Nursing Essay Paper on Data Security Measures in Healthcare

Data Security Measures in Healthcare


Today, the healthcare industry has implemented various technology information systems as an effort to improve productivity and efficiency in healthcare services. The information systems enable healthcare facilities to store their records in electronic form to enhance their access as well as sharing. The adoption of information system in healthcare has created a key threat to information security. The electronic data stored in health care systems are prone to unauthorized access, destruction or corruption.  Thus, there is need to implement data security measures in healthcare to protect the data stored in their systems. Data security measures refer to techniques used to protect data from damage, loss or illegal access. Common data security measures used in healthcare includes implementing data security policy, data encryption, backup systems, data masking, use of firewalls, controlled access, and physical security (Barrows, & Clayton, 2006). The paper analysis two articles that relate to data security measures the health care industry has implemented. The analysis will indicate the measures implemented, how were being used and how well they worked.

In the article Privacy, confidentiality, and electronic medical records, Barrows and Clayton discuss various data security measures that are implemented in the healthcare to ensure privacy of electronic healthcare records. According to Barrows and Clayton (2006), one of the key measures to protect the data is to have a data security policy in healthcare organizations. The security policy helps to identify the data to be protected, how it will be protected and who is privileged to access the data. Barrows and Clayton indicate that implementing a data security policy has worked in several health care organizations, and they give an example of data security policy implemented at Columbia Presbyterian Medical Center (Barrows, & Clayton, 2006).

Another major data security measure cited in the article is the use of user authentication measures to limit and control data access. According to the article access to healthcare records should be limited and only relevant people should have access. Therefore, many healthcare institutions implement an authentication measure to limit access to the data stored in their system. The common authentication tool is the use of passwords on various data. Today, other authentication measures such as biometrics authentication and smart cards. The use of authentication measures has been effective in protecting healthcare data from unauthorized access.

Healthcare also uses encrypt data to prevent illegal access. Data encryption involves coding electronic data in a form that unauthorized person cannot understand. Data encryption is mainly used when sharing the data between different medical professionals. Only people with authorized access to the data can be able to decode it hence limiting unauthorized access. The method has been effective in maintaining confidentiality of patient’s information.

Use of backup systems has also been widely implemented in healthcare as a data security measure. Backup systems are used to recover the data in case of potential attack or loss either accidental or intentional.  Hardware or software failure can lead to loss of vital information hence backup systems should be implemented to help in the recovery of information in case of system failure or loss. The backup system can be manual or electronic. Firewalls are also used to enhance data security. Firewalls protect, and controls data shred within the network. Hence, firewalls limit access to private healthcare information by unauthorized person. On the other hand, antivirus software prevents the harmful virus, malware, and Trojan from entering the information systems. A virus can steal or corrupt information stored in the system exposing the organization to major data security breach (Barrows, & Clayton, 2006).

In the article Security requirements and solutions in electronic health records: lessons learned from a comparative study, Farzandipour, Sadoughi, Ahmadi, and Karimi conducted a study to investigate various data security measures implemented in healthcare and their effectiveness in protecting electronic health record. They noted that one of security measure of healthcare data was physical protection of data. Farzandipour, Sadoughi, Ahmadi, and Karimi, (2010) indicates that in most health care organizations there is the physical security of information system to protect them from theft as well as unauthorized access. They also noted that most healthcare facilities have data security policies. Data security policy define the rights of health workers to the stored data. It also defines how data security should be controlled. The implementation of data security policy has reduced the rate of data security breaches in these organizations. 

Other data security measures identified in the study include controlled data access through authentication measures, data encryption when sharing data with multiple users, use of firewall and antivirus to protect the stored data from malicious damage and use of backup systems to avoid loss of data. The data security measure has enabled to ensure privacy and confidentiality of health data in healthcare systems (Farzandipour, Sadoughi, Ahmadi, & Karimi, 2010).


In the age of digital data, maintaining data security has been a major issue especially in the healthcare industry. There have been various data security measures that have been implemented in healthcare to protect electronic health data from loss, unauthorized access or corruption. Some of these measures include data security policy, data encryption, controlled access, use of firewall and antivirus, backup system, and physical safety measure. The methods have ensured that the stored data remained confidential hence shielding patients information. Nevertheless, the ever-changing technology requires healthcare industries to enhance data security measures to avoid data security breaches in future (Farzandipour, Sadoughi, Ahmadi, & Karimi, 2010).


Barrows Jr, R. C., & Clayton, P. D. (2006). Privacy, confidentiality, and electronic medical records. Journal of the American Medical Informatics Association, 3(2), 139.

Farzandipour, M., Sadoughi, F., Ahmadi, M., & Karimi, I. (2010). Security requirements and solutions in electronic health records: lessons learned from a comparative study. Journal of medical systems, 34(4), 629-642.