What security policies and systems are in place to prevent Essay

What security policies and systems are in place to prevent unauthorized access to the EMR and other sources of sensitive patient information - Essay Example Electronic medical records incline to be a part of the system of healthcare information which facilitates storage, repossession and alteration of the records. EMR enables to augment sharing as well as accessibility of health related records among certified individuals (Skolnik, 2010). Policies in Place to Prevent Unauthorized Access to the EMR The security policies related to EMR have been considered as a major concern under the Health Information and Accessibility Act (AnestaWeb, Inc, 2011). The security policies should be provided major consideration in any organization in order to create an effective functioning environment. Various security policies in relation to EMR have been initiated under certain important measures which are needed to be considered for its development. They are as follows: 1. What the operators want to obtain from the system (i.e. functional requirements). 2. The objects that are required to be protected 3. The objectives which are needed to be acquired with the resources in hand. In the first part, the function of the security policy is to maintain equilibrium between the functional as well as the security aspects of the systems. The requirements for security can be quite difficult due to the costs incurred for the systems and also with the problems faced by the operators while implementing the security systems (Barrows & Clayton, 1996). In the second part, â€Å"Inside attacks† is another important aspect of security policy in relation to EMR (Barrows & Clayton, 1996). These attacks are mainly faced by individuals who are the actual users of the system. The actual users can manipulate or abuse the rights for searching different data for their personal motive or to harm the financial viability of the organization. If the information is leaked it can bring disastrous consequences and can affect the functioning environment of the organization. Policies such as management of access control as well as encryption method can enable t o prevent such occurrences. Another important aspect for the security policy of EMR depicts threats generated from managed care corporations and insurance companies among others (Barrows & Clayton, 1996). These organizations can attempt to reveal protected patient information for their own benefits. The threats which are discussed describe about the secrecy of the patients information and also about the data available to be kept secure. If such information is leaked, it would be disastrous for the organizations’ welfare. In the third part, the security policies or standards for the data, which are needed to be safeguarded for the organization, are depicted in the threat model, which is provided by the Mayo Clinic/Foundation. These policies are as follows: a. Physical security in relation to data center sites: It deals with issues relating to prevention of theft, disaster recovery, backup of the required data and security of susceptible terminal locations among others (Barrows & Clayton, 1996). b. ‘Access control to system resources’: Issues related to controlling the physical devices as well as logical mechanism including computer programs (Barrows & Clayton, 1996). c. Data protection policies: Certain issues related to ensuring consistent protection of crucial data of organizational system is ascertained under this policy. Moreover, measures to be taken against the users who misuse the rights to use the systems properly (Barrows & Clayton, 1996). d. Security of hard copy materials: This security policy ensures to take relevant measures against security breaches of certain delicate documents, which can occur from paper copies of susceptible patient related data and electronic documents (Barrows &