Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(236.3KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Medical Information Security
William C Figg, Hwee Joo Kam
Pages - 22 - 34     |    Revised - 01-05-2011     |    Published - 31-05-2011
Volume - 5   Issue - 1    |    Publication Date - May / June 2011  Table of Contents
MORE INFORMATION
KEYWORDS
Security, Medical Security, Identity Theft
ABSTRACT
Modern medicine is facing a complex environment, not from medical technology but rather government regulations and information vulnerability. HIPPA is the government’s attempt to protect patient’s information yet this only addresses traditional record handling. The main threat is from the evolving security issues. Many medical offices and facilities have multiple areas of information security concerns. Physical security is often weak, office personnel are not always aware of security needs and application security and transmission protocols are not consistently maintained. Health insurance needs and general financial opportunity has created an emerging market in medical identity theft. Medical offices have the perfect storm of information collection, personal, credit, banking, health, and insurance. Thieves have realized that medical facilities have as much economic value as banks and the security is much easier to crack. Mostly committed by insiders, medical identity theft is a well-hidden information crime. In spite of its covert nature, the catastrophic ramification to the victims is overt. This information crime involves stealing patients’ records to impersonate the patients in an effort of obtaining health care services or claiming Medicare on the patients’ behalf. Unlike financial identity theft, there is a lack of recourse for the victims to recover from damages. Medical identity theft undermines the quality of health care information systems and enervates the information security of electronic patient record.
CITED BY (6)  
1 Kongnso, F. J. (2015). Best Practices to Minimize Data Security Breaches for Increased Business Performance.
2 Glenn, T., & Monteith, S. (2014). Privacy in the digital world: medical and health data outside of HIPAA protections. Current psychiatry reports, 16(11), 1-11.
3 Shahri, A. B., Ismail, Z., & Rahim, N. Z. A. (2013). Constructing Conceptual Model for Security Culture in Health Information Systems Security Effectiveness. In Advances in Information Systems and Technologies (pp. 213-220). Springer Berlin Heidelberg.
4 Shahri, A. B., Ismail, Z., & Rahim, N. Z. A. (2013). Security Culture and Security Awareness as the Basic Factors for Security Effectiveness in Health Information Systems. Jurnal Teknologi, 64(2).
5 Shahri, A. B., Ismail, Z., & Rahim, N. Z. Cultivating of Human’s Behavior Toward Security Effectiveness in Health Information System.
6 Kingsley, L., & Worker, M. The implementation of an intelligent digital rights management platform in the health care field.
1 Google Scholar
2 CiteSeerX
3 iSEEK
4 Scribd
5 slideshare
6 PdfSR
1 Appelbaum, P.S., “Threats to the Confidentiality of Medical Records – No Place to Hide”, JAMA; (283:6), pp. 795-797, Feb 2000.
2 Benbasat I., Goldstein D.K., and Mead M.,“The Case Research Strategy in Studies of Information Systems”, MIS Quarterly; (11:3), pp. 369-386, Sept. 1987
3 Biotech Business Week, “Electronic Medical Records: Medical Identity Theft Survey Shows Consumers Concerned about Privacy, Protection of Records”, Jan 8, 2007.
4 Boyd, A.D., Hosner, C., Hunscher, D.A., Athey, B.D., Clauw, D.J., and Green L.A., “An Honest Broker” mechanism to Maintain Privacy for Patient Care and Academic Medical Research”, International Journal of Medical Informatics; (76); pp. 407-411, 2007,.
5 Conn, J., "A Real Steal. Patients, Providers Face Big Liabilities as Medical Identity Theft Continues to Rise, and in Many Cases it's an Inside Job,"Mod Healthc; (36), pp. 26-28, 2006.
6 Cooper, R. B., “Information Technology Development Creativity: A Case Study of Attempted Radical Change”, MIS Quarterly; (24:2), pp. 245-276, Jun. 2000,.
7 Davis, N., Leniery, C., and Roberts K.,“Identity Theft and Fraud – The Impact on HIM Operations”, Journal of AHIMA; (76:4); April 2005.
8 Davenport, K.A.,“Identity Theft that can Kill you”, Available at www.law.uh.edu/healthlaw/perspectives/2006/(KD)IdentityTheft.pdf
9 Dixon, P., “Medical Identity Theft: the Information Crime that can Kill You”, The World Privacy Forum; May 2006.
10 Earp, B.E. and Payton, F.C.,“Information Privacy in the Service Sector: An Exploratory Study of Health Care and Banking Professional”, Journal of Organizational Computing and Electronic Commerce; (16:2), pp. 105-122, 2006.
11 Eisenhardt, K.M., “Building Theory from Case Study Research”, Academy of Management. The Academy of Management Review; (14:4), Oct 1989; ABI/INFORM Global.
12 Emam, K. E., Neri, E., and Jonker E., “An Evaluation of Personal Health Informations Remnants in Second-Hand Personal Computer Disk Drives”, Journal of Medical Internet Research; (9:3); 2007.
13 Fromer, M.J.,(2007) “Medical Identity Theft: Under-reported, Underresearched, & More Common than Generally Known”, Available atwww.oncology-times.com; Jan 5, 2007.
14 Garson, K. and Adams C., “Security and Privacy System Architecture for an e-Hospital Environment”, ACM International Conference Proceeding Series; (283pp. 122- 130, ); 2008.
15 Gaunt, N., “Practical Approaches to Creating a Security Culture”, International Journal of Medical Informatics; (60); pp. 151 – 157, 2000.
16 Gostin, L.O., “Personal Privacy in the Health Care System: Employer-Sponsored Insurance, Managed Care, and Integrated Delivery Systems”, Kennedy Institute of Ethics Journal, (7:4), pp. 361 – 376, 1997.
17 Hutson, T., “Security Issues for Implementation of E-Medical Records”, Communication of ACM; (44:9), Sept. 2001.
18 Karyda, M., Kiountuzis, E., and Kokolakis, S., “Information Systems Security Policies: A Contextual Perspective”, Computer & Security; (24); pp. 246-260, 2005.
19 Kluge, E. W., “Fostering a Security Culture: A Model Code of Ethics for Health Information Professionals”, International Journal of Medical Informatics; (49); pp. 105 – 110, 1998.
20 Lee, A. S., “A Scientific Methodology for MIS Case Studies”, MIS Quarterly; (13:1), pp. 33-50 , March 1989.
21 Lindberg, D.A.B. and Humphreys, B.L., “The High-Performance of Computing and Communications Program, the National Information Infrastructure, and Health Care”, Journal of the American Medical Informatics Association; (2:3), pp. 156-159, May-Jun. 1995.
22 Malin, B., “A Computational Model to Protect Patient Data from Location-Based Re-Identification”, Artificial Intelligence in Medicine; (40:3); pp. 223-229, Jun. 2007.
23 Merisalo, L.J., “Medical Identity Theft”, Aspen Publishers; (17:9); June 2008.
24 McMurray, A.J., Gilbert, C.A., Reis, B.Y., Chueh, H.C., Kohane, I.S., and Mandl, K.D., “A Self- Scaling, Distributed Information Architecture for Public Health, Research, and Clinical Case”, Journal of American Medical Informatics Association, (14); July – Aug. 2007.
25 Offen, M.L., “Health Care Fraud”, Neurologic Clinics, (17:2); May 1999.
26 Pear, R. (2008)“Agency Sees Theft Risk For ID Card In Medicare”, Available at www.nytimes.com/2008/06/22/washington/22medicare.html
27 Roger France, F.H., “Control and Use of Health Information: a Doctor’s Perspective”, International Journal of Bio-Medical Computing, (43); pp. 19-25, 1996.
28 Schlienger, T. and Teufel, S., “Analyzing Information Security Culture: Increased Trust by an Appropriate Information Security Culture”, Proceedings of the 14th International Workshop on Database and Expert Systems Applications; 2003; IEEE.
29 Sloane E.B., “Using Standards to Automate Electronic Health Records (EHRs) and to Create Integrated Healthcare Enterprises”, Proceedings of the 29th Annual International Conference of the IEEE EMBS, Aug. 2007.
30 Smith, E., and Eloff J.H.P., “Security in Health Care Information Systems – Current Trends”, International Journal of Medical Informatics, (54); pp. 39-54, 1999.
31 Sparrow, M. K., “License to Steal. How Fraud Bleeds America’s Health Care System”, Westview Press; 2000. ISBN: 0-8133-6810-3.
32 Vacca, J.R., “Computer Forensics: Computer Crime Scene Investigation, Second Edition”, Charles River Media; 2005. ISBN: 1-58450-389-0.
33 Yin, R. K., “Enhancing the Quality of Case Studies in Health Services Research”, Health Services Research (34:5), pp. 1209-1224, Dec. 1999.
34 Yin, R. K., “The Case Study as a Serious Research Strategy”, Science Communication; (97:3), 1981.
35 Yin, R.K., “Case Study Research: Design and Methods”, (2nd ed.), Sage, Newbury Park, CA, 1994.
Dr. William C Figg
Dakota State University - United States of America
william.figg@dsu.edu
Dr. Hwee Joo Kam
- United States of America