Messages
Proposals
Get Urgent Help In Your Essays, Assignments, Homeworks, Dissertation, Thesis Or Coursework Writing
100% Plagiarism Free Writing - Free Turnitin Report - Professional And Experienced Writers - 24/7 Online Support
The
essay discusses the issue of privacy and security of medical data records. It
highlights the key issues based on research and experience. Recommendations are
followed by the issues discussed highlighted in the report. The method was observation and review of
literature. The purpose was assessing the Security
and Privacy issues of Electronic Health care records in Saudi Arabia.
Health
care around the globe attracts interest of many people and is a main concern.
Let it be the political forces or the other stake holders, everyone wants a
policy that is aimed at better healthcare facilities. Countries all over the
world have adopted modern Information and Communication technology to record
and save data of patients so it can be used to identify the individual patient
or a general trend across the country. It was a recent visit to a hospital in Madinah
to accommodate the pilgrims when I noticed the electronic system of maintaining
patient’s data and storing it in the databases. The purpose of the essay is to
highlight the issues and the role of government in maintaining privacy. The EPR system has benefited millions around
the world and it is in its developing phase in Saudi Arabia. The system is not
perfect in the way it operates in the dynamics of Saudi Arabia but it is
improving and the government has invested billions of dollars to make it
successful.
The
Event of Security and Privacy issues of Electronic Health care records in Saudi
Arabia
I
observed that the Saudi Arabian hospitals maintain a large database for record
keeping, to facilitate the doctors, patients, policy makers and future
research. I saw record keeping about the
patient was very important before they progressed the patient to doctor. Even
for the tourist visiting their nationality and data was kept by the
authorities. The native’s data was synced to a central database for record
keeping and further analysis of Meta data to know about the diseases around the
country. I was told when I asked about the process and why the information was
essential. The event was a highlighting
experience of my life as I came to know about the data keeping and its multiple
uses. I noticed that there was very less regard to privacy and there was no
disclaimer or privacy policy for the data. This directly involves the role of
government to ensure fair practices and ethical handling of data.
Issue
of Security and Privacy
issues of Electronic Health care records in Saudi Arabia
The
ministry of healthcare in Saudi Arabia has made progression from use of paper
to EPR system (Electronic patient record system). The government has invested billions in term
of capital to introduce the system and has used modern information technology.
More than 1 billion dollars alone was invested in e-health implementation
I
discovered how the record keeping enables the patient to remain paper free as
their history will be available to all hospitals in the Kingdom. I personally
felt great about the initiative as it was a great step in betting healthcare
facilities. The people residing in the kingdom and the pilgrims/ tourists
visiting the country are the ones to greatly benefit from the initiative. I
experienced the facility and EPR system first hand as a patient; this made me a
stake holder in the system. The EPR maintained all my history, personal
information and where I was treated and by whom.
The
key issue here is that the patients were not handed over any disclaimer or
asked for consent to give their information which will be saved and put to use.
The non-existence of privacy policy is the issue as the patients are unaware of
the security protocols in maintaining of their data. This lays great
responsibility on the government as they are the ones who brought the system.
The problem with the EPR system in Saudi Arabia is that the health service
providers are great in number and there is no unified system which means the data
of patients is scattered among different health care service providers
·
Confidentiality
·
Integrity
·
Availability
All
of the three terms refer to the treatment of data and how it should be treated.
It maintains that data should not be available to all and be kept confidential.
Also the accuracy of data should be ensured. It also refers to the availability
of data when needed at the right place. CIA triad is used to form policy
regarding data security
Analysis
of Security and Privacy
issues of Electronic Health care records in Saudi Arabia
I
had the firsthand experience and had to look into global practices and read
about it from different sources. The study of historical data or literature
review revealed the benefits of the system and why it is the need of time. But the system has attracted the attention of
many stakeholders to improve and improvise in the system for betterment of
healthcare services. The growing concern for the information system is
security. The driving force behind the security is the sensitive nature of data
with medical and personal records. “Transmission and access of medical records
needs to be addressed by the means of security, privacy and confidentiality”
It
is the ethical duty and the legal requirement to seek consent of the patient
before taking their data. The ethical dilemma in the situation of Saudi Arabia
is that they want to improve the system but the health care service providers
are not taking in account the privacy issues.
Patients around the world are at the center of policy making in
healthcare. Charles says “Development in standardization within healthcare,
especially in the USA and Europe, have been motivated by patient-centered and
managed care”.
The
success of the system is when it is based on the people it is going to
address. The need for Saudi Arabia is to
introduce an organization culture that will better address the issue. Employees
need to respect privacy and treat data in all fairness. A principle stated is
the ethics principle. “The security of information should be provided in such a
way that respects the rights and legitimate interest of others”
The
systems in the Saudi Arabia are new and lack the security protocols and
handling of data. The organizations in Saudi Arabia lack clarity in informed
security policy and strategy
Conclusion
on Security and Privacy
issues of Electronic Health care records in Saudi Arabia
I
have personally learned the importance of EPR systems and how they are
dominating the world healthcare scene. There are numerous advantages of the system to
patients, doctors, management and the government too. It helps maintain and
predict the national healthcare requirements and in policy making. My study has
helped me learn the best practices and the reaping benefits of the ERP system. The benefits of EPR range from improvement of
patient care and overall health quality as the abundance of data adds to the
betterment of the system. Also the EPR system reduces error and provides a
clear picture for future data.
EPR can help stop an epidemic too. EPR systems
increase the overall efficiency as the paper based model takes time and the
individual has to keep it safe. The
administrative and managerial advantages are great for the ERP system as he
overall organizational efficiency is improved. For a country like Saudia Arabia
where many people come to work it is important for the management to maintain
large databases to predict medical situations that can help in the future. The
research and quality management has improved drastically by the help of EPR
system.
I
have learned that a close eye for attention to detail can help us see the
issues around us and being aware of our civic rights makes us a better citizen
that can add value to the society. Saudi Arabia has been working hard on the
ERP situation and has invested a significant amount on it
Action
Plan of Security and
Privacy issues of Electronic Health care records in Saudi Arabia
Doing
the talk is easy but to come up with practical solution is what is needed. I
will be bringing in light the situation at hand with officials of the
healthcare service providers and ask them to train their employees for better
services. But before that I need to be
prepared to know about the legality and operation of the EPR system. People
should be made aware of the system and the importance of data it will contain.
People need to know about the right to information and access. I will equip
myself with the knowledge of CIA triad and other privacy policy matters. I will
be drafting an alternate or sample privacy policy to help the ERP system
handlers so they can take a leaf and develop their own privacy policy. A better
approach is to take to the authorities on the concern and giving them the world
wide view of the practices.
Recommendations
of Security and Privacy
issues of Electronic Health care records in Saudi Arabia
Saudi
Arabia is improving with time and is relying more on IT and modern ways to
governance. They need to develop privacy policy laws so the stakeholders are take
in to confidence in regards to their information and data storage. To conclude I will give the following
recommendations to improve the system and overall efficiency:
·
Change in organization culture
Saudi Arabia needs to
develop a more professional workforce and a culture that respects information
and data of patients to avoid any kind of unpleasant situation in the future.
·
Training of employees
The employees need to be
trained in using and handling the system. The new system is sophisticated and a
simple mistake can ruin the credibility of data affecting the efficiency of the
system.
·
Documented Privacy policy
This
is the most needed of all that is requirement of a documented privacy policy.
The privacy policy should address all the major stake holders and be a guiding
reference to the practices and which data is required and how it will be used.
Not only this, the privacy policy will answer the questions of patients
regarding the system. The privacy policy also acts as a disclaimer that how the
information will be used within the organization and outside. The patients will
be giving their consent and this is the ethical requirement too.
·
Maintaining a chain of command
For the ERP systems there
should be a chain of command and hierarchy on who has what authority. This will
make easy to develop policy and train the employees.
·
Implement the CIA triad
The three basic
principles of data information treatment should be followed. It is on the basis
of this that the policy can work and be formed. The three words refer to
confidentiality of data, Integrity of data and availability of data at the
right time and right place. I believe there is a lot that people can benefit
from and people’s feedback should be taken. There should be a larger policy
review and the staff should be talked to and informed by the patients whether
or not they are comfortable with current practices of the management.
References of Security and Privacy issues of Electronic Health care records in Saudi Arabia
|
[1] |
Sahi, "Saudi
E-health conference," 2008. [Online]. Available: www.saudihealth.org. |
|
[2] |
M. Altuwairjri,
"Electronic Health in Saudi Arabia," Saudi Medical Journal, vol.
29, no. 2, pp. 171-178, 2008. |
|
[3] |
A. Ferreira and D.
Chandwick, "Access control: how can it control patients'
healthcare?," Stud health Techno inform, vol. 29, pp. 65-76,
2007. |
|
[4] |
R. Anderson,
"A security policy model for clinical information systems," IEEE
Symposium on Security and Privacy, pp. 30-43, 1996. |
|
[5] |
A. Charles, K. Dube
and F. Mtenzi, "Electronic healthcare information Security," Advance
in information Security, vol. 53, p. 190, 2010. |
|
[6] |
A. Abu Musa,
"Information security governance in Saudi organizations: an empirical
study," Information Management & Computer Security, vol.
18, no. 4, pp. 226-276, 2010. |
Discuss your homework for free! Start chat
