Health Information Systems Security

Cedar Ridge is a healthcare organization that offers services to addiction patients, especially those with cases of pain killer addiction. The organization serves a large area as its services are unique. The company offers job opportunities to more than 200 employees and serves a total of up to 500 patients. The organization offers continuous training to its employees to ensure that they stay up to date through their service with the organization. The company employs its employees on a contract basis. This ensures that the company can guarantee its patients reliable services. Shifts are created in such a way that employees are able to offer their expertise reliably.  A maximum of 12 hours may be offered on any particular day to ensure that employees are not too tired to make informed decisions.

In this organization a lot of employee data is handled. The company must be able to keep this data confidential for the sake of its employees’ privacy. The company should therefore offer its employees with training on how to handle employee data. The company should focus on maintaining the confidentiality among its employees (Colling, York & Colling, 2010). The company can also implement a variety of methods to ensure that employees do not get into trouble offering its services to its clients.

The storage systems should be created in such a way that its employees have little risk of getting this information in the wrong hands. The company should be in a position to offer services to its employees. Storage systems should be installed with security systems to ensure that client data are always secure. Accessibility of this information should be limited to the employees alone. The use of passwords can limit the accessibility of this information.

The company should also offer security awareness training to its employees. These are a set of rules that a healthcare organization requires to implement in order to increase security awareness. The organization should include a variety of things in its security awareness training.

1. Security reminders – The company should create a security awareness program that includes periodic reminders to its employees. These reminders act as way to keep employees informed of their roles and responsibilities in observing security measures (Colling, York & Colling, 2010). Here are various ways in which security reminders may be implemented. A company can implement security posters, memos, and message of the day logins.
2. Protection from malicious software – A program should be implemented to insure that employees do not use software that is not certified. A program should be generated in such a way that the company avoids any use of malicious software within the organization’s internal networks (Herzig, Walsh & Tuleya, 2013). Important measures to implement at this stage is to report, detect and guarding against malicious software.
3. Monitoring of log-in attempts – A company should create a method of ensuring that all log-in attempts are monitored (Landoll, 2006). This will ensure than unauthorized personnel do not get access to information.
4. Password management – The company should train its employees on methods of creating, altering, and protecting passwords. This should also guide employees on generating reliable passwords that are security conscious and that will not be easily accessible by other personnel (Sells, 2000).

In order that security is insured in the organization, the company should implement measures to ensure that employees understand their roles in the organization and follow-up on the progress of each of these individuals ensure that these individuals meet the security requirements of the organization. Training in the organization should be implemented and followed up to ensure that all employees make it through the training process.

References

Colling, R., York, T., & Colling, R. (2010). Hospital and healthcare security. Amsterdam: Butterworth-Heinemann.

Herzig, T., Walsh, T., & Tuleya, L. (2013). Implementing information security in healthcare. Chicago, IL: Healthcare Information and Management Systems Society.

Landoll, D. (2006). The security risk assessment handbook. Boca Raton, FL: Auerbach Publications.

Sells, D. (2000). Security in the health care environment. Gaithersburg, Md.: Aspen Publishers.