Question

CASE 2.2 Business Case: Data Chaos Creates Risk Data chaos often runs rampant in service organizations, such as health care and the government. For example, in many hospitals, each line of business, division, and department has implemented its own IT applications, often without a thorough analysis of its relationship with other departmental or divisional systems. This arrangement leads to the hospital having IT groups that specifi cally manage a particular type of application suite or data silo for a particular department or division. Data Management When apps are not well managed, they can generate terabytes of irrelevant data, causing hospitals to drown in such data. This data chaos could lead to medical errors. In the effort to manage excessive and massive amounts of data, there is increased risk of relevant information being lost (missing) or inaccurate— that is, faulty or dirty data. Another risk is data breaches. • Faulty data: By 2016 an estimated 80 percent of healthcare organizations will adopt electronic health records, or EHRs (IDC MarketScape, 2012). It is well known that an unintended consequence of EHR is faulty data. According to research done at Columbia University, data in EHR systems may not be as accurate and complete as expected (Hripscak & Albers, 2012). Incorrect lab values, imaging results, or physician documentation lead to medical errors, harm patients, and damage the organization’s accreditation and reputation. • Data breaches: More than 25 million people have been affected by health-care system data breaches since the Offi ce for Civil Rights, a division of the U.S. Department of Health and Human Services, began reporting breaches in 2009. Most breaches involved lost or stolen data on laptops, removable drives, or other portable media. Breaches are extremely expensive and destroy trust. Accountability in health care demands compliance with strong data governance efforts. Data governance programs verify that data input into EHR, clinical, fi nancial, and operational systems are accurate and complete—and that only authorized edits can be made and logged.

Answer 1

As per the problem stated, there is a need of following practices to avoid the problems.
1.TQM(Total quality management) should be implemented.
2.Zero tolerance policy should be implemented according to the requirement.
3.High Security should be implemented
4.Internal and External Audit should be performed
5.Proper database management

6.Proper HR(Human resource Policies)
7.Educate employees about the code of ethics and code of conduct
8.training of employees

9. Policy to edit the records.

1. TQM means no errors at every level, even typing mistakes should not be ignored.
2. In some cases zero tolerance policy should be implemented, for example all the reports of blood test
and other medical test must be accurate.
3.both type of security should be implemented, logical and physical security.
a)there should be proper arrangements for network security(use proxy server/firewall), device security, and employee security.
b)educate employees about social engineering ,security tips and ethics.
for example: use strong passwords,change their passwords frequently, don't reveal their passwords to others(friend/Colleagues)
c)MAC(Mandatory access control) should be implemented.according to MAC,access rights are provided according to the level of authority, for example an accountant should not be able to access the patient's medical history/reports .
d)Don't allow employees/patients to use their personal internet connection(for example mobile phone hot spot) with in the hospital.

4.Internal and External Audit should be performed:
time to time internal audit should be performed and this audit should be crossed checked by the external auditors

5.Proper database management system: to avoid the data redundancy, data base should be normalized.
a)access rights should be granted to the users of the database according to the security policies.
b)all the activities should be monitored by the database administrator(s).
c)Proper backup and recovery plan to recover the data in case of any mishappening.
6.Proper HR(Human resource Policies):- there should be proper HR policies to deal with employees.

7.Educate employees about the code of ethics and code of conduct:
every professional should follow the code of conduct, code of ethics

8.training of employees: lots of developments are taking place day by day in the field of technology.
all the employees should be aware of new security threats and how to protect the data/information and valuable assets.training gives the practical exposure.

9. Editing of records should not be allowed.

if editing is required, then this editing should be monitored and noticed by the concerned authorities.