Medical Information Systems Security

The risks associated with the information in the medical fraternity have increased with the growth in the number of users of the information. Such a surge in the number of users has increased information security risks. Insurance companies share the information to protect themselves from fraud and health plan managers are among those who need to see medical records to evaluate claims. Also, the legal representatives and their assistants review the medical records in detail. The health care administrative guiding principles are usually developed by the stakeholders in the health sector who can either be the government staff or the corporate institutions. Generally, the basis of the information is from the large quantities of data collected by the respective staff in various stakeholders’ premises.

Why medical information systems?

The choice of this subject is informed by my experience with medical institutions including hospitals. Currently working with the DoD Medical Health System, I have experience in Medical Information systems and my main aim is to design and develop a software system from the old-fashioned paper-based information system to enhance the efficiency and effectiveness of the record system. However, with the introduction of this system, security risks will develop and therefore security measures that will protect the medical information that will be present in the created system. Patients and clients need to be assured that their information is secure for them to be at ease in giving all the required data.

Medical information system security objectives

Medical data when processed generally produces the medical information that is of essence to the practitioners in the field. The sources of the medical information include the radiologic images, meditational prescriptions, lab tests results, patient information on allergies, and any other useful information usually gathered during the routine check-up and interactions with the clients or patients. Most of this information is stored in electronic format in the computers and they exist in soft copies. The sources of information can either be public or private. The issue of the custodian of this information is vital so that confidentiality and privacy are maintained. Such measures will ensure that the physicians, clinicians, and the patient’s privacy are also respected. The safety of the patient’s information is one of the greatest responsibilities that the healthcare service providers undertake intending to safeguard the patients Protected Health Information (PHI) from access by people without the essential permissions. Such measures are aimed at minimizing the breaching of privacy and confidentiality (Laodon et al 2007).

The security is looked at in the context of the maintenance of the trustworthiness of the medical electronic information and ensuring that the access of such information is by the people who may need it and also have the authority to access such information. The existing risks in such scenarios arise with the growth in the number of people involved in the handling of medical information. Such mix-up may lead to some confidential information leaking out of the system and thus compromising the quality of the information system. There are also risks of the growth in the computer databases with clinical data that is usually kept by non-clinical persons and may not necessarily have originated from the records that are usually kept by the clinician’s office. The databases usually predate the patient’s information as used by the clinician at any given instant since the information is computer-based.

Resources and standards

Security professionals usually design the security of a system with the client in mind. The security system can be custom-made to a particular organization or health institution but maybe the same within that field. Therefore they need to get the cooperation of the clinicians and physicians to get their specific needs to be incorporated into the system. Due to the nature of their profession, clinicians and physicians sometimes need to share the patient’s information during further consultation before they make any significant decision. In this respect, they do not have the time to sit on the computers for long on ends trying to get that information, rather, they only briefly examine the data recorded and update them from time to time. Also, the fact that the medical staff attends to more than one patient within a given duration is a point to consider when the security system is being designed for them.

For this, the security system ought to be in such a way that the patient is assured and also guaranteed of their record safety. They should also be easily accessible in totality to the clinicians, that is all the required information on the patient should be available (Dhillon, 2007). However, if any data is missing, the system should be in a position to highlight so. Despite the security measures in place, the system should be accessible rapidly and to the point, to cause n delays in information retrieval. For privacy purposes, the medical staff will also desire to be in control of other parties that gain access to their patients’ information, that is they need to be administrators of the system. This enables them to control access, mainly from the business point of view. Finally, medical staff needs to have access to medical information even when the patient is well. This may be for future references and medical history will come in handy at some point. Therefore, if medical staff have jurisdiction over the patient information. They can use it for reference and support their decisions and actions by the written facts. This also prevents any unauthorized alteration of the records.


Since I am working in a medical and health system, this knowledge of medical information systems and security measures that can be employed will greatly help me in understanding the functionality of the system software that I intend to design and develop. The rampant access of personal health information by unauthorized parties has drawn public attention and sometimes instilled fear in the patients, who may end up losing confidence in the medical and health sector.

Therefore, there is reason to make electronically based stored information different from the easily accessible paper-based storage system. Hence the custodians of these information and medical records have a very high and uphill responsibility of handling the private and confidential information and in turn, educating and monitoring all those who access and use this medical information and material. Hence the unauthorized parties who gain access to this information either accidentally or intentionally will not gain direct access to the data without the required authorization (McNab 2004).


Baltzan, P., & Phillips, A. (2009). Essentials of business driven information systems Boston: McGraw-Hill/Irwin.

Dhillon, Gurpreet (2007). Principles of Information Systems Security: text and cases. NY: John Wiley & Sons. ISBN978-0471450566.

Haag, S., & Cummings, M. (2008). Management information systems for the information age (7th Ed.). New York: McGraw-Hill/Irwin.

Laodon, K.C., & Laodon, J.P. (2007). Management information systems: Managing the digital firm (10th Ed.). Upper Saddle River, NJ: Pearson Prentice Hall.

McNab, Chris (2004). Network Security Assessment. Sebastopol, CA: O’Reilly. ISBN0-596-00611-X.

Peltier, Thomas R. (2002). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Boca Raton, FL: Auerbach publications. ISBN0-8493-1137-3.

Find out the price of your paper