CI7300 Data Management and Governance

 

 

 

 

Part A: Cryptography

Introduction

Cryptography is provided with the healthcare organization based on the online service. This service is provided with the individual to track the patient health with the organization that accesses the information to secure the data. This online system provides the security with the patient information which is stored with the Electronic Patient Record and Electronic health record of the person. These tools are used with the information of the patient based on the current treatment and other medication and treatment plan and diagnose the patient (Ashley Blume, 2012). The information is secured with the different cryptographic algorithm and then manages the record based on the secured communication. Cryptography is very necessary with the Electronic Patient Records and Electronic Health Records that shares the information to health care providers and need to secure the data. Since this data is very sensitive it is very important to secure the data while transmission of data.

Explanation

In those days patient went to go hospital to know about the medical records and they need to meet the doctor for knowing the medical history of the patient which takes more time. In order to reduce the time, there are many website and application is developed with the government to store the medical record of the patient with the database. The cryptography is the method that provides the protection to the data that is stored with the database of the patient. The following concepts explain the use of cryptography with the healthcare.

Message Encryption

Encryption is the process of securing the data that is converted from original form to the encrypted code and then decrypt the code. With the healthcare data, this involves the securing the ePHI and making the information confidential with the unauthorized individual who cannot access the information. They require the data encryption that is converted with the encoded form that cannot be readable with unauthorized person (Elizabeth Snell, 2017). Encryption is the process that is provided with the information that is offered with the numbers and other characters that are to be rendered based on the unreadable information for the unauthorized users. The encryption and decryption is provided with the cryptographic techniques that uses the same key for both encryption and decryption or with the different key for encryption and decryption based on the secured channel with the communication techniques. This provider is required with the healthcare provider to encrypt the data as they have to protect the information of the patient based on the PHI levels. This helps to prevent the data breaches that are leaded with the patient identity based on the fraud and theft of the information related with the patient. There are set of standards that are used with the encryption for providing the security and increase the security level to prevent the data from unauthorized information. There are various cryptographic techniques used with the securing the data that can be accessed with the database.

Different objective of deployed Cryptosystem

The main objective of the cryptosystem with the healthcare record is considered with the data storage and security with the cloud service provider. This is provided with the new symmetric key encryption that is used with the personal health records which is proposed system. This system is developed with the patient controlled encryption for controlling and managing the health record of the patient. The key management system is provided with the system that develops the key which stores the data with the patient itself. The separate key is given with the patient to access the data of the patient and the keys were shared with the database (Kumar and Kandasamy, 2015). The confidentiality, integrity and Non repudiation are the security techniques that are provided with the cryptographic algorithms. This is provided with the securing the patient record based on the existing cryptographic algorithm. The confidentiality is the process that stores the information with the database and secures the data from fraudulent by encrypting the message with the system. The same key can be used to retrieve the original message with the system. The integrity is ensured based on the protection of the strong and sensitive information. The authentication is provided with the authorized user to access the data with the patient that assures the security.

Cryptographic Algorithm and Architecture

There are three different types of cryptographic algorithm used with the cryptography that includes the secret key cryptography, Public key cryptography and Hash function. This secret key cryptography is used with the single key that is used with both the encryption and decryption techniques called as symmetric key encryption this provides the privacy and confidentiality. The public key cryptosystem is used with the one key for encryption and other key is used with the decryption process which is also called as asymmetric encryption (Sun et al, 2011). This improves the authentication, key exchange and the non repudiation techniques based on the security. The hash function is used with the mathematical transformation that is used with the encryption and decryption information based on the digital fingerprint. This increases the integrity with the patient information.

The best method of cryptography used with the cryptography is Symmetric key cryptography that includes the Data Encryption Standard and the Advanced Encryption Standard. This is provided with the different standards and application to implement the software. This application is provided with the different analysis that is securing the data with the cryptosystem. The encrypted key is created with the key management system with the cryptography techniques based on the key management techniques. The secret key is symmetric or with the same key that is accessed with the transmission of data over the network. This rivest cipher is the type of algorithm that is used with variable size key for the commercial cryptography with block cipher.

Cryptographic protection of static documents

The data in transit or with the motion is actively moves from one location to other location that is provided with the internet with the various private networks. The data protection with the healthcare is protected with the transmission through network to other network and makes the storage device to be very active and measures the protection with the transit data (Lord, 2019). The data is set to be rest with the moving the data from one device to other device based on the network. The data is protected when the inactive data is secured with the network or with the device based on the data vulnerability. There is risk of insecurity when there is transit if data from one network to other and measures the security on patient health record. The data is exposed to risk when the data is transit over the internet and rest with the protection of data. There are multiple approaches used with the data in rest or with the transit. This is explained with the Encryption techniques and the data is protected with the different connections like SSL, TLS, HTTP and FTP. When the data is protected as rest, then the organization can protect the data with the storage files of the patient.

Organization’s cryptographic policy and issues with NHS

The effective security is arranged with the protection and assurance of the information that is assessed with the different information which is stored with the healthcare services. This information asset includes the doctors, patient, providers and the other basic information that is required with the healthcare services (Donaldson, 2000). The principles like confidentiality, integrity, authentication, availability and non repudiation with the information that is stored with the database that is related with the patient. This is provided security based on the cryptographic techniques that includes the different algorithm like symmetric cryptographic algorithm which is best suited with the securing the information security. There are number of policies addressed with the issues of security with the healthcare. The security is considered with the policy, scope and design based on the objective of the project that is processed with the cryptography which is considered based on the external issues that is linked with the various policies. The data is first identified and then it needs to be secured with the cryptographic generator to create the key that is transmitted with the data protection system.

Solution with Future Development of the organization

The insurance plan and providers were adapted and survived with the rapid development that is processed with the health insurance that are likely be benefitted with the health care system that is coordinated with the strong public health system that is considered with the recommendation that is adopted with the reduction of the burden with the disability, injury, illness and to improve the functioning and health of the patient (NCBI, 2010). This is provided with the management of chronic disease and the capacity of health care is provided with the finance and other system that is delivered based in the responsibility of the healthcare that is recognized with the public health agencies.

Creation and managing the cryptographic keys

The patient data or the record is assured with the confidential data that is accessed with the electronic health record that is very safe. This security is increased with the implementing the HER that limit the concern based on the sensitive record (Omotosho, Emuoyibofarhe and Oke, 2017). This is considered more efficient and less error prone and provides the security of the data. The cryptography is the important security techniques that is used with the different health records to generate the keys based on session based sub keys which is used with the designated session. The system is developed and monitored with the various privacy and security issues based on the encryption and decryption system with the Electronic Health Records.

Different Levels of Authorization within Organization

The safety need to be measured with the establishment and managing the personal health records that are provided with the different authentication and authorization techniques which is provided with the migration of the health records that is used with the specific enterprise (Lo, Wu and Chuang, 2017).  There are some of the key function that is used with the managing the healthcare of the patient includes the planning, leadership, organizing and the controlling behavior with the system. This security need to be provided with the personal health record of the person that is stored with the database. This is proposed with the authentication and authorization based on the different protocols to manage the hospital when there is rights to access the electronic health record of the patient. The key manager is recorded with the activation date and size of the key that is stored with database and protected with the unauthorized individual when it is linked with NHS.

Effectiveness of the solution Measured and Monitored

The effectiveness is measured with the healthcare record based on the efficiency, effectiveness and the equity which is provided with the various assessment frameworks that is carried with the system. This established framework is provided with the hospital management that is compared with the healthcare system that is specifically applied with the different measures that is assessed with the healthcare service (Ng et al, 2014). The decision is taken based on the policy and concern that is provided with the sensitivity and other process that is executed with the security and the performance is measured and managed with the electronic health records.

Conclusion and Recommendations

Thus it is concluded that the security need to be provided with the patient information which is stored with the database with the cryptographic system that includes both the encryption and decryption process. This prohibits the unauthorized user to access the data when it is transmitted form one network to the other network. Thus the security is provided with the cryptographic algorithm like symmetric key cryptography that uses the single key with the encryption and decryption process. This increases the security with the effectiveness, efficiency and equity based on the security and confidentiality with the patient information. The encryption and decryption is provided with the secret key that is analyzed with the activation based on the categorization of the data with cryptographic techniques.

References

  1. Ashley Blume,2012. Healthcare data encryption methods for healthcare providers. HealthITSecurity.
  2. Donaldson, A. ,2000. Policy for cryptography in healthcare — a view from the NHS. International Journal of Medical Informatics, 60(2), pp.105–110.
  3. Elizabeth Snell ,2017. Healthcare Data Encryption not ‘Required,’ but Very Necessary. HealthITSecurity.
  4. Kumar, S. and Kanadasamy, U.,2015. Cryptosystem for Personal Health Records in Cloud.
  5. Lo, N.-W., Wu, C.-Y. and Chuang, Y.-H. ,2017. An authentication and authorization mechanism for long-term electronic health records management. Procedia Computer Science, 111, pp.145–153.
  6. Nate Lord ,2019. Data Protection: Data In transit vs. Data At Rest. Digital Guardian.
  7. NCBI,2010. The Health Care Delivery System. gov.
  8. Ng, M., Fullman, N., Dieleman, J.L., Flaxman, A.D., Murray, C.J.L. and Lim, S.S. ,2014. Effective Coverage: A Metric for Monitoring Universal Health Coverage. PLoS Medicine, 11(9), p.e1001730.
  9. Omotosho, A., Emuoyibofarhe, J. and Oke, A. ,2017. Securing Private Keys in Electronic Health Records Using Session-Based Hierarchical Key Encryption. Journal of Applied Security Research, 12(4), pp.463–477.
  10. Sun, J., Zhu, X., Zhang, C. and Fang, Y. ,2011. HCPP: Cryptography Based Secure EHR System for Patient Privacy and Emergency Healthcare. 2011 31st International Conference on Distributed Computing Systems.

 

Part B: Data Governance and Identity Theft

Introduction

The London healthcare Hospital is the NHS hospital that is situated with London that is in United Kingdom. This hospital is considered for the research that is used with data governance and identifies the theft that is happened with the different information. The data is stolen with the patient that includes the patient information based on the medical history that is assigned with the memory drive that is used with the unencryption of the data. This NHS is associated with the data that is provided with the trust issue which is required with the encryption and decryption that might have the communication with the healthcare system. There are number of policy relates the issues with the encryption and decryption of the message that is communicated with the patient with each other.

Explanation

The sensitive information is provided with the patient who is provided with the stolen information that is analyzed with the London Healthcare Hospital. This question is raised with the front company that is measured with the different situation. There is solution with the security of the data with the patient; this includes the cryptography and the backup solution. This is the data that is encrypted with the data and message based on the decryption techniques that are analyzed with the mathematical logic. This is secured with the encryption based on the storing the data with the National Health Service. This data is transmitted with the different channel based on the HTTP and TLS and FTPS with the protocol used with the encryption and decryption based on the transmission of the data.

Strength and Weakness with Approach

There are benefits and weakness with the healthcare system that is provided with the system that increases the various processes with the healthcare system. The security need to be increased with the development and lack of public health service that prevents the uneven data that is shared with the information which includes the lack of specific emergency that is required with the system for compromising the various terms with the human resources (Kremers et al, 2019). This is required with the reforming and major development that is provided with the public health emergency management system. The security is provided with the confidentiality, integrity and authentication that is provided with the medical history of the patient with the other situation. This hospital is running under the National Health Service policy when the security needs to be provided with the healthcare system. This is situated with the various encryption and decryption techniques based on the policy and other measures that is provided with the system. The backup need to be provided with the system that increases the security level of the patient data. The data can be processed with the health care record which is hacked with the information that is pertained with the encryption and decryption.

The core complexity of the system is provided with the securing the data with the performing the secured and measured health care system. The National Health Service is provided with the implementation of the different continuous development based on the remodeling techniques that is capable of the planning, developing and up gradation of the development of the system with the healthcare system (Michel, 2018). The health care department is provided with the people oriented and protection level that is used with the accommodation and protection that is integrated with the overall management with the information system. The people oriented are followed with the healthcare system that is obtained with the various policies that is described with the different techniques that is used for expressing the various demands with the healthcare system. The weakness includes the health care emergency system that is used with the quality development that is established based on the awareness that is established with the emergency personnel that is coordinated and governed with the interference. The coordination is observed with the healthcare system that includes the controlled opinion that avoids the interference based on the data governance and threats that is analyzed with the system.

Standards and Theories

There are different standards identified with the number of benefits that provides the potential benefits which is best suited for the protection of data with the patient. This is increased with the measuring the performance of the security that is practiced with the better information. This disagreement is analyzed with the health care system which clarifies the dynamics and healthcare of the patient. This four level model is analyzed with the healthcare of the patient that is nested with individual patient, healthcare team, hospital that support the patient to help their lives and the political and economic environment that is analyzed with the various hospital for storing the data with the database that is described with the health care of the patient (Gandjour and Lauterbach, 2003). The individual patient is the process of including the patient centered health care system that is available with the system based on the health care system. The three processes such as effectiveness, equity and efficiency is measured with the various processes that is included with the healthcare system.

This security is enhanced with the patient information based on overall performance. The survey is conducted with the third party based on the hospital which is provided with the encryption and decryption of the patient that employees the transparent process with the huge loss based on the data protection act. This law is provided with the various encryption and decryption techniques that cause the huge loss with the hospital. The data is theft or stolen based on the National Health Service that is provided with the transparent and responsible service that is processed with the commitment towards the data theft (Andrade, 2020).  The data governance act is provided with the various health care organizations that is processed with the sensitive data that is respect with the encryption and decryption based on the self motivation. This is offered with the crime offense that is analyzed based on the data protection act which is processed with the secured data in the hospital. The training need to be offered with the various secured system that is analyzed with the data encryption and decryption for securing the medical records of the patient.

Health Information Governance and Network Security

This data governance is the approach that is used with the data management which allows the hospital to balance the needs of the system. The information is collected and stored with the database for securing the data that is collected with the patient with Electronic patient record. This information is secured with the health data that is provided with the patient personal health record that is provided with the financial data which provides the framework (Williams,2007). The information governance offers the accountabilities that are provided with the framework for supporting and promoting the data based on the governance. The overall strategy of the information is configured with the organization that is established with the logical framework based on the different policies and procedures that is developed with the data governance and identity theft. This is established with the various consistent levels that define the logical framework with the system based on the information governance. This describes the policies and strategies that is addressed with the creation of data with the input that is accessed with the national cyber security.

The information is secured with the healthcare organization based on the quality assurance and the availability of the health care records and the information. This is created and processes the inconsistency, disclosure, completeness and protection of the patient information data that is processed with the records and system which relates the number of operation with the management system. This is required with the stakeholder to create, develop and uses the data of the patient healthcare (Appari and Johnson, 2010). The new set of policies and procedures were created and managed with the information management system that is required with the frequent Updation of the technology for implementation of the policies and standards that is transitioned with the Electronic Health Records. The information governance is organized with the hospital that is concerned with the various organizations for the implementation of the E governance with the security based on the patient information. The data governance and information governance is totally differ from each other with identification of pattern that is interchanged with the different concept with scope and focus of the data.

Conclusion and Recommendations

Thus the data governance and the identity theft is explained with the London west health care hospital is linked with the healthcare system. This is offered with the securing the data that overcomes the data governance and identity theft. This is offered based on the various theories and standards that is analyzed with the health care system. The health care data is secured and the memory is provided with the system that decreases the performance once it is addressed with the Data Protection Act. The different standard and procedures were explained with the healthcare system to secure the data with patient health.

References

  1. Andrade, G. ,2020. Medical conspiracy theories: cognitive science and implications for ethics. Medicine, Health Care and Philosophy.
  2. Appari, A. and Johnson, M.E. ,2010. Information security and privacy in healthcare: current state of research. International Journal of Internet and Enterprise Management, 6(4), p.279.
  3. Gandjour, A. and Lauterbach, K.W.,2003. Utilitarian Theories Reconsidered: Common Misconceptions, More Recent Developments, and Health Policy Implications. Health Care Analysis, 11(3), pp.229–244.
  4. Kremers, M.N.T., Nanayakkara, P.W.B., Levi, M., Bell, D. and Haak, H.R. ,2019. Strengths and weaknesses of the acute care systems in the United Kingdom and the Netherlands: what can we learn from each other? BMC Emergency Medicine, 19(1).
  5. Michel, P. ,2018. Strengths and weaknesses of available methods for assessing the nature and scale of harm caused by the health system: literature review.
  6. Williams, P.,2007. Information Governance: A Model for Security in Medical Practice. ECU Publications Pre. 2011.

 

Section C: Network Security

Introduction

The network security is the provided with the healthcare system base on the electronic health record that is connected with the different devices with the healthcare system. The network security is increased with the healthcare security as there is number of process that is carried with the system that stores the data and provides the sensitive information with the system that is handled with the risk management system (Kailar and Muralidhar, 2007). This security audit is conducted with the vulnerabilities that are provided with the electronic system. This develops the electronic system based on the framework of data with the different strategies. This security is provided with the healthcare industry.

Explanation

This networking is the complex department that us provided over the internet based on the security issues with the healthcare and network provider that is analyzed with the system. This is required with the network based connectivity that increases the real time process which is provided with the analysis of the doctor and the security need to be maintained when the transmitting the data through the network is obtained (Sun et al, 2018). This decision will make the patient condition to be stored with the benefit of the patient and the crucial time with the patient is very much effective. Based on the networking, the decision is carried with the provider to improve the security with the healthcare if the patient.

Identification of Assets with Healthcare

The healthcare system is increased based on the model of the business that is very tangible with the asset that is provided with the finance and facility that is analyzed with the healthcare system. There are different assets identified with the system includes the values, human capital and relationship that is analyzed with the healthcare system (Rider et al, 2019). The training is provided with the organization that understands the intangible asset that is analyzed with the healthcare system. The collaborative system is provided with the increased confidence, productivity and intangible assets with the healthcare of the organization. The asset with the healthcare system is identified and analyzed with the training based on the changes that is incorporated with the healthcare system.

Identification of Threats and Vulnerabilities

There are number of security threats identified with the healthcare system such as mobile data access, ransonware, and lack of security, outside threats and poor software security measure that is encountered with the revolutionary provider with the patient records (Narayana Samy, Ahmad and Ismail, 2010). This ransom ware is the latest data security that is related with the data security that is present with the healthcare service providers. There are different security procedures that are presented with the system based on the threats and measures that are identified with the healthcare system. The threats ad vulnerabilities with the healthcare system is identified with different department, Xray, scan and other treatment provided for the patients.

Risk Analysis for Healthcare

The risk analysis is conducted with the various threats and vulnerabilities that are provided with the healthcare system. This healthcare organization is conducted with the risk analysis that is determined based on the exposure that is allowed with the various strategies and manages the risk that is happened with the healthcare system (Kaya, Ward and Clarkson, 2018). The risk is identified and evaluated based on the security of the data with the patient. This reduces the injury of the patient, staff members and other visitors of a hospital. The risk management is provided with the incident that minimizes the damages based on the events such as risk assessment and risk evaluation.

 Mitigation of Security Control Risk

The identified risk with the healthcare system is controlled based on the risk mitigation techniques that are addressed with the healthcare system. There are three different ways with the mitigation of risk in healthcare system are linking the various policies for mitigation of risk that is provided with the healthcare system (Donahue, 2012). This system is worked with the other to improve the safety. The alert is set and reviewed with the different policies that are connected with the National Health Services for controlling the risk. Communicate with the other risk factor that is analyzed with the common risk that is involved with the system. The good policy and procedure is provided with the various complications that is provided with the updated policies that are used with the health care system of the patients.

Security Policy for an Organization

The term policy is used with the healthcare for reviewing the various policies that are used with the information system. This strategy is presented with the overall process that provides the specific plan or the strategy that is analyzed with the objective and goal of the system. This security policy is the statement that is analyzed with the information security for offering the increased security with the system (Appari and Johnson, 2010). The roles and responsibilities with the system is managed with the information security that is secured with the healthcare system are identification of the assets with the healthcare system, then define the roles and responsibilities of the assets, describe the hospital employee roles and their security related information and procedures and then configure the infrastructure based on the given procedures.

Conclusion and Recommendations

Thus the report is concluded with the network security that is provided with the healthcare system is discussed based on the risk analysis and risk mitigation techniques. The healthcare system need to be discussed with the identification of the asset that is analyzed with the threats and vulnerabilities that are identified with the network system. There are different risk identified with the accessing the network server when the data is transmitted with the communication channel that is accessed with the network that is accessed with the cyber attack. A healthcare system is developed with the policy based on the data monitoring method and different policies and procedures were used with the securing the data with the patient. The security policy is developed with the packet sniffers that access the system with the username and password.

References

  1. Donahue, K., 2012. Healthcare IT: Is Your Information At Risk? International Journal of Network Security & Its Applications, 4(5), pp.97–109.
  2. Kailar, R. and Muralidhar, V. 2007. Security architecture for health information networks. AMIA … Annual Symposium proceedings. AMIA Symposium, 2007, pp.379–83.
  3. Kaya, G.K., Ward, J.R. and Clarkson, P.J. 2018. A framework to support risk assessment in hospitals. International Journal for Quality in Health Care, 31(5), pp.393–401.
  4. Narayana Samy, G., Ahmad, R. and Ismail, Z., 2010. Security threats categories in healthcare information systems. Health Informatics Journal, 16(3), pp.201–209.
  5. Rider, E.A., Comeau, M., Truog, R.D., Boyer, K. and Meyer, E.C., 2019. Identifying intangible assets in interprofessional healthcare organizations: feasibility of an asset inventory. Journal of interprofessional care, 33(5), pp.583–586.
  6. Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S. and Wang, G., 2018. Security and Privacy in the Medical Internet of Things: A Review. Security and Communication Networks, 2018, pp.1–9.

 

 

Leave a Comment