RapidCycleImprovementPlan-Revise1.docx6
Rapid Cycle Improvement Plan
Rapid Cycle Improvement Plan
Introduction to Problem of Interest
After an interview with the hospital’s IT manager, it was concluded that one of the main issues affecting the IT department was security. There has been more than three attempted data breaches in the hospital but its security systems had be secured enough to prevent such from happening. Patient health information is considered to be one of the most confidential pieces of information and when it falls into the wrong hands, it can cause a serious damage to their reputation and image. Data breaches is an issue for the hospital’s IT department because once it happens it can destroy the brand’s image and reputation leading to the loss of customers. This is because data breaches affect a patient’s trust in a hospital and they would tend to go where they feel like their information and statuses would be secured (Kuperman et al., 2013). A rapid cycle improvement strategy would therefore help in the identification, implementation, and measurement of changes made to improve the hospital’s information system to make it more secure against data breaches.
Objectives
The main objective of using a rapid cycle improvement plan is to ensure that the changes made to the hospital’s information system is tested over the period of months to ensure that the most effective solutions are implemented. The main objective of establishing a security culture in the hospital is to ensure that the information system is kept secure by encouraging safety measures. The rapid cycle improvement plan has enabled numerous hospitals to constantly improve how they use the electronic health record technology (Narayana et al., 2010). The implementation of the changes or improvements through the use of rapid cycle improvement plans would enable hospitals to serve their patients better, realize the benefits of electronic health records, attain their business goals, and improve on the delivery of quality healthcare.
Literature Review
Kuperman et al., (2013) discuss about Health Evaluation through Logical Processing systems which assist healthcare professionals in making logical decisions. HELP systems collects data and analyzes then provides healthcare professionals with insights to support decision making processes. The HELP system is also secured with a variety of internet and computer security controls. The article by Masrom and Rehimly (2015) discusses hospital information systems and how they provide real-time information. The article covers various data security aspects of hospital information systems discussing various controls that can be used to inform how data security breaches can be prevented. The literature written by Mehraeen et al. (2016) discusses health information security in hospitals. The book contains researched information from a survey studies on information technology managers working in hospital environments. The results of the research showed that administrative safeguards were at the medium level while technical and physical safeguards were ranked at the top with most IT managers claiming that they were strong controls. The literature by Mehraeen et al. (2016) provided the best approaches to the security issues and data breach attempts on the hospital’s information system.
The article by Narayana Samy et al., (2010) categorizes security threats to healthcare information systems. The article presents the findings of a research carried out in a hospital with a fully functional information system and an information system department and medical record department. The research concluded that the most common threats to health information systems is power failure, human error and finally technological factors in that order. The research also highlights the importance of safeguarding an information system against those factors through the use of technological controls such as encryption, backup, and deployment of physical controls and technical controls. The article by Samy et al., (2019) identifies the threats to healthcare information systems based on a research conducted on various hospitals’ information technology departments. This article also confirms that the most critical threats to healthcare information systems are power failure and human error. Human error is the leading cause of the increasing frequency of data breach attempts. This article confirms that employees’ ignorance, recklessness, curiosity, and sharing of passwords proves to be a threat to data security. The article also proposes rigorous training of the employees to improve on data security.
Action Program
The action program is to establish a security culture in the hospital. Despite the implementation of antivirus software, firewalls, and intrusion detection software, people are considered to be the weakest link in the security chain. Therefore, establishing a security culture in the hospital through the sensitization of workers to adhere to security protocols would help in ensuring maximum security of electronic health records (Samy et al., 2019). With the implementation of a security culture in the hospital, it is expected that all the 57 hospital employees would understand the importance of adhering to the organization’s security measures. The sensitization program is set to continue for 3 months, with new employees being oriented about the hospital’s information security issues and best practices (Mehraeen et al., 2016). With the implementation of the system, it is expected that the hospital would minimize on the information system’s operational costs since it would be expected would use less resources or outsource security experts to assess the security status of the information system.
Do
All the 57 hospital employees including the subordinate staff would be educated on the importance of adhering to the hospital’s security plan. The plan would be to ensure that they are educated on the importance of locking every doors as they leave, logging out from any hospital’s device when not in use, constantly change their passwords, refraining from downloading applications from suspicious and unauthorized sites, sharing patient information with third parties, and refraining from sharing their system usernames and passwords.
Study
After the first month of training all the employees on the importance of following the security protocols, an observational assessment would be conducted to determine the effectiveness of the program. The observation would provide more insights on whether the employees closed their doors upon leaving rooms, logout from the hospital’s information system when not in use, refrained from downloading applications from unauthorized platforms, and refrained from sharing their usernames and passwords. An interview would also be conducted on the employees to determine the frequency with which they changed their passwords, and if they have ever shared patient information with any third parties.
Act
The results from the assessment indicated a significant improvement in the staff’s behavior towards ensuring that the security of the hospital’s information system is maintained. A significant number of the employees closed their doors on leaving rooms, logged out from the system when not in use, and also periodically changed their passwords (Masrom & Rahimly, 2015). However, more improvement needs to be conducted to ensure that only certain applications are allowed to be used and downloaded by the staff to ensure that the system remains secure since attackers may disguise some of the malicious applications as legitimate ones.
Conclusion
Most cybercrimes target hospital systems since that is where sensitive data is stored. Along with the extra precautions mandated by the Health Insurance Portability and Accountability Act of 1996, hospitals need to be vigilant about patient data protection. According to cybersecurity experts, people are considered to be the weakest links in the security chain and this means that they are easy targets for attackers. Therefore, to achieve a secure information system, people should be brought on board with the latest security practices. To achieve this, hospitals need to implement security measures and establish a security culture. Employees must be willing to protect the hospital’s information system by following the best practices. A security culture can be achieved by training employees on the importance of adhering to the set security protocols. After the training, an observational evaluation should then be conducted to determine whether the employees are putting their training into practice. After the assessment the necessary changes can be implemented to ensure an improvement in the security initiatives.
References
Kuperman, G. J., Gardner, R. M., & Pryor, T. A. (2013). HELP: a dynamic hospital information system. Springer Science & Business Media.
Masrom, M., & Rahimly, A. (2015). Overview of data security issues in hospital information systems. Pacific Asia Journal of the Association for Information Systems, 7(4), 5.
Mehraeen, E., Ayatollahi, H., & Ahmadi, M. (2016). Health information security in hospitals: the application of security safeguards. Acta informatica medica, 24(1), 47.
Narayana Samy, G., Ahmad, R., & Ismail, Z. (2010). Security threats categories in healthcare information systems. Health informatics journal, 16(3), 201-209.
Samy, G. N., Ahmad, R., & Ismail, Z. (2019, August). Threats to health information security. In 2009 Fifth International Conference on Information Assurance and Security (Vol. 2, pp. 540-543). IEEE.
Appendix
Interviewer: As an IT manager, what are the main challenges have you encountered in your role?
IT Manager: The main challenges are in ensuring the security of the information system. A lot
of data breaches have been observed in the past few years and their frequency has been alarming.
Interviewer: What would you say about the security of this hospital’s information system?
IT Manager: The security of this hospital’s information system is top notch since all the security
controls have been successfully implemented. However, my biggest worry is with the people since most of them seem not to care about the internet security protocols established.
Interviewer: Thank you for your time.
IT Manager: Welcome.
