Goldacre, B., Hart, G., … & Tooke, J.
(2016). Who owns the data? Open data for healthcare. Frontiers in public health, 4, 7.
Shakeel, P. M., Baskar, S., Dhulipala, V. S., Mishra, S., & Jaber, M. M. (2018). Maintaining
security and privacy in health care system using learning based deep-Qnetworks. Journal of medical systems, 42(10), 1-10.
Simoens, K., Bringer, J., Chabanne, H., & Seys, S. (2012). A framework for analyzing
template security and privacy in biometric authentication systems. IEEE Transactions
on Information forensics and security, 7(2), 833-841.
Thapa, C., & Camtepe, S. (2021). Precision health data: Requirements, challenges and
existing techniques for data security and privacy. Computers in biology and
medicine, 129, 104130.
Wang, S. V., Schneeweiss, S., Berger, M. L., Brown, J., de Vries, F., Douglas, I., … &
Sturkenboom, M. (2017). Reporting to improve reproducibility and facilitate validity
assessment for healthcare database studies V1. 0. Value in health, 20(8), 1009-1022.
Wilkowska, W., & Ziefle, M. (2012). Privacy and data security in E-health: Requirements
from the user’s perspective. Health informatics journal, 18(3), 191-201.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
*Price with a welcome 15% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with StudyAcademia.com
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
See why 20k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Customer reviews in total
Current satisfaction rate
3 pages
Average paper length
Customers referred by a friend
15% OFF your first order
Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.
Claim my 15% OFF Order in Chat