Royal Adelaide Hospital: Security Program & Information Security Programs

The Security and Information Security Programs of Royal Adelaide Hospital

Question:

Discuss about the Developing a Security Program of Royal Adelaide Hospital.

The Royal Adelaide Hospital leads in the security program and information security program, the security program basically covers the entire set of the personnel, various plans, policies and related to information security program. The information security deals in the corporate or physical security. It is basically designed for structuring the efforts made to contain risks and information assets. The security is based on the framework been designed for ensuring the measures that are being implemented for developing and providing the privacy and security so as to educate the people of the hospital giving the knowledge about the laws, rules and regulations leading to the information controlling, support and the information security goals (Joshi et al., 2014).The hospital management must follow the developing security programs which are essential for the hospital management i.e. an information security policy, Rules, regulations and responsibilities regarding the Information Security, selection and execution to the safety measure, periodic information about to the security databases and assessments. The Hospitality and the health care have an international management and the reputations (Baird, 2013).

The main important factor of the security personnel of the management is

1. The hospital is well developed in its centrepiece of the high-tech camera and the networks have the alarm in keeping the staff and patients to be safe and alert.
2. The high security measures are being implied for the fight against the terrorisms threat.
3. The expert body scanners are placed for an individual and are predictable.
4. The coverable bollards are present to prevent form the terrorist attacks.
5. The individuals are not allowed to bring the prams, motorised scooters, bags or any other luggage so as to maintain the security in the hospital premises (Moodley et al., 2014).

Generally, the issues are arising regarding the hospitality management and the management team and due to this usability of the mobile devices, embedded devices, and virtualization software’s, social media and the threats being occurred regarding to the hospital. There are many issues arising towards the security issues:

1. Security breach was raised regarding to the feared when the patient’s records were found outside the Royal Adelaide Hospital and it was the serious matter arose.
2. The management was been aware of an isolated issue regarding to the collection of pharmacy documents during the hospital move where the two pallets boxes were remained on the loading time (Khokhar et al., 2017).

The improvements generally require the expertise and the financial resources for maintaining the hospital management. It is essential to continuously analyse and to do a systematic study on where the management is lacking behind and where the improvements needed so as to maintain the continuity in the process. The improvement in the hospital is directly linked with the management department and to the hospital delivery approach and to essential systems of the care. It is essential to make an analysis where the scope is to make and improvement and implementation is needed for the hospitals and in the hospital performance. It is one of the biggest challenges to improve the quality and to make the improvements efforts to be initialised in the hospital (Peltier, 2016).

• The various Strategies which are being applied to improve the quality of the hospitals:

1. It is necessary to select and to use a formal model for the improvements in the quality.
2. Establishing and monitoring of the systems for making the evaluation in the improvement efforts and to the outcome and ensuring for all the members and to the staff of the hospital management to understand the metrics to achieve the goal.
3. To make sure that the involvement and acknowledging the responsibilities to the families, staff members, patients, management team etc. are also the major role for the improvement in the quality.
4. Optimisation of the resources in the health care and towards the health information technology to meet the meaningful use criteria (Cao et al., 2014).

Quality Indicators for the Improvement depends on the:

1. Data Sources
2. Study Design
3. Data Collection/ Abstraction Methods
4. Principle Findings

 It is generally an instructional design or also known as the training design. It mainly includes the training as well as the beginning of the learning objectives, planning the steps. It mainly focuses on developing of instructional activities that incorporates with the variety of the training strategies. It mainly used for planning and building the design team which will also be incorporating the training requirements. The training requirements of the Royal Adelaide Hospital has built an international reputation globally as it is one of the best training and teaching provided to this hospital and it basically fulfil and require the best public teachings hospitals in the current scenario (Al Ayubi et al., 2016).  The Pans and designs regarding the training positions at the Royal Adelaide Hospital mainly focus on practicing and doing the research and mainly provide the opportunities to interact with the experts in the clinical field. They work according to the training design or to the instructional design and its process for creating a blueprint. They mainly tend to create the understanding of the clinical involvements and generally link evidence the theories to practice. It provides the direct education for the clinical placement but it is mainly received form the education provider to the department of health education (Gordon et al., 2017).

What is the Security Program of Royal Adelaide Hospital?

ISO is the security standards which is been used and also known as the Information security standards. It is mainly used and helps the organisation to keep the information assets secure such as the financial information, intellectual property, employment details etc. is mainly entrusted with the third parties. IT is used in the organisation as it is the set of rules which is been followed in order to meet the needs and understand the wants of the customers. It is most widely used and a successful series of an organisation. It is the process which is being tried, tested and managed as a business process. Hospitals and performance are based on the statistics and articles regarding to the services which are being falling short of expectations and are rarely been used in the hospital management (Kass et al., 2015). It is also used for the various standards and for the quality measures. This document provides the framework for the designing and for the enhancement in the process based quality measurement and its classifications by a health care organisation. The guidelines which are being specified are not intended for the certification or authorization. It ensures to the suppliers design, create and delivering of the products and the services, which generally fulfil the criteria of meeting the predetermined standards (Gordon et al., 2002). The various standards which are been initiated and followed by the Hospital Management are:

1. The acceptable quality care with affordable prices.
2. It is timely been cared.
3. It is necessary to have the clear communication with the patients.
4. Best facility provided for fixing the appointments with the doctors and delivery of services.
5. Reliable laboratory support and diagnosis.
6. Pleasant and safe environment.
7. Good attitude towards patients, courtesy and technical competence is being followed (Chin, 2001).

It is essential to maintain and design the security model in the hospital so as to avoid the risks or the threats.  The hospital model should follow the various standards to work according to the model which is being design so as to ignore the vulnerabilities and to provide the best facility to the customers and the patients. It is necessary to maintain the Patient information secured and is very sensitive, its misuse can affect deeply to the patient’s life. In the early period the hospital used to maintain the information on the papers and because of this the misuse was easily made by the third party (Marguson, 2014). According to the current scenario the information is been updated online, so even the patients or their family can check the cure status or test reports of a patient online. So that nobody can access to the information and cannot misuse the genuine information regarding to the status of a patient. The management generally emphasis on the privacy provided by the hospital and to the patients.   For viewing to the records, it must be accessible for the certain time period (Peltier, 2016).

What is the Information Security Program of Royal Adelaide Hospital?

The suitability criteria for certification of the Royal Adelaide hospital aim to the quality management systems in the hospitals and it is essential to outline the main advantages of implementing the various operations in the hospital. It is important that every hospital should have the certification of an organisation with the ISO certification. The role of the suitability of the certificate is to certify the compliance to the material which is been provided and the requirements are laid down (Sennewald and Baillie, 2015). Certificate of the suitability has been granted for all the products which are related to the health care products and the medicinal products. It is essential for the Royal Adelaide to have the license for the health care facility for the equipment’s and the resources being used in the hospitals. The hospital have draft the standard for the health service safety and for the quality management which generally provide the suitability to the patients and all the accreditations and the copy of the certificates  for the evidence that the operations performed are commenced (Hassan et al.,  2017).

It has been maintained and properly well-developed but is very expensive for the construction deflects.  There are various factors regarding to the compliance of the Royal Adelaide hospital.  It is necessary to maintain the documents regarding the compliance of the Royale Adelaide Hospital. With all the security policies and to the implementation of the plan the compliance is been made according to the actions being performed by the management team. The management help in the quality measures and the data and the records which are being maintained, it includes the data of the employees etc. securing of the data, time of handling the system issues. It is essential to maintain the identical security and the compliance measures. It is necessary for the compliance officer to maintain the independency in terms of the programs associated with the information security program and management of the information security. The hospital has formulated several policies in order to safeguard the information (data) assets of the organisation. These policies are framed by the hospital management with the objective of closely monitoring the issues in relation to the compliance of its policy framework. The compliance of the policies should be given due respect as it enables the management to maintaining and enhancing the quality of services offered by the hospital (Luzia et al., 2016).

Hospitals are having sensitive work environment where patients are affected if any risks or unwanted threat occurs. This will definitely affect the sensitive working environment of hospitals. Therefore, this requires the requisite assistance from competent personnel of management and security experts so as to identify the potential risks and threats associated with the hospital. Critical Analysis of all the possible threats helps in identifying the potential risks occurs to facility and then assisting and developing of a comprehensive tool of assessment of threats.  A self- assessment tool is built to help the facility to identify the potential risks and then it provides very well categorized and defensive measures which affect the workplace environment minimally.

Hospital Management’s Responsibility in Ensuring Privacy and Security

Security measures are implemented to eliminate and reduce the unwanted threats that can be occur to patients ,visitors, staff and physical assets .There must be yearly conduction of an initial threat analysis followed by annual self-assessment to meet some specific standards which is basically some high industry standards it is important for hospitals to organize such assessment programs which can helps in improving standards of security protocols ,policies and procedures which is categorically developed by proper knowledge ,procedures and training (Barnum and Kutzin, 1993).

1. For threat identification various measures can be used such as Closed Circuit TV camera with recording capability and of better resolution and placed on all major entries and exits of hospital and these must having UV LEDs enabled for night vision for capturing images in even low light conditions.
2. Sensitive areas having a restricted access with proper locked promises and maintained in secure position at all times.
3. All access codes of hospital should be changed periodically or terminated employees smart card and authorized keys would be seized during their resignation and no longer new keys issued by hospital authority until recruitment of new personnel (WU and LI, 2008).
4. Electronic protection system for infants are provided for preventing the child trafficking of new born several bands and safety lasers are installed so when if they are cut or falls off or tried to be removed by any unauthorized personnel an alarm is raised which will directly inform to security personnel’s of hospital informing of any illegal movement in nurseries.
5. An Id issued to every employee and staff which should be applied as badge facing forward at chest level which displays all important information that is individual name, credentials, and department and digitally signed by hospital authority with a hospital logo on it.
6. Security professionals appointed in a hospital must having past 3 years’ experience in healthcare field this will helps in threat identification more easily as experience matters in this field a lot (Ernest and Ho, 2006).

As the risks are identified in the sensitive environment then risk assessment is second most important step to eliminate the risks and to provide a better healthcare environment where patients can easily get their medication and treatment properly. Assessing the risk requires the expertise and financial support with resources for providing bringing up better management facilities in hospitals. This is an exquisite matter of fact to study that how management is lacking in hospitals and what improvements in risk assessment .The improvement in hospital risk assessment is linked with management department and the necessary systems already present in hospital and what up gradation is needed to them as well. Risk assessment includes the new plans and design of hospital infrastructure and how well it is maintained by management which in basic helping the prevention of risk that still not occurred in hospitals  (Gordon and Loeb, 2002). It also includes the recruitment of trained personnel who can already know how to overcome the risks and help the hospital management by overtaking the risk and its factors effectively. Updating of security model also helps in risk assessment affectively which will also help in avoiding risks updating the security model and designing new one will affectively resolve some of the problems. The assessments were made on the various regarding to the hospital and its organisational behaviour:

1. Designing of a security Master Plan.
2. Following the policies and the standards to have the basic guidelines for implementing the infrastructure services.
3. Operational Infrastructure for implementing to the security and its controlling systems and integrating with the key or the main systems of the hospital.
4. Operational Services define the scope and the structure of the hospital management and the manpower of the security services.
5. Testing is made to insure that the working of all the systems is properly grouped and to ensure that all the services are operated.

The current scenario of the hospital is expanded in its various cultures and forms. They tends to provide as much as facility to the patients as well as to the management team of the hospital.

1. The hospital has planned to relocate in the city.
2. The new hospital would be built on the rail yards site.
3. It is been built to have the hospital to be on the highest and the biggest hospital development in the Australian History.
4. It is being built to have the intention of improving the health care across the state.
5. The hospital will trigger to shape up the entire system of for having the proper public health system.
6. The hospital is been built to provide the multi-level accommodation block (Sennewald and Baillie, 2015).

Conclusion

 The main objective of the research is to enhance security level of the data possessed by the organisation as it may be critical and sensitive enough for the patients and hospital as well. The management team that have involved in development of the security models to specialize into health care security and its systems that tends to have a high level security. Management of the hospital basically intends to put an emphasis on the privacy of the patients and to maintain their material records. The Hospital mainly aims to develop and propose the authorization model for the medical and the genetic information. The research is made to analyse the interactions of the systems and users with a patient records. Moreover, it is aimed at detecting the threats and making the improvements to have the business continuity. It is essential for the hospital to develop a secure methodology for building and configuring the systems for the various operations.

Implementing Security Policies, Rules, and Responsibilities

References

Joshi, R., Hocking, C., O’Neill, S., Singhal, N., Kee, M. and Keefe, D.M., 2014. A Prospective Audit of Inpatient Medical Oncology Consultation Patterns in a Tertiary Teaching Hospital in South Australia. Global Journal of Epidemiology and Public Health, 1, pp.42-47.

Baird, A.H., 2013, January. The new Royal Adelaide Hospital: the age of the digital hospital dawns in South Australia. In Proceedings of the Sixth Australasian Workshop on Health Informatics and Knowledge Management-Volume 142 (pp. 3-6). Australian Computer Society, Inc..

Moodley, Y., Goh, N., Glaspole, I., Macansh, S., Walters, E.H., Chapman, S., Hopkins, P., Reynolds, P.N., Zappala, C., Cooper, W. and Mahar, A., 2014. Australian Idiopathic Pulmonary Fibrosis Registry: vital lessons from a national prospective collaborative project. Respirology, 19(7), pp.1088-1091.

Khokhar, K.B., Elliot, A., Stiles, M.K., Lau, D., Mahajan, R., Thiayagraj, A., Munawar, D.A., Gallagher, C., Middeldorp, M.K., Agbaedeng, T.A. and Sanders, P., 2017. P3554Aortic stiffness in atrial fibrillation: q systematic review and meta-analysis. European Heart Journal, 38(suppl_1).

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Cao, Q., Jones, D.R. and Sheng, H., 2014. Contained nomadic information environments: Technology, organization, and environment influences on adoption of hospital RFID patient tracking. Information & Management, 51(2), pp.225-239.

Al Ayubi, S.U., Pelletier, A., Sunthara, G., Gujral, N., Mittal, V. and Bourgeois, F.C., 2016. A Mobile App Development Guideline for Hospital Settings: Maximizing the Use of and Minimizing the Security Risks of” Bring Your Own Devices” Policies. JMIR mHealth and uHealth, 4(2).

Gordon, W.J., Fairhall, A. and Landman, A., 2017. Threats to Information Security—Public Health Implications. New England Journal of Medicine, 377(8), pp.707-709.

Kass, E.M., Skvarenina, M., Syed, H., Mertz, J., Houston, J., Dunn, G., Rhodes, R. and Hughes, K., 2015. ROUND TABLE: HOW TO PROTECT PATIENT DATA. A panel of hospital security experts sheds light on the biggest threats to patient privacy and what they’re doing to safeguard medical records. Health data management, 23(4), pp.30-33.

Gordon, L.A. and Loeb, M.P., 2002. The economics of information security investment. ACM Transactions on Information and System Security (TISSEC), 5(4), pp.438-457.

Chin, T., 2001. Security breach: Hacker gets medical records. American Medical News, 44, pp.18-19.

Marguson, A., 2014. Personal data of 8,300 new moms sold to financial firm in hospital security breach. CBC News.

Tipton, H.F. and Krause, M., 2003. Information security management handbook. CRC Press.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Sennewald, C.A. and Baillie, C., 2015. Effective security management. Butterworth-Heinemann.

Ernest Chang, S. and Ho, C.B., 2006. Organizational factors to the effectiveness of implementing information security management. Industrial Management & Data Systems, 106(3), pp.345-361.

WU, A.H. and LI, D., 2008. Homology Study of Resistant Gram-negative Bacilli Isolating from Hospitalized Patients, Hospital Environment and Hands in Intensive Care Unit [J]. Chinese Journal of Nosocomiology, 7, p.007.

Barnum, H. and Kutzin, J., 1993. Public hospitals in developing countries: resource use, cost, financing. Johns Hopkins University Press.

Hassan, N.H., Maarop, N., Ismail, Z. and Abidin, W.Z., 2017, July. Information security culture in health informatics environment: A qualitative approach. In Research and Innovation in Information Systems (ICRIIS), 2017 International Conference on (pp. 1-6). IEEE.

Luzia, S., Manuel, J., da Silva, R.F.B., da Silva, P.M.L. and Balloni, A.J., 2016. MANAGEMENT INFORMATION SYSTEMS AND TECHNOLOGIES IN PUBLIC HOSPITALS. International Journal of Management Science & Technology Information, (19).