Business Intelligence Term Paper
Despite the objective process of IT-integration of the resources of various medical institutions, these resources often consist of disparate, poorly comparable implementations that need to be made to interact with other systems. The prevalence of full-featured systems is currently insufficient. The current practice is aimed at automating fiscal and partly reporting functions, rather than reducing the ambiguity of information in order to improve the effectiveness of medical decisions and implement procedures in accordance with standards of treatment and resource efficiency.
A vivid example illustrating all the above problems of medical IT systems and ensuring the safety of data circulating in them is the My Health Record system.
One of the main problems in creating a medical information system is information security. At the same time, attention is paid to both the patient health data and the course of the medical diagnostic process, as well as the information that constitutes the essence of the system itself – the codes of its modules, the organization of storage and processing of data, the contents of system-wide reference books.
In order to evaluate all the features of personal data protection My Health Record Systems, it is necessary to consider the main legislative practice envisaged in Australia, taking into account the latest changes.
The Privacy Act, Healthcare Identifiers Act and My Health Records Act (created specifically for the My Health Records system) are the main legal documents regulating the protection of personal data, taking into account all subsequent changes and additions (Yue 2016). Here, not only is the concept of personal data given, but also the possible relationships, including in the medical institution, for the collection, processing, and storage of information related to personal data subjects are regulated.
The peculiarity of medical information is its confidentiality. A number of data entered, processed and stored during the operation of medical information systems are personal data or may constitute a medical secret. In addition, the My Health Record database contains critical information, which can often depend on human life, so the key to the system should be to ensure the integrity of the database, as well as the ability to monitor the status of the system and its security. But increasing the level of security can negatively affect the speed and reliability of the software.
To improve the confidentiality of the My Health Record system and the protection of information, it is necessary to take into account each of the stages of its processing: from the moment of receipt of data into the system, at the initial circulation, to destruction, at the expiry of the limitation period of storage. Analyzing the above-mentioned documents, it is possible to single out the following stages of the system’s work on the collection and analysis of information (Gottlieb 2016).
The information enters the system when the patient first contacts the medical institution – at this stage, the patient data is collected and processed, the results of the primary diagnosis, the prescriptions of the medicines and procedures are made.
The second stage is the processing of information, the transfer of data into a standard electronic format and entry into the database.
The next step is to store information in the database, while the medical system can periodically access the stored information.
When a patient re-contacts a given medical institution, information about him in the database is updated and corrected, data for medical statistics are collected. After the expiration of the established storage period, the information in the system is disposed of, or transferred to distant archives – consolidated.
If you consider data protection in the My Health Record system from the point of view of information lifecycle management, you can identify the main processes in medical systems, the course of which is the greatest risk in terms of information security:
- data storage;
- processing of information in the system, the need for which occurs both in the primary and in the
- every re-appeal of the patient to a medical institution; the exchange of information using various communication channels (both within medical systems,
- both inside and outside the country); the use of external storage media – optical discs, removable hard drives, mobile devices (PDAs, laptops, smartphones), USB flash drives, iPods, etc.
Therefore, as a necessary protection against external attacks, it is advisable to introduce control over servers, switches, and workstations for unusually high activity, to fully use anti-virus protection on servers and workstations, to monitor all updates for existing operating systems.
My Health Record system needs to be improved taking into account a number of factors. First, it is important to ensure the further integration and interaction of information systems (Park 2017). It is necessary to ensure the mobility and dynamism of data processed in information systems. Information stored in health information systems should always be available for use by persons with a legitimate interest and regularly updated.
Secondly, it is necessary to expand the field of useful use of information systems, including through the possibility of connecting to these systems third parties offering innovative solutions in telemedicine. Thirdly, attention should be paid to ensuring the rights of citizens’ access to personal electronic records stored in information systems, including information management powers (Lloyd 2017).
The problem of obtaining consent to the processing of personal data is perhaps the most acute and controversial. The cornerstone of this problem can be called the requirement of concreteness of this consent. Since in medicine the information about health is mainly processed, the task of obtaining consent is also complicated by the necessity of observing the written form with a number of additional formalities.
As far as the development of technologies for remote processing of personal data, compliance with the requirement for informed consent is becoming purely formal and does not provide a genuine realization of the autonomy of the will of a person. As a result, the need to comply with all formalities is transformed from guarantees of the right to inviolability of the person into additional barriers for the dissemination and use of new technologies. In the My Health Record system, this is manifested with particular acuity.
Australian law fixes significant barriers to the free transfer and further processing of information on the health status of citizens (Aicardi 2016). In the conditions of the development of medical technologies, compliance with all these requirements is difficult and not always possible. The following requirements are among the most difficult to comply with requirements in the My Health Record system:
- specific agreement regarding the list of personal data, processing purposes, actions with personal data;
- written consent form;
- to specify the requisites of documents of the personal data subject;
- to the enumeration of specific personal data processors and some other mandatory provisions.
Realization of the potential of medical information technologies does not always imply the possibility of predetermining a specific list of personal data, the purposes, and methods of their processing. In particular, this concerns the processing of personal data in medical research. The list of personal data, goals, and methods of their processing in the My Health Record system are dynamic, which from the formal point of view raises the question of the need for regular consent of the subject of personal data.
Written consent can also be given in the form of an electronic document signed by an electronic signature. The legislation does not specify what kind of electronic signature can be used to represent consent, from which it can be concluded that it is sufficient to use a simple electronic signature. This greatly facilitates the remote provision of consent, although it does not exclude the need for generating codes and passwords through which the identity of the person signing the electronic document is identified.
The requirement to indicate the full details of the main document that certifies the identity of the subject of personal data is superfluous. First, this requirement loads the actors of encumbrances with encumbrances that have a dubious need to ensure informed consent. Secondly, the law obliges to provide these very “sensitive” information, even if the subject of personal data does not want to provide them to the operator, and the operator does not need this information to achieve the purposes of processing personal data. Thus, the ability to process personal data with the written consent of the subject in the My Health Record system, involving the processing of large amounts of dynamic information, is substantially limited by the scope of the current legislation.
Protection of any confidential information requires the application of a whole range of legal, organizational and technical protection measures. At the same time, the security levels and the ratio of these measures should depend on many factors: the volume of data processed, the degree of data sensitivity, the number of persons having access to data, the voluntariness / compulsory data transfer to processing, the dynamism / static data stored in the database, etc. Information systems of personal data used in telemedicine have such characteristics that require the greatest level of protection (Caraballo 2017). The most important tasks of ensuring the security of information systems in telemedicine are: providing access to personal records of the health of citizens only to persons with a legitimate and reasonable interest (including accreditation, confidentiality, notification of information leaks, storage of personal data, etc.).
Finally, another important block of issues related to the protection of personal data in telemedicine concerns the security of information systems of personal data used in medicine.
Protection of any confidential information requires the application of a whole range of legal, organizational and technical protection measures. At the same time, the security levels and the ratio of these measures should depend on many factors: the volume of data processed, the degree of data sensitivity, the number of persons having access to data, the voluntariness / compulsory data transfer to processing, the dynamism / static data stored in the database, etc. Information systems of personal data used in telemedicine have such characteristics that require the greatest level of protection.All free term paper examples and essay samples you can find online are plagiarized. Don't use them as your own academic papers! If you need original term papers, research papers or essays of the highest quality, don't hesitate to contact professional academic writing services like EssayLib. Here you can order your custom paper written according to your specifications. A team of highly qualified writers are available 24/7 for immediate help:
Aicardi, C., Del Savio, L., Dove, E. S., Lucivero, F., Tempini, N., & Prainsack, B. 2016, Emerging ethical issues regarding digital health data. Croatian medical journal, 57(2), p.207.
Caraballo, P. J., Bielinski, S. J., Sauver, J. S., & Weinshilboum, R. M. 2017, Electronic Medical Record‐Integrated Pharmacogenomics and Related Clinical Decision Support Concepts. Clinical Pharmacology & Therapeutics, 102(2), pp. 254-264.
Collen, M. F., Slack, W. V., & Bleich, H. L. 2015, Medical databases and patient record systems. The history of medical informatics in the United States, pp. 207-288.
Durairaj, M., & Ramasamy, N. 2015, Intelligent Prediction Methods and Techniques Using Disease Diagnosis in Medical Database: A Review. International Journal of Control theory and Applications, 8(5).
Erlich, Y., & Narayanan, A. 2014, Routes for breaching and protecting genetic privacy. Nature Reviews Genetics, 15(6), pp. 409-421.
Gottlieb, L., Tobey, R., Cantor, J., Hessler, D., & Adler, N. E. 2016, Integrating social and medical data to improve population health: opportunities and barriers. Health Affairs, 35(11), pp. 2116-2123.
Lloyd, I. 2017, Information technology law. Oxford University Press.
Mason, R. O. 2017, Four ethical issues of the information age. Computer Ethics. Routledge, pp. 41-48.
Muhsin, Bilal, Anand Sampath, and Travis Gruber. 2015, Systems and methods for storing, analyzing, retrieving and displaying streaming medical data. U.S. Patent No. 9,142,117. 22
Park, R. W. 2017, Sharing clinical big data while protecting confidentiality and security: observational health data sciences and informatics. Healthcare informatics research, 23(1), pp. 1-3.p. 12.
Sabău-Popa, D., Bradea, I., Boloș, M., & Delcea, C. 2015, The information confidentiality and cyber security in medical institutions. The annals of the university of Oradea, p. 855.
Seera, M., & Lim, C. P. 2014, A hybrid intelligent system for medical data classification. Expert Systems with Applications, 41(5), pp. 2239-2249.
Yue, X., Wang, H., Jin, D., Li, M., & Jiang, W. 2016, Healthcare data gateways: found healthcare intelligence on blockchain with novel privacy risk control. Journal of medical systems, 40(10), p. 218.