Threats to Health Information Technology: Health Systems Security

Threats to Health Information Technology: Health Systems Security

The world has witnessed significant technological developments in technology in the 21st century. These technological advancements have penetrated the healthcare sector with clinical information systems that allow clinicians to share information with the click of a button. The shared clinical data is protected by HIPAA and is at risk for exposure due to lax security systems.

With more medical practices becoming electronic every day, cyberterrorism takes advantage of these weak security systems to spread mayhem and distrust.

Health Systems Security

Health systems security makes use of some strategies to ensure that medical information handled with a lot of care and integrity. This is the information about diagnosis procedures used, the financial records of the patient, and prescription details. The systems are designed in a way that this information is readily available when needed by the authorized personnel without exposing it to other parties (Jones, Rudin, Perry & Shekelle, 2014). Weak security systems expose the patients’ medical information to vulnerabilities which lowers the overall quality hence compromised medical interventions. Timely access and retrieval of patient information are missed when security systems are weak.

Importance of Health Systems Security and HMIS

Health care facilitates are expected to operate in a manner that indicates professionalism which is indicative of the quality of services being offered. Health systems security is a standard that determines the quality of the health services which is concerned with treatment options is highly reputable. HMIS provides reliable data that is used in various sections of a health system to execute medical interventions that are involved. They also help in strengthening the available health systems through provision of accurate information which is available at all times when required.

Planning HMIS

HMIS is responsible for overseeing the entire systems that handle health information to prevent data degradation and intrusion by other factors that might attack the systems. Health systems security helps HMIS to verify the services offered to determine whether they are eligible or not. The analysis of the systems is made easy as timely information about their status and functionality is made available. This becomes important in decision making by the management when deciding on upgrading options or acquisition of new ones.

Implementing HMIS

Health systems security helps to design the guidelines used in the implementation of HMIS by giving insights into various components of the systems that should be given priority. It also helps to simplify the management role of the HMIS by giving early indicators of areas that require improvements (Liu, Musen & Chou, 2015). The implemented HMIS is assessed by determining any deviation from what health system security outlines. The implementation process of HMIS cannot be successful without health systems security to provide key indicators important considerations.

Key Findings

A number of facts about health security systems have since been found which reveals a number of threats where systems are weak. These are threats related to damage that occurs on health information available on health systems. These damages are due technological problems and other intrusions by malicious persons. There are some measures that have identified to be effective and recommendable for adoption by a health system to enhance the security of health information.


Key Finding #1

In the current times, there are various types of malware available on the internet and spread quickly to affect the normal functioning of systems. Malware programs are malicious and will at times wipe the stored information on the systems (Perakslis, 2014). Such a loss of data due to virus attacks disrupts the normal operations of health facility as processes are halted. In other cases, the attacks comprise the processes involved leading to undesirable results that lead to inappropriate curative and prevention interventions used on patients. The attacked systems give misleading conclusions which leads to wrong decisions when deciding on treatment options.

Key Finding #2

 Enhancing security of health systems requires that the IT department adopts tested strategies determined to produce excellent results. Use of original and tested anti-virus packages is recommendable to prevent attacks by these anti-viruses and malware (Harries & Yellowlees, 2013). It is required that the systems be reviewed from time to time to reveal weak areas that require improvements to maximize on information security. It is important that the IT department works closely with the management to acquire newly-introduced security systems which are efficient than the previous ones.

Implications of Laws & Regulations & Ethics on Health Systems Security

HIPAA security rule is a standard rule that governs the protection of health information. It addresses both technical and administrative roles that are used to ensure that health information is protected at all levels. It sets goals which security systems should always meet for them to remain viable. The rule acts as a control guide that ensures health information is always secured, and accurate medical interventions are involved. This means that the members of the public are always protected by when the health information used on them of high integrity.

Laws & Regulations

It is required that health information stored in health system be accessed and used only by authorized personnel. The personnel are required to adhere to their code of conduct to make sure that they only use this information for the intended medical purposes only. This is a measure of professionalism that every health care work should uphold. The IT personnel should that ensure that access to health information is controlled and only allowed to the rightful persons.


Confidentiality of health information is very important and should not be compromised at any cost. The security systems should thus make sure that health information is only available upon retrieval by an authorized person. Physicians are expected to handle and use health information as stipulated in their code of ethics and assure the patients of their safety and confidentiality of their health information (Billingsley & McKee, 2016). Security systems are hoped to borrow from these code of ethics for them to remain viable and acceptable.


Health information systems are a crucial element of improving efficiency and the quality of care delivered to patients. Yet the security of these systems remains in doubt as the number of unauthorized disclosures rise every year despite warnings. Healthcare organizations are facing a moving target that sees the protected health information as something to sell instead of something worth protecting. Cyberterrorism represents one of the greatest threats to health information technology systems today since it is a silent predator that preys upon the weak. Sadly, many healthcare organizations fail to recognize this threat until the damage has been done.



Billingsley, L., & McKee, S. A. (2016). Cybersecurity in the Clinical Setting: Nurses’ Role in the Expanding “Internet of Things”. The Journal of Continuing Education in Nursing47(8), 347-349.

Harries, D., & Yellowlees, P. M. (2013). Cyberterrorism: Is the US healthcare system safe?. Telemedicine and e-Health19(1), 61-66.

Jones, S. S., Rudin, R. S., Perry, T., & Shekelle, P. G. (2014). Health information technology: an updated systematic review with a focus on meaningful use. Annals of internal medicine160(1), 48-54.

Liu, V., Musen, M. A., & Chou, T. (2015). Data breaches of protected health information in the United States. JAMA313(14), 1471-1473.

Perakslis, E. D. (2014). Cybersecurity in health care. N Engl J Med371(5), 395-397.