Department of Health and Human Services

Introduction

The best practices applied in the department of health and human services are vital for data security of patients. The most notable method used is to authorize accessibility to information of a patient with regard to the role one does in the hospital or agency. This is in line with the HIPAA standards of allowing a certain size of data vital to offer human services (IAB, 2009). A good number of exchange players that found in hospitals set policies for its staff.

Role-based access to data in the hospitals allows the organization’s internal security policies to manage how data is used. A good example is that the registrars are able to see all the data while to the patients it is restricted.   Similarly, physicians are only able to see data of patients that they handle with regard to the RHIO policy.

Protocols for client’s options are available to manage cases when wrong people access data. Considering that the department of health and human services through the RHIOs aims to maintain privacy of data breaches may be a common thing.

The department for health and human services applies strict procedures for handling and managing sensitive data. As an important business agency, they are mandated to inform the players if infringement of data transmission and storage occurs (Lowrance, 2012). This makes it possible for them to take the necessary steps to safeguard these sensitive patient data. Methods used involve calling for immediate notification about of the affected areas and undertaking quick removal of a user’s access details. A number of RHIOs are coming up or relooking their security policies for a much more improved system.

The department of health and human services applies several best practices as discussed; this has several implications on the security practices to meet data privacy. Security is a major challenge to planning and implementation to ensure effective data privacy.

User identification is vital process that ensures the identity of the user is acquired. This will enable the users to see the information. The health and human services department makes use of a number of authentication processes that ensures data privacy s met. The hospital authenticates its users and informs the department when the health professionals have their details ready to be accessed. The providers opt to have the professional staff vouch for users using a formal process (CIHR, 2005). They health experts apply by themselves where they issue relevant details and issue an authorization request comprising of contact details regarding their supervisor. Hence the user account is set up.

Authorized individuals are able to access their system using unique usernames and password. The department standardizes the process of entering data to avoid multiple user IDs.

The department of health makes sure data security is met through activation and tracking of unauthorized access or use of data. It is able to manage a complete audit and track several variables like user’s login details, data accessed and when it was accessed (IAB, 2009). As a measure of security practice the department uses a special audit log. This makes it possible when the system intruders are nabbed they do not share their audit details with other people.

Another practice used is the ‘break the glass’ which makes data access possible when authorization does not work properly or in case of emergency. The department certain peoples the ability to override the security process in case of an emergency.

Conclusion

The department of health and human services makes use of practices that lead to security of the agency. The paper has been able to discuss the varied ways that this takes place and the impact it has security process. The organization is hence able to maintain a secure system through this process to the satisfaction of the agency and the users.

References

CIHR (2005). Best Practices for Protecting Privacy in Health Research. Retrieved from:     http://www.cihr-irsc.gc.ca/e/documents/et_pbp_nov05_sept2005_e.pdf

IAB (2009). Online Lead Generation: Data Security Best Practices. Retrieved from:    http://www.iab.net/media/file/Data-Security-BP-Final-9-09.pdf

Lowrance, W (2012). Privacy, Confidentiality, and Health Research. New York: Cambridge University Press.