A Comparative Analysis of Auditing Within the Healthcare Database

Healthcare database system utilization and processing demands are projected to increase significantly within the next decade due to governmental incentives, regulatory requirements, economic motivators and industry regulations. To that end, system engineers, architects, developers and solution providers will be pressured to meet these varied challenges while achieving or improving current system performance benchmarks. Healthcare database performance related to auditing has received little scholarly attention to date. A comparative analysis of two database auditing architectures is studied to identify efficiencies in auditing architectures within the healthcare domain. This study will explore and analyze native auditing supported by Microsoft\u27s SQL Server 2008 Enterprise Edition and compare them to an EHR/EMR\u27s implementation supporting the same auditing specifications. The result of this study will help to identify efficiencies in auditing architectures thereby assisting developers, architects and engineers in their efforts to implement efficient auditing, thereby improving overall system performance

Privacy and Security in the Clinical Audiology Setting: Ohio Audiologists' Knowledge of the Health Insurance Portability and Accountability Act

The purpose of this study was to investigate the knowledge possessed by professionally licensed audiologists regarding the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implications for clinical audiological practices. The study also aimed to examine the training and enforcement of HIPAA regulations in audiology clinics and facilities. A 30-question survey was distributed to professionally licensed audiologists in Ohio via an online survey instrument. The survey focused on audiologists’ knowledge of HIPAA regulations as well as corresponding sources of education and training. Subsequently, six pre-generated discussion questions were electronically distributed to Ohio audiologists. The discussion questions focused on the HIPAA training and education provided to audiologists in their employment settings. The results of the study indicated that audiologists possess limited knowledge regarding HIPAA regulations and that the majority of audiologists currently receive annual training and education through electronic sources. The results of the current study demonstrate the need for enhanced HIPAA training strategies in educating audiologists regarding the importance of federal privacy and security regulations as well as compliance with them

An Investigation of Factors that Affect HIPAA Security Compliance in Academic Medical Centers

HIPAA security compliance in academic medical centers is a central concern of researchers, academicians, and practitioners. Increased numbers of data security breaches and information technology implementations have caused concern over the confidentiality, integrity, and availability of electronic personal health information. The federal government has implemented stringent HIPAA security compliance reviews and significantly extended the scope and enforcement of the HIPAA Security Rule. However, academic medical centers have shown limited compliance with the HIPAA Security Rule. Therefore, the goal of this study was to investigate the factors that may affect HIPAA security compliance in academic medical centers. Based on a review of the literature of technology acceptance and security effectiveness, this study proposed a theoretical model that uses management support, security awareness, security culture, and computer self-efficacy to predict security behavior and security effectiveness and thus HIPAA security compliance in academic medical centers. To empirically assess the effect of the above-noted variables on HIPAA security compliance in academic medical centers, a Web-based survey was developed. The survey instrument was designed as a multi-line measure that used Likert-type scales. Previous validated scales were adapted and used in the survey. The sample for this investigation was health care information technology professionals who are members of the Group on Information Resources within the Association of American Medical Colleges. Two statistical methods were used to derive and validate predictive models: multiple linear regression and correlation analysis. The results of the investigation demonstrated that security awareness, management support, and security culture were significant predictors of both security effectiveness and security behavior. Security awareness was the most significant predictor of security effectiveness and security behavior. Due to the presence of collinearity, Pearson correlation analysis was used to develop a composite factor, consisting of management support and security culture, for the final multiple linear regression model. By enhancing the understanding of HIPAA security compliance in academic medical centers, the outcomes of this study will contribute to the body of knowledge of security compliance. The empirical results of this research also will provide guidance for individuals and organizations involved with HIPAA security compliance initiatives in health care

An Analysis of the Impact of Information Security Policies on Computer Security Breach Incidents in Law Firms

Law firms maintain and store voluminous amounts of highly confidential and proprietary data, such as attorney-client privileged information, intellectual properties, financials, trade secrets, personal, and other sensitive information. There is an ethical obligation to protect law firm client data from unauthorized access. Security breaches jeopardize the reputation of the law firm and could have a substantial financial impact if these confidential data are compromised. Information security policies describe the security goals of a law firm and the acceptable actions and uses of law firm information resources. In this dissertation investigation, the author examined the problem of whether information security policies assist with preventing unauthorized parties from accessing law firm confidential and sensitive information. In 2005, Doherty and Fulford performed an exploratory analysis of security policies and security breach incidents that highlighted the need for research with different target populations. This investigation advanced Doherty and Fulford\u27s research by targeting information security policies and security breach incidents in law firms. The purpose of this dissertation investigation was to determine whether there is a correlation between the timing of security policy development (proactive versus reactive policy development) and the frequency and severity of security breach incidents in law firms of varying sizes. Outcomes of this investigation correlated with Doherty and Fulford\u27s general findings of no evidence of statistically significant relationships between the existence of a written information security policy and the frequency and severity of security breach incidents within law firms. There was also a weak relationship between infrequency of information security policy updates and increase of theft resources. Results demonstrated that, generally, written information security policies in law firms were not created in response to a security breach incident. These findings suggest that information security policies generally are proactively developed by law firms. Important contributions to the body of knowledge from this analysis included the effectiveness of information security policies in reducing the number of computer security breach incidents of law firms, an under represented population, in the information assurance field. Also, the analysis showed the necessity for law firms to become more immersed in state security breach notification law requirements