Health Information System Standards and Security Paper

Health Information System Standards and Security Paper
Background Information/Introduction
The widespread use and adoption of software technologies are increasingly opening innovative and better avenues to enhance health care delivery and related outcomes. Mobile apps are software functions that assist individuals in managing their wellness and health outcomes, enhancing their life quality, and obtaining necessary important information whenever or wherever they need it. As mentioned in the case study scenario, the mobile Health (mHealth) app that the Trident Hospital intends to design is tailored to enhance patient engagement concerning their visit to the facility, how they can access relevant health information through the patient portal, and how they use it to retrieve necessary educational materials about their health conditions. This paper discusses different data elements (standards) necessary for the mHealth application development to guarantee quality and mitigate risks.
Standards and Description
Standards

Details

Technical (Access control safeguard).

It is a standard that prevents or limits unauthorized individuals from accessing the mHealth app. This standard can take the form of attribute-based, identify-based, or role-based access control. Role-based control is an individual’s role within Trident Hospital (Kruse et al., 2017). For example, when the organization hires a new provider, it allows them to access patient data, but only that pertains to their clients. Suppose the new staff also contributes to a given committee within the hospital; in that case, the mHealth app should have the control that allows them to enjoy privileges related to serving in such a capacity, including the ability to access committee resources.

Security.

The mHealth app should have the necessary security measures, including encryption techniques for collecting, storing, and sharing information. The app should apply appropriate security measures tailored to mitigate cybersecurity vulnerabilities when faced with potential threats. It should include password management techniques. The cloud services employed should also have the necessary security measures., including stating the terms and conditions of use. It is also necessary that the app incorporates authentication and authorization techniques tailored to safeguard users’ credentials and offer access to their data. It should limit access to data that is solely necessary for the user. Lastly, securing standards ensures that the mHealth app identifies and detects cybersecurity vulnerabilities, potential threats, and exploitation risks (Llorens-Vernet & Miró, 2020).

Administrative safeguards.

According to the U.S. Food & Drug Administration agency’s 2019 report titled Device Software Functions Including Mobile Medical Applications, it emerged that mobile apps could be used to store critical information that helps users or patients self-manage their conditions or illnesses without offering specified treatment suggestions or automate simple tasks for the health care providers (U.S. Food & Drug Administration, 2019a). In this way, security techniques that are feasible for Electronic Health Records, such as administrative safeguards, can also be considered when developing the mHealth app (Kruse et al., 2017). Administrative standards such as procedures, practices, and policies also impact mHealth appl development by ensuring that the final product recognizes potential vulnerabilities and continually improves Trident Hospital’s security posture.

Privacy.

The mHealth app should provide information regarding the terms and conditions of purchase within itself, as well as personally identifiable data recorded. It should provide information concerning the type of user data that needs to be collected and the rationale. It should provide information concerning the data treatment and access policies and ensure the user reserves the right to access the recorded information. Privacy standard would also ensure the mHealth app include a maintenance policy and data erasure guidelines. It should guarantee the confidentiality of the recorded information. The mHealth app should also prompt the user to offer express consent, including the risks of use. Moreover, privacy standards ensure that the app development team takes measures to ensure that the final product can notify users once it accesses other device resources, including their social network profiles or different accounts. It should be tailored to take measures to safeguard minors according to the existing legislation (Llorens-Vernet & Miró, 2020). In addition, confidential user data should be anonymized and protected while establishing a privacy mechanism for user data management needs.

Safety.

Safety standards would ensure that the potential risks to users are recognized. Users should be notified that the mHealth application is not tailored to substitute physician care at Trident Hospital. In addition, the safety standard would ensure that all the potential vulnerabilities for users or patients emanating from possible negative ramifications or inappropriate usage are explained (Llorens-Vernet & Miró, 2020).

Technology.

Technology standards ensure that the mHealth app works appropriately, guaranteeing that the app will not fail during use. This standard would ensure that the functions are correctly retrieved following external disruptions (e.g., incoming messages or calls), contextual changes (e.g., returning or switching to another app), and switching off the terminal. The development process should ensure that the mHealth app does not misuse resources, for example, central processing unit, network, data, battery, or memory. In addition, mHealth should be able to operate in flight mode as well as handle connection disruptions or network delays. Lastly, technology standards ensure that the app also supports diverse versions of data formats or structures (e.g., capacity to support many operating systems (Llorens-Vernet & Miró, 2020).