information governance program paper
The CEO and Board of Directors have tasked you to develop a proposal (paper) that will give them the knowledge needed to make informed decisions on an enterprise-wide Information Governance program, addressing (at a minimum) all of these issues, for the company.
Body
i. Program and technology recommendations, including:
1. Metrics
2. Data that matters to the executives in that industry, the roles for those executives, and some methods for getting this data into their hands.
3. Regulatory, security, and privacy compliance expectations for your company
4. Email and social media strategy
5. Cloud Computing strategy
b. Conclusion
c. References
2. You must include at least two figures or tables. These must be of your own creation. Do not copy from other sources.
3. Must cite at least 10 references and 5 must be from peer reviewed scholarly journals (accessible from the UC Library).
4. This paper should be in proper APA format and avoid plagiarism when paraphrasing content. It should be a minimum of 8 pages in length (double-spaced), excluding the title page and references.
information governanceInformation Technology
2
Portfolio Project: Milestone
Healthcare Sector
Manchoopaporn Boonchoo
Department of Computer and Information Technology, University of The Cumberlands
ITS 833: Information Governance
Dr. Brian Toevs
April 19, 2021
Executive Summary
Information governance is an essential tool within any organization that makes it easier to increase our functioning and performance. The health care industry requires to have sufficient information governance since it is critical when updating and dealing with patients and also maintaining our information for future referrals. Information is a critical tool that helps make sure that there is sufficient communication and interaction within the organization which is vital for our performance. The organization has to make sure that they do incorporate the proper strategies to help improve flow of information, security of the data, proper storage and planning of the information within the organization. There is a failure of the information reaching numerous entities when there is need is a major issue thus it is important to find out the arising issues and how to manage them. It is important to try and computerize the existing data which is mainly in hard copy files that reduces the efficiency of sharing information which is a major issue hindering the functions and responsibilities of other executives in the workplace. Incorporation of technology into the information governance is essential in making sure that they do take advantage of existing technologies to hasten the process, improve on security while making sure that they use the information to provide the company with a competitive advantage. As the new CIGO, I do believe that the introduction of the above changes and embracing technological advancement will help make positive changes for Jira Healthcare. It is for the benefit of the Jira Healthcare, the general community and the patients when we opt to improve information governance.
Introduction
This proposal presents a comprehensive analysis and recommendations to bring the information governance of Jira Healthcare into compliance with industry Best Practices and legal compliance and to better manage our records to streamline the workload of the organization staff, doctors, and nurses to improve patient outcomes.
This proposal will address the following critical issues:
· Regulatory requirements found in the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the CFR Title 21, Part 11 Pharmaceuticals, and others could later be identified.
· Best Practices that are applicable to the healthcare industry.
· Risk Management and Mitigation.
· Information Security and Governance.
· Records and E-Records Management.
· Metrics to evaluate Information Governance (IG) Performance.
· Patient record keeping.
· Email and social media strategy.
· Cloud Computing strategy.
· Outline of a Proposed IG Strategic Plan.
Information governance is a sensitive part of any organization in the current market, which is a major influence on the company’s functioning and performance. It is important to understand that any organization needs to develop proper information governance to help reduce their current problems, but especially critical to ours because we deal with human life and death. Our practice is having serious issues with the flow of information throughout our practice and the interfaces with other health organizations and with our patients. This is a major threat since one part of the practice might fail to receive information on time, leading to serious repercussion with our patients. Chiasson & Davidson (2005) explained that the lack of the proper flow of information might result to poor management and planning which is a major issue that implies that it is essential to develop the proper understanding of the need for information to be consistent through the workplace. In our case, poor management can also impact patients’ health. In the digital era, confidentiality and privacy of personal data are most important. For our company and patient’s trust, we are compelled to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This act was passed to improve the US healthcare system’s efficiency and quality through developed information sharing. As well as increasing the use of E-Records, HIPAA has provisions to protect the security and privacy of protected health information. The present issues such as duplication of the workplace information are a threat to the patients’ records which is not appropriate and might discourage the patients from reaching out and opening up regarding their personal issues. The concept is a threat to the workplace’s entire functions because it is a major threat that is not appropriate. Embracing technology within the work environment will help make it easy to store, retrieve, and convey the information to all the available parties within the workplace, which is relevant to how they perform (Ratna, 2019). Technology is essential, but it is important to develop information governance policies early in order to prevent serious missteps, non-compliance and to ensure proper functioning and performance. Also, it is important to introduce and boost information security within the workplace since there is an increased risk of compromise with information technology.
As being addressed, this Information Governance program is a new project that Jira Healthcare has decided to develop and to become an integral part in our business model. For the over 50 years that Jira Healthcare has been operating, we have adapted many changes to keep with the technology and the times. The establishment of this new Information Governance department is one of them. We, as a practice, have struggled with the big change of the digital era in which data and information drive a large part of our business requiring streaming data to be real-time, accurate, accessible, and well protected. Our goal toward this change is to successfully create this new department that will work specifically to governing information throughout the practice.
Annotated Bibliography
Chiasson, M. W., & Davidson, E. (2005). Taking Industry Seriously in Information Systems
Research. MIS Quarterly, 29(4), 591-605. doi:10.2307/25148701
The author opines that industry is an important concept for both organizations and individuals. The government plays a vital role in maintaining industry statistics, developing regulations for various industries, and formulating legislation to protect others. However, in the past years, industries have received minimal attention in information system research and theory regardless of its increasingly significant influence on information system activities. This is particularly more evident in some industries examined in IS research and the industry theory’s infrequent consideration. The instructional theory postulates that several industries can be addressed by determining how they affect IS activities. Industries usually provide an essential contextual environment for building new IS theory and evaluating the boundaries of existing IS theory. Therefore, the industry represents an increasingly important impact on the effects on meaning and pattern of information system activities. Thus, more attention needs to be accorded to the industry in IS theory.
El aboudi, B., & Benhlima, L. (2018). Big Data Management for Healthcare Systems: Architecture,
Requirements, and Implementation. Advances in Bioinformatics, 2018, 1–10.
https://doi.org/10.1155/2018/4059018
The increased population of older adults have had serious implications in the healthcare systems and relying on the preexisting classical systems will likely lead to a decline in life quality. Thus, the healthcare industry’s increased data has prompted the integration of big data strategies to advance the quality of healthcare. The incorporation of big data techniques in the current data management architecture in healthcare systems has been faced with huge problems in stopping emergency cases. The article proposes an extensible big data design technique founded on batch and stream computing to improve healthcare systems’ reliability and establish and create real-time alerts and assist in making predictions regarding patients’ conditions. The proposed architecture recommends implementing the prototype in healthcare systems that will assist in generating real time alerts. The management of Big data plays a significant role in disease management and acts as a guide in diagnosis, prevention and treatment of various illnesses. The benefit of data security and privacy is achieved by effectively executing the big data healthcare systems. This paper will provide useful input to describe some of the data that matters to executives in the healthcare industry.
Griffin, J. G. H. (2014). The future of technological law: The machine state. International Review of
Law, Computers & Technology, 28(3), 299–315.
https://doi.org/10.1080/13600869.2014.932520
According to the article, the advancement in technology is likely to alter the present legal regulations. Therefore, law and governance need to be described in terms of the preexisting regulation as the growth and development of digital technologies offer a new regulation technique. The author contends that the natural characteristic of technology is likely to become integral in the digitalization of law. The law has turned into a progressively digital entity and has become more apprehensive with an impeccable reproduction of law upon an individual and about in its scope. Further, digital technologies’ advancement poses a great change in the regulatory relationships amongst individuals and the government. This is a steep challenge that the government needs to address. Technology development has resulted in innovation, the, the internet, war, industrial upheaval, peace, extermination machinery and peace. Thus, the technological development has led to the growth of a machine state.
MacLennan, A. (2014). Information Governance and Assurance: Reducing Risk, Promoting Policy.
Records Management Journal (London, England), 24(3), 253–255.
https://doi.org/10.1108/RMJ-08-
2014-0034
The article examines the external factors such as legislation, standards, and regulations that affect an organization towards practicing effective information governance. This helps the organization avoid penalties, defining benchmarks that are against the performances and organizational practices. Information governance describes the process of imposing strategies and rules which govern an organization’s information. These practices result in efficient, effective, and ethical usage of information and assist in avoiding the legal effects and assigning legislative recognition of these practices’ legal correctness. In the past years, numerous organizations have been struggling to follow the legal requirements to establish well-organized and effective records management. According to the article, the upsurge in online activity requires people to ensure their personal information easier accessibility to organizational information. The article also discusses the benefits of one seeking an individual consent before obtaining their data which is essential in protecting the individual vital interests This paper will be useful for my work in contributing to the discussion on regulatory compliance, data security and privacy, which are hugely significant to the healthcare industry.
Ismail, M. (2020). Requirements of Health Data Management Systems for Biomedical Care and
Research: Scoping Review. Journal of Medical Internet Research, 22(7), e17508–e17508.
https://doi.org/10.2196/17508
The author posits that the recent disrupting instances in biomedical research and clinical medicine have resulted in a remarkable modification in health data management systems. This mainly due to numerous inventions that have been achieved in the medical field and the need for integrating the internet of things (IoT), big data analytics in the health management system. Other patient care has evolved, resulting in more accurate diagnoses and prognoses. The historical development of the healthcare management systems has resulted in developing a specific health care management system. The author provides more insight into these systems and determines their benefits and application in the health care system. The comprehensive data management systems enable patients, physicians, and other stakeholders to contribution their lifestyle and medical data into the system. Further, the integration of big data assists in improved identification and prediction of disease. Consequently, the result prediction helps in the development of an effective preventive plan.
Wass, S., & Vimarlund, V. (2019). Same, same but different: Perceptions of patients’ online access to
electronic health records among healthcare professionals. Health Informatics Journal, 25(4),
1538–1548.
https://doi.org/10.1177/1460458218779101
The advancement in information sharing has resulted in the application of various services in the healthcare organization. Patients can easily access their information online. The articles illustrate that healthcare professionals are working in direct care experience various benefits, including augmented adherence, explanation of imperative information, and the likelihood for patients to control what is predictable. However, physicians in the outpatient clinics are less persuaded concerning these reimbursements of PAEHRs which makes their patients more upset, excessively worried due to information misinterpretation. Nonetheless, patient access to information has resulted in a significant transformation in information documentation amongst most healthcare specialists. The increased focus on patient involvement and engagement has led to the creation of a more patent technique. A patient-centered approach can improve healthcare delivery and outcomes due to an improved understanding of healthcare information.
Literature Review
Information governance in the health care industry describes the structures, procedures, and policies developed and followed to collect, organize, utilize, and secure patient data (Maclennan, 2014). As a result, the healthcare sector has designed different healthcare systems to help overcome data management challenges. Hence, good information governance will ensure that all healthcare practitioners in a collaborative manner provide better and efficient care to their patients following an improved holistic view of the information used. Further, the modern digital world has prompted organizations to depend on timely access to accurate information significantly. In such a way, most organizations have to deal with a lot of information that is sometimes unstructured for direct analysis. In the healthcare sector, operations’ digitalization has dramatically changed how things are done, causing an increased need to adapt and utilize information governance technologies. These include the program and technology recommendations developed to ensure that the value of patient information is maximized and the costs and potential risks are reduced (Maclennan, 2014). The IG programs and recommendations seek to maximize the information value resulting from the increasingly widespread use of mobile and wearable sensors technologies.
According to Wass & Vimarlund (2019), information governance in the healthcare industry will be influenced by metrics developed to foster, monitor, and evaluate the identified system’s success essentially because the governance metric ensures that all stakeholder needs, options, and conditions are analyzed to determine the balanced and agreed-on industry objective, and improved patient care. Appropriate metrics must be used to assist management teams in establishing key management activities such as planning, building, operating running, and monitoring online for the organization’s set healthcare objectives. For instance, patient care could be measured to benchmark the quality and safety of service provided, while care management metrics in the industry utilized to help measure and control the effectiveness of healthcare services provision. Established practices and results should be audited to assess their compliance with meeting goals and target adherence (Wass & Vimarlund, 2019). Program and technology metrics will raise awareness about the current state of information in the healthcare industry with respect to the risks, controls, and vulnerabilities.
Nonetheless, information plays a significant role in making an organization better and promotes new developments. According to El Aboudi & Benhlima (2018), however, a drastically increasing aging population in the country faces possible declining life quality experiences mainly because the industry continued to use the antiquated systems. Fortunately, increased use of electronic information by patients has pushed organizations to expand the information revolution. Electronic information, including emails, instant messages, and social media posts, provide unstructured data. In such a way, accessing big data in the industry has seen integrating big data strategies with advanced healthcare quality (El Aboudi & Benhlima, 2018). Essentially, the more information the organization has, the higher the ability to optimally provide improved outcomes. This is an important milestone of maximizing information governance potential.
According to Ismail (2020), unfortunately, the techniques applicable for incorporating such big data in the data management system faces major setbacks, mainly in stopping emergency cases to remain effective. Therefore, it becomes essential that an extensible design technique for big data is founded to improve these healthcare systems’ reliability. Further, this will ensure that real-time alerts are created as well as to make predictions about the patients’ health conditions (El Aboudi & Benhlima, 2018). This makes the cloud computing strategy important mainly because it can improve the data quality while leveraging strategic decision-making. The cloud computing strategy promotes the movement from on-premises software to adapting the new on-demand cloud solutions. The investment into such cloud strategies has reduced cost and mitigates potential risks.
According to Griffin (2014), it is important to consider that advanced technology alters the present legal regulations. Mainly digital technologies advances have caused a significant change in how relationships between individuals and institutions are regulated. Hence, the growth, increase the challenges by promoting the development of the machine state. As a result, legislation, standards, and regulations have been implemented to help healthcare organizations avoid penalties, defining objective benchmarks against their performance and practices. Therefore, law and governance need to be described in terms of the preexisting regulations as the growth and development of digital technologies offer new regulation techniques. As such, healthcare providers should ensure that they adopt well-designed information governance structures and policies to protect patient data.
The benefits of data security and privacy are achieved by effectively executing big data healthcare systems. Executives’ effort in the healthcare industry is promotes the management of big data to play a significant role in disease management. Besides, the management acts as a guide in diagnosing, preventing, and treating various illnesses. In this case, executive members in the industry receive different information sources, including those from the hospital records, medical examination, medical records, and devices from the internet. Therefore, they ensure that their organization’s information is monitored so that the information environment is structured (Chiasson, & Davidson, 2005). A monitoring and audit program ensures that all the processes are in place to check that the information governance consultancy framework is successfully implemented.
References
Chiasson, M. W., & Davidson, E. (2005). Taking Industry Seriously in Information Systems
Research. MIS Quarterly, 29(4), 591-605. doi:10.2307/25148701
El aboudi, B., & Benhlima, L. (2018). Big Data Management for Healthcare Systems: Architecture,
Requirements, and Implementation. Advances in Bioinformatics, 2018, 1–10. https://doi.org/10.1155/2018/4059018
Griffin, J. G. H. (2014). The future of technological law: The machine state. International Review of
Law, Computers & Technology, 28(3), 299–315. https://doi.org/10.1080/13600869.2014.932520
Ismail, M. (2020). Requirements of Health Data Management Systems for Biomedical Care and
Research: Scoping Review. Journal of Medical Internet Research, 22(7), e17508–e17508. https://doi.org/10.2196/17508
Maclennan, A. (2014). Information Governance and Assurance: Reducing Risk, Promoting Policy.
Records Management Journal (London, England), 24(3), 253–255.
https://doi.org/10.1108/RMJ-08-2014-0034
Wass, S., & Vimarlund, V. (2019). Same, same but different: Perceptions of patients’ online access to
electronic health records among healthcare professionals. Health Informatics Journal, 25(4),
1538–1548. https://doi.org/10.1177/1460458218779101
In business consideration for successful Information governance program, we have learned from “The Path to Information Value” of managers and executives say data are “extremely important” for creating competitive advantage. In addition, it is implied by the authors that, “The key, of course, is knowing which data matter, who within a company needs them, and finding ways to get that data into users’ hands.” Based on the healthcare company
1) the data that matters to the executives in that industry,
2) who, within that industry, needs that data,
3) some methods for ensuring that the critical data gets into the users’ hands
1. The data obtained at the point of care in the hospital, medical facility, or clinic is known as the Electronic Medical Record (EMR). This data is typically not provided outside the medical practice; it is typically an electronic version of the paper records the doctor prepares after a patient visit. The executive or in this case the doctor should know the data inside and out. The data It is required to make thoughtful and patient-centered recommendations.
2. The clinical data obtained by the Electronic Health Record (EHR) is a much broader view of the
patient and facilitates large professional collaborations such as with the National Institutes of Health (NIH), National Heart, Lung and Blood Institute (NHLBI) in the healthcare industry or even between departments in other industries such as financial institutions, government agencies, insurance companies, and Solicitors.
3. EMR is used to share critical data with the users in the health industry. It contains highly sensitive data and also needs to be shared with the users. So, blockchain provides the trustable and secure data management of EMR and provides a sharing system. Data sharing can be done using a two-factor authentication method, which includes the consent via online methods and exchanging health information. Data can be shared by using cloud services like google drive, Dropbox, etc., which provides the encryption end to end between the different parties.
Explanation:
1. Electronic Health Records include demographic and administrative information, treatment, diagnosis, demographic information, physiologic monitoring data, laboratory tests, prescription drugs, patient insurance, hospitalization, etc. (2020). This is accessed by internal staff. This data can provide meaningful insight into the clinical approach and methods that are required for different situations. Also, this information is helpful for the executive to determine how they contrast to peer organizations.
2. Over the years, health data management systems have transformed from paper to e- record, cloud computing, big data analytics, and blockchain. The types of data include medical record data, real-time data access, patient participation, data sharing, data security, patient identity privacy, and public insights. Clinical research is important to the NIH and other executives in the healthcare industry as it has a mission of improving health, lowering the burdens of disability and illness, and lengthening life. This data helps in gaining insights and provides solutions to the safety and effectiveness of other therapies. The data varies among the different institutes like NHLBI that has centralized access to many clinical trials. Ismail suggests in the requirements of Health Data Management Systems for Biomedical Care and Research that healthcare organizations need a comprehensive real-time, secure, and efficient health data management system that allows physicians, patients, and external users to input their medical and lifestyle data into the system. Incorporating big data analytics will aid in better prognosis or diagnosis of the diseases and the prediction of diseases. The prediction results will help in the development of an effective prevention plan (Ismail, 2020). As with all types of processing, insurance companies and solicitors must have a lawful basis for processing patient data. Under the Data Protection Legislation, sharing personal data is permitted for the establishment, exercise, defense of legal claims or in connection with legal proceedings, potential legal proceedings. The potential to share patient data with insurance companies and solicitors should be outlined to patients in the Privacy Policy to ensure transparency obligations are met. Insurance companies and solicitors process patient data for their own purposes (e.g., for claims handling), meaning they are data controllers (Smith, 2018). Sharing patient data with data controllers does not require a written contract to be in place between the parties to comply with the General Data Protection Regulation (GDPR) (Dumitrescu, 2018). However, only the information that is required by the insurance company or the solicitor to handle the claim or provide the advice must be shared.
3. The way that the data is shared among different users is by using the EMR method. In healthcare, a method of creating and transferring EMR data is performed between different users is basically a transaction. The group of transactions is integrated into the ledger, which represents the condition of the network. As this data is very sensitive, blockchain is used to maintain its security, which uses cryptographic primitives like digital signatures and hashing. Two-factor authentication is used for sharing the data among users, which combines “what you have” and “what you know” is more feasible. It allows sharing of data with greater security. Cloud services like google drive and dropbox help share the data among different users having end to end encryption features. It does not require the encryption of the same data while sharing it with multiple users. Also, if the user requires the relevant part then, the cloud also provides this facility.
Reference
Dumitrescu, R. (2018). Processing of personal and medical data by judicial institutions in the context of
the enforcement of Regulation EU 2016/679 – General Data Protection Regulation (GDPR). Journal of Comparative Research in Anthropology and Sociology, 9(1), 1–18.
Ismail, M. (2020). Requirements of Health Data Management Systems for Biomedical Care and Research:
Scoping Review. Journal of Medical Internet Research, 22(7), e17508–e17508.
https://doi.org/10.2196/17508
Smith, A. (2018, September 6). Who Can (and Can’t) Access Medical Records. The Records Company.
https://www.therecordsco.com/who-can-and-cant-access-medical-records/.
University of Washington. (2020, December 4). Data Resources in the Health Sciences: Clinical Data.
Health Sciences Library. https://guides.lib.uw.edu/c.php?g=99209&p=642709#12209007.
the risk companies face over unstructured data raises concerns that need to be addressed when a company uses social media.
Social media users concern about their protection has spiked lately. Occurrences of information breaches have frightened numerous clients and forced them to reexamine their connections to web-based media and their data security (Jalali & Kaiser,2018). The dramatic story of Cambridge Analytica is a vivid example. The firm abused the private data of more than 50 million Facebook clients that potentially impacted the 2016 Presidential election decision (Chang, 2018). This model and others have consistently weakened public trust and brought about numerous clients contemplating whether or not disclose their personal information on social media.
As indicated by an investigation of web-based media, clients report being worried about organizations and publicists getting to and utilizing their web-based media posts. These developing protection concerns have triggered the backing for tighter guidelines. Given the present online media security issues and concerns, network safety experts will assume a fundamental part in ensuring web-based media clients’ information and individual data. Those keen on acquiring the ability expected to pursue a vocation in network safety would do well to consider obtaining a postgraduate on the subject.
Ordinarily, these worries originate from the universal presence of web-based media in individuals’ lives. These associations can leave clients helpless, frequently with nowhere to turn for assistance. People have had their web-based media accounts taken over by an unapproved client. Such malware hacks can cause data to be taken or diverted to other platforms. Online media platforms, which gather and store vast measures of individual data with low administrative oversight, fill in as appealing focuses for hackers to gain entry and steal or alter data.
Cybercriminals are adept at deceiving web-based media clients to give over delicate data, take individual information, and access accounts that clients think are private. Everybody leaves an information trail on the web. Each time somebody makes a web-based media account, they give individual data that can include their name, birth date, geographic area, and personal interests. Moreover, organizations gather information on client practices: when, where, and how. The entirety of this information is stored and then utilized by organizations to more readily target potential clients. These organizations often share clients’ data with outsider elements, typically without clients’ information or permission.
Phishing is quite possibly the most well-known way unscrupulous actors endeavor to access delicate individual data. Typically, as an email, an instant message, or a call, a phishing assault introduces itself as a message from a real association. These messages trick individuals into sharing delicate information, including passwords, banking data, or charge card numbers. Phishing assaults frequently act like web-based media stages (Cisco, 2017).
Malware (malignant programming) is intended to access PCs and the information they contain. Once the malware has penetrated a client’s PC, it very well may be utilized to take delicate data (spyware), coerce cash (ransomware), or benefit from targeted advertisement (adware). Web-based media platforms are an ideal conveyance framework for malware wholesalers. When a record has been undermined (frequently by acquiring passwords through a phishing assault), cybercriminals can assume control over that record to convey malware to the entirety of the client’s companions or contacts (Cisco, 2017).
To increase cybersecurity capabilities in the healthcare industry, chief information officers’ primary focus and chief information security should be to simplify endpoints and improve internal stakeholder alignment. These strategies can solve cybersecurity problems more effectively. Reducing the difference in resource availability makes the entire system less vulnerable. Organizations with low resources for cybersecurity threaten the entire healthcare infrastructure (Jalali & Kaiser,2018). Organizations should set their cybersecurity goals to exceed current regulatory and policy requirements. Nowadays, most of these policies address data privacy, not data security. Therefore, policymakers need to present policies that are not only but also leverages cybersecurity capabilities. But also reduces the variability of resource availability across all healthcare systems. The cyberattack laid out above will continue to present protection dangers. The potential consequences of cybersecurity risks prompted. The congress to establish the health care industry cybersecurity task force. Develop cybersecurity capabilities, thereby improving their resiliency to cyberattacks.
Reference
Chang, A. (2018, May 2). The Facebook and Cambridge Analytica scandal explained with a simple diagram. Vox. https://www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-
cambridge-analytica-trump-diagram.
Cisco. (2017, October 15). Cyber attack: what are common cyberthreats. Cisco.
https://www.cisco.com/c/en/us/products/security/common-cyberattacks.html.
Jalali, M. S., & Kaiser, J. P. (2018). Cybersecurity in Hospitals: A Systematic, Organizational Perspective. Journal of medical Internet research, 20(5), e10059. https://doi.org/10.2196/10059
Information Governance and Legal Functions: the healthcare industry regulatory compliance requirements that the company has to meet and the corresponding security, privacy, digital forensics, and records management functions that would need to be enabled for a healthcare organization.
Many organizations face the severe impact of litigation if they are non-compliant with the governing laws and data and information regulations. It becomes one of the essential business operational problems to which the legal team and management need to collaborate closely. If IG security is neglected, the organization has to deal with the risk of fines and even scandal if electronic evidence necessary for the lawsuit is lost or poorly maintained. Data security techniques, policy, and culture are required by establishing rules and best practices dependent on the organization’s business and information maintenance. Ignoring these guidelines can bring about extreme fines, or more terrible, information penetration. Organizations must evaluate which security guidelines apply to them. Healthcare is perhaps the most pervasive business in the US because it serves virtually every person. Medical care is vital and ever-developing, as is the IT that supports it. Medical care compliance experts are expected to help clinical offices and associations address the always changing and often overlapping government guidelines that set security, use data principles, and guarantee quality patient consideration and privacy requirements. Below is an outline of a few of the significant laws and guidelines that apply to this industry:
Protecting Privacy and Ensuring Quality Care
The US Department of Health and Human Services’ (HHS) Office of the Inspector General (OIG) is the executive wing answerable for securing understanding protection, guaranteeing quality consideration, and fighting extortion by assuring medical care associations policies and practices are consistent with Federal Government medical care laws and HHS programs. The Healthcare Information Portability and Accountability Act (HIPAA) provided medical care consistency across the business. HIPAA orders industry-wide norms and cycles for the security and private treatment of patient wellbeing data. The Health Information Technology for Economic and Clinical Health Act (HITECH) advances normalized electronic health records (EHR) (Maryville University, 2019). HITECH addresses the protection and security concern of patient information, EHR records, and how they are shared. HITECH also reinforces the authorization of HIPAA’s ensured persistent data rules, requiring the Department of Health and Human Services Office for Civil Rights to direct intermittent supplier reviews and punishments for penetration of data, which means a supplier or office discovered to be in default can confront a fine of up to $1.5 million (Kwon & Johnson, 2013).
The Emergency Medical Treatment and Labor Act (EMTALA) guarantees free access to crisis treatment if patients cannot pay. Turning patients away can result in severe lawsuits and penalties; thus, medical facilities need to maintain all such patients’ accurate records.
The Affordable Care Act (ACA) requires medical services suppliers to execute a compliant and morals program as a condition for repayment for patients who took a crack at governmentally supported medical care programs. The Affordable Care Act likewise builds up various quality and execution improvement programs, including the Medicare Shared Savings Program for setting up Accountable Care Organizations (ACOs). The objective of the ACOs is to minimize expenses and improve quiet results, boosting medical care suppliers with a “pay-for-esteem” model as opposed to the customary “pay-for-administration.” (National Research Council, 1997).
The Centers for Medicare and Medicaid Services (CMS) inside the HHS are responsible for Medicare, Medicaid, and the Children’s Health Insurance Program (CHIP). Nonetheless, directing these projects incorporates the authorization of a trap of consistent rules and repayment steps that medical care associations should follow. CMS oversight likewise incorporates the Electronic Health Record (EHR) Incentive Programs, which sets impetuses and measures for satisfying guidelines set by HITECH for the usage of electronic wellbeing records; the 2015 Medicare Access and CHIP Reauthorization Act (MACRA), which incorporates the Quality Payment Program and its Merit-Based Incentive Payments System (MIPS), repaying doctors and medical care associations dependent on nature of care (Kwon & Johnson, 2013).
Battling Fraud and Abuse
According to the Centers for Medicare and Medicaid Services (CMS), US medical care spending is very high. According to appraisals by the National Health Care Anti-Fraud Association and Federal Bureau of Investigation, some of the cost is lost to fraud. Various laws, resolutions, and even whole units exist to battle misrepresentation and waste. For doctors and consistent experts, understanding these laws is vital, as infringement can bring about criminal accusations, fines, and, for doctors, perhaps removing their licenses to practice.
Medicaid Fraud Control Units (MFCU) explore and arraign Medicaid supplier fraud (which falls under the False Claims Act), just as patient maltreatment or disregard in medical care offices (Kwon & Johnson, 2013). Each state has its MFCU, typically a piece of the State Attorney General’s office, with the OIG liable for practicing oversight. A significant part of medical services consistency is working with the MFCU, or relying upon the office’s size, setting up an interior Medicaid misrepresentation control group to guarantee consistency through evaluating and checking for false action.
Government Anti-Kickback Statute: this rule precludes medical care experts from tolerating any “payoff” (for example, cash, contracts, items) as remunerations for references or suppliers’ proposals to patients on governmentally covered clinical projects, for example, Medicare and Medicaid. The resolution covers the payers of payoffs just as the beneficiaries of payoffs, with doctors who take care of or acknowledge payoffs confronting punishments of up to $50,000 per payoff (National Research Council, 1997).
The Physician Self-Referral Law forbids doctors from referring patients covered by Medicare or Medicaid to treatment (for example, care offices, drug drugs, and so on) that the doctor has a financial relationship with or stands to benefit from. While the Physician Self-Referral Law may appear to be a clear guideline for revenue-driven referrals, it has demonstrated an illustration of what can happen when government guidelines conflict with themselves. Compliance experts are compelled to follow new strategies without abusing existing ones.
The law indicates that medical care administrations be at reasonable market costs among its different arrangements and exemptions. The Affordable Care Act’s production of ACOs with motivators that pay-for-worth (and quality) over pay-for-administration put these two laws soundly in conflict. At last, the CMS and OIG gave waivers for bits of the Physician Self-Referral Law just as the Federal Anti-Kickback Statutes for ACO members. (Kwon & Johnson, 2013) However, the HHS saw that current extortion and misuse laws might fill in as an obstacle to creative projects that adjust suppliers by utilizing monetary impetuses to accomplish quality principles, produce cost reserve funds and diminish waste.
References:
Kwon, J., & Johnson, M. E. (2013). Security practices and regulatory compliance in the healthcare
industry. Journal of the American Medical Informatics Association: JAMIA, 20(1), 44–51.
https://doi.org/10.1136/amiajnl-2012-000906
Maryville University. (2019). 5 Important Regulations in United States Healthcare.
https://online.maryville.edu/blog/5-important-regulations-in-united-states-healthcare/
National Research Council (U.S). (1997). In For the record: protecting electronic health
information (pp.127–159). [eBook edition], National Academy Press.
https://web.b.ebscohost.com/ehost/ebookviewer/ebook/ZTAwMHhuYV9fNzg0X19BTg2?sid=b7
021431-e3fd-47d5-b974-99f034ea1df5@pdcvsessmgr02&vid=0&format=EB&lpid=lp_127&R
id=0
Privacy and Security Considerations for Information Governance
find an example of a security breach that compromised data records at a company in the healthcare industry. Summarize the breach, discuss the data that was lost and identify security controls that you would recommend being in place
The American Medical collection Agency breach in 2019 total 25 million patients.
The protection of personally identifiable information is a core focus of information Governance efforts (Smallwood, 2014). The American Medical collection Agency (AMCA) breach in 2019 is the biggest data breach in the healthcare industry ever. A breach of this size is a good reminder to HIPAA entities that health information remains the target of primary cyberattack.
Toward the beginning of May 2019, an 8-K filing with the Securities and Exchange Commission uncovered charging administrations seller AMCA Agency was hacked for a very long time between August 1, 2018 and March 30, 2019 (Jennings, 2019). Since the breach was uncovered, six covered entities have reported their patient information was undermined by the hack in the event. Notwithstanding, most of the affected providers are still proceeding to investigate the breach’s extent, so the aggregate sum of influenced patients will be unknow for a significant length of time.
Up until now, up to 12 million patients from Quest Diagnostics and other clients are known to be affected. The hacked framework incorporated a trove of personal and monetary information from the lab testing goliath, including Social Security numbers and clinical data. Additionally, up to 7.7 million LabCorp patients were affected, as well as 422,000 patients of BioReference. As of late, two more covered entities have been added to the count: Penobscot Community Health Center in Maine with 13,000 influenced patients and Clinical Pathology Laboratories with 2.2 million patients (Revenuecycleadvisor.com, 2019). Also, a sixth provider, Austin Pathology Associates, revealed at least 46,500 of its patients were affected by the breach. Not long after, seven more covered entities announced they also were affected: Seacoast Pathology, Natera, American Esoteric Laboratories, CBLPath, South Texas Dermatopathology, Arizona Dermatopathology, and Laboratory of Dermatopathology ADX. Altogether, over 774,640 patients have been added to the breach by these covered entities (Natera did not reveal the number of its patients were affected), bringing the absolute number of affected patients to in excess of 25 million (Davis, 2019). AMCA’s parent organization, Retrieval-Masters Creditors Bureau, has since filed for bankruptcy, while the charging merchants, Quest and LabCorp are also confronting various investigations and lawsuits.
Explanation:
At present, the AMCA occurrence is the most significant healthcare information breach yet. The known victims tally from the American Medical Collection Agency (AMCA) information breach has risen to nearly 25 million. Upon this revelation, Inform Diagnostics suspended AMCA benefits and started an investigation. The breached information included both personal and payment data. The breached information differed by tolerance and did exclude actual lab test results; 173,617 patients were included in the hacked data, as per the Department of Health and Human Services’ breach reporting tool.
CompuNet clinical laboratories, another victim, took in of the break from AMCA authorities. AMCA gave charging assortment administrations to CompuNet through a joint endeavor accomplice, Quest Diagnostics. Also, authorities said they are effectively finding a way to recover and get all CompuNet information put away in AMCA’s frameworks. AMCA, Quest, and LabCorp are under investigation for their response to the breach, and a few patients remembered for the break have just recorded claims.
Wisconsin Diagnostic Laboratories (WDL) is another medical services organization affected. An organization of 13 clinical testing offices in and around Milwaukee, is advising 114,985 patients that a portion of their secure health data was undermined in the AMCA data breach. AMCA informed WDL that a portion of its patients’ information had been disclosed because of a web installment entry hacking (Alder,2019). The types of information in the AMCA frameworks included personal, payment data, and other clinical data related to the service provider by WDL. A set number of people additionally had their financial data compromised. Those people have been notified directly by AMCA. The only patients affected by the breach were those who had outstanding bills that had been passed to AMCA for collection. As has been the situation with different customers affected by the breach, WDL has stopped working with AMCA and has been working to ensure all patient data is recovered and secure. WDL is the 23rd healthcare organization to confirm it has been affected by the AMCA breach. Provisional figures demonstrate 24,911,500 people have been affected by the breach.
This example starkly demonstrates that network security is essential to prevent intrusions of sensitive and controlled personal data. Encryption is the best way to protect patients’ data from being accessed if a breach occurs. Encryption must be used both at rest and in transit and third-party vendors can access the network or database of healthcare information that needs to deal with patients’ data appropriately.
Reference
Alder, S. (2019, August 28). AMCA Data Breach Total Nears 25M as Wisconsin Diagnostic Laboratories Confirms 115K Record Breach. HIPAA Journal. https://www.hipaajournal.com/amca-data-breach-total-nears-25m-as-wisconsin-diagnostic-laboratories-confirms-115k-record-breach/
Davis, J. (2019, August 2). The 10 Biggest Healthcare Data Breaches of 2019, So Far. Health IT Security.
https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2019-so-far
Jennings, J. (2019, Jul 26). Inform Diagnostics Statement Regarding AMCA Data Breach. Business Wire.
https://search.proquest.com/wire-feeds/inform-diagnostics-statement-regarding-amca-data/docview/
2264211668/se-2?accountid=10378
Revenuecycleadvisor.com. (2019). Biggest healthcare data breach of 2019 shows health data still
highly valuable to cyberattackers. Briefings on HIPAA, 19(7), 4–6
Smallwood, R. F. (2014). chapter 2. In Information governance: concepts, strategies, and best practices
(p. 20). John Wiley & Sons
E-mail is a powerful tool used for communication and is an integral part of a worker’s day-to-day activity. Consider the trade International mobility has become a necessity and an integral part of doing business in the digital era. Whether it is moving customer data for sales of products or services or even employee information for contact and coordination within the organization. It’s can be based on several major themes which are:
Prevalence of emails in business
· According to statistics 75% of business-critical information is stored in corporate emails, which basically means it is with utmost importance and priority to implement information governance techniques on the information and processes of how users use their email (Krstic, 2018).
· Help organizations maximize the value of organization’s information. It helps to ensure regulatory compliance, reduce costs associated with fines and litigation, increase operational transparency and increase employee productivity and efficiency.
· Email fast, convenient, collaborative, ease of file attachment files, habit; most people know how it works, etc. (Ricciuti, 2015).
Challenges for Information Governance
· Email is not controlled
· Individuals can delete, save at will
· Inadequate or useless subject lines
· Often lacks archival protocol
· Email records can be maliciously changed in both content and metadata, that renders it legally invalid (Smallwood, 2014)
· Loss of critical business info; can affect eDiscovery. When an organization is faced with a lawsuit finding the relevant information among millions of emails can be costly or impossible.
· Lack of responsibility and policy to manage. Inadvertent disclosure can cost the organization millions of dollars, loss of market share, loss of shareholder equity, and ongoing negative publicity.
Remedies
· Policy and responsibility to correct challenges: E-mail offers a private way to chat with one person or several people, something that is not readily available through social media.
· Smallwood stresses that email retention is a legal matter. Many of the challenges associated
with email can be remedied by automatic archiving. Specialized email archiving software is
available that remedies many of the issues associated with traditional backups. Having a handle on managing large email archives, assures more efficient and rapid location and retrieval of sought messages, which can provide a significant legal advantage (Smallwood, 2014).
References
Krstic, B. (2018, May 28). Why your information governance strategy must start with email. Medium. https://medium.com/jatheon-technologies-inc/why-your-information-governance-strategy-must-start-with-email-73200fd8d640.
Ricciuti, L. (2015, February 11). Why is email still popular?. Aiim Community. https://community.aiim.org/blogs/lisa-ricciuti/2015/02/11/why-is-email-still-popular.
Smallwood, R. F. (2014). Chapter 12. In Information governance: concepts, strategies, and best practices.
John Wiley & Sons
Identify the issues and risks that pose a concern to organizations storing data in the cloud.
One of the most common uses of the cloud by organization is storing data. It is generally more cost-effective than using local software, and the system can be accessed from any location on any device. However, cloud storage systems carry a large number of potential security risks, and these risks should be considered before migrating. Although most cloud storage systems have adopted appropriate security measures, they are not perfect and can vary greatly in terms of security scope.
Cloud computing has changed the way information technology (IT) is used and managed and is expected to increase cost-effectiveness, speed up innovation, speed up time to market, and the ability to expand applications on demand. Although the hype has grown exponentially during 2008 and has continued to the present, it is clear that the cloud computing model has undergone a major shift, and the benefits may be huge.
However, due to the shape of cloud computing, both conceptually and reality are rapidly emerging and developing. In fact, legal/contractual, economic, service quality, interoperability, security, and privacy issues still pose major challenges (Sen, 2013). Enterprises and governments are moving more and more workloads to the cloud. However, due to continued concerns about data security in cloud computing, some organizations still resist the appeal of the cloud.
Data privacy. Your data is your data. You don’t want anyone to be able to access it unless you let them. It’s easy enough to maintain when you store data on your site, but it’s questionable when it’s in the cloud. Because your data is stored elsewhere, it may be impossible to know how secure it is. We can’t make sure no one else can access it if we don’t maintain the servers that it is stored on. When you move sensitive data to the cloud, be aware that you may lose important privacy controls unless you take measures to mitigate these concerns (Hein, 2019).
Lack of control. When you rely on a third party to store data for you, you will bear many responsibilities. However, this is a double-edged sword. On the one hand, you don’t need to manage data yourself; on the other hand, others are managing your data for you. If something affects your cloud provider, such as an outage or malware virus, it will directly affect access to your data. You must rely on the provider to solve the problem. The longer the data is spent unprotected, the greater the risk (Hein, 2019).
Shared server. Cloud-based storage systems still use servers to handle data, but they are not physically accessed by users. Cloud storage providers do not create dedicated servers for each user. The server space is shared between different customers as needed. You might be put your data at risk if others using your server upload potentially unusual or harmful data (Hein, 2019).
Lack of backup services. One of the biggest complaints received by storage providers is that they do not provide automatic backup capabilities. Instead, they want you to back up the data stored in the cloud yourself. To be fair, this issue does not affect every storage provider-some will automatically provide you with data backups. However, devices that do not provide backups cannot provide you with a safety net in the event of sudden data loss (Hein, 2019).
Data leakage. A large part of secure data storage is to ensure that no one outside the organization is trying to access your data. The other part is to ensure that your data is not sent to anyone outside the organization unless you send it yourself. Data leakage can cause serious problems because it may expose critical business data or private data to external sources. Even if you take steps to prevent anyone in your business from leaking data, your storage provider may accidentally expose your data to the wrong people (Hein, 2019).
Rogue equipment. The equipment that accesses the data is also a potential source of danger. Many companies are advocating bring your own device (BYOD) culture, which certainly has its benefits. However, this means that more staff-owned devices will access your storage provider, and if one of these devices happens to be dangerous, it poses a significant security risk. Shadow IT is another factor. Any device that an employee has not registered but is still using to access your data could be bad news (Hein, 2019).
API and storage gateway. Some companies use cloud storage application programming interface
(APIs) or storage gateways to help them migrate data to the cloud. These tools act as intermediaries between users and storage providers. They can help your employees access and manage the data in the cloud, but an insecure API or gateway can cause damage data. If you need a storage API or gateway, ensure to choose an API with good security features (Hein, 2019).
Reference
Hein, D. (2019, February 26). 7 Cloud Storage Security Risks You Need to Know About. Best Enterprise Cloud Strategy Tools, Vendors, Managed Service Providers, MSP and Solutions. https://solutionsreview.com/cloud-platforms/7-cloud-storage-security-risks-you-need-to-know-about/
Sen, J. (2013, March 20). Security and privacy issues in cloud computing. https://arxiv.org/abs/1303.4814
Cloud computing has become an essential part of most businesses. However, although it has its pros, there are some cons as well.
Pros:
· Lower costs for business. Company does have to buy any servers and lost money for maintenance the servers.
· Better reliability. The most of cloud-computing provider have the resources and personnel needed to ensure that the system has an uptime of at least 99%.
· Accessibility. You can access services from anywhere anytime around the world
· Reduced cost of software. The cost of upgrading to better versions of the software can be quite high. Using the cloud, a company is able to eliminate the high cost of purchasing the software.
· Almost unlimited storage space. The cloud allows you to scale your storage as your needs increase effortlessly.
· Environment friendly. A business does not have to buy any physical servers, it reduces its energy consumption, which allows it to reduce its carbon footprint.
Cons:
· Reliant on Internet Connectivity. When your cloud-computing provider loses internet connectivity, the entire business grinds to a stop. During that time, no transactions can take place if your business is highly reliant on the cloud.
· There are issues of Security. When you place the company’s data on a cloud, you trust a third party to keep it safe. it may be quite difficult for you to determine if third parties are accessing your data.
· Limited Control. When a company stores data on the cloud. The cloud service provider is responsible for managing all other backend activities. You never get to see the backend of the operation and what risks your data could be exposed to.
· Inflexible Contracts. Most cloud providers have inflexible contracts. This can be a major challenge for a business, which is still growing and whose are still changing.
Scenario: information technology
You have recently been hired as a Chief Information Governance Officer (CIGO) at a large company (You may choose your industry). This is a newly created position and department within the organization that was founded on the need to coordinate all areas of the business and to provide governance of the information. You will need to hire for all positions within your new department.
The company has been in business for more than 50 years and in this time has collected vast amounts of data. Much of this data has been stored in hard copy format in filing cabinets at an offsite location but in recent times, collected business data is in electronic format stored in file shares. Customer data is being stored in a relational database, but the lack of administration has caused data integrity issues such as duplication. There are currently no policies in place to address the handling of data, business or customer. The company also desires to leverage the marketing power of social media, but has no knowledge of the types of policies or legal issues they would need to consider. You will also need to propose relevant metrics that should be collected to ensure that the information governance program is effective.
The CEO and Board of Directors have tasked you to develop a proposal (paper) that will give them the knowledge needed to make informed decisions on an enterprise-wide Information Governance program, addressing (at a minimum) all of these issues, for the company.
Requirements: ***The red highlight it’s was I already done**
The paper should include at a minimum of the following sections:
a. Title page
b. Executive Summary (Abstract)
c. Body
i. Introduction (including industry discussion – 1-2 pages)
ii. Annotated Bibliography (2-3 pages)
iii. Literature review (2-3 pages)
iv. Program and technology recommendations, including:
1. Metrics
2. Data that matters to the executives in that industry, the roles for those executives, and some methods for getting this data into their hands.
3. Regulatory, security, and privacy compliance expectations for your company
4. Email and social media strategy
5. Cloud Computing strategy
d. Conclusion
e. References
2.
You must include at least two figures or tables.
These must be of your own creation. Do not copy from other sources.
3. Must cite at least 10 references and 5 must be from peer reviewed scholarly journals (accessible from the UC Library).
4. This paper should be in proper APA format and avoid plagiarism when paraphrasing content. It should be a minimum of 8 pages in length (double-spaced), excluding the title page and references.