Paper Sample on Healthcare Database Management System

Introduction

The request-for-proposal is for the implementation of a healthcare database management system in a hospital. It gives an overview of the system and the context of work for the vendor to operate. It then provides the security components, models, and policies that a vendor should use. The following is the request for a proposal for the healthcare database management system and security implementation.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Database Management System

The hospital needs a database management system to perform different functions. They include patient management, appointment scheduling, facility management, inventory management, staff management, accounting, insurance services integration, medicine management, laboratory management, reporting, and support (Trivedi et al., 2016). Patient management is essential to control their hospital flow, including reports, medical history, check, and treatment records. The appointment involves managing doctors' schedules as patients apply for spots. Therefore, medical practitioners can manage their time effectively to fit all the patients, including remote meetings and emergencies (Trivedi et al., 2016).

Facility management controls the patients' wards in and other rooms at the hospital. Therefore, it tracks and records the rooms' status, making it easy to monitor and allocate places in the hospital and relevant documentation. Inventory management involves all the patients and staff goods (Trivedi et al., 2016). Therefore, the workers can concentrate on other jobs as they get their supplies on time. Staff management entails the hospital's human resources, such as recruiting records, hospital structure, and employees' data.

Accounting involves all the hospital's financial services, covering the inventory and human resources of the organization. It, therefore, shows all the expenses of the organization and shows the profits or losses. Insurance integration shows the policies and numbers of companies responsible for the same while medicine management represents the drugs in-store and the allocations to each patient in the facility. Laboratory management represents all the information about patients' results and procedures in the department. The other departments in the hospital can use the data, for example, for diagnosis. Reporting provides a summary of all relevant patients' and staff information in the hospital (Trivedi et al., 2016). Therefore, the administration needs to monitor the operations in the hospital and their effectiveness. The support desk handles complaints and requests from either patients or staff.

Improving the Facility's Operation

The hospital management system is responsible for improving the facility's operations and not only for presentation and data storage. It should give the optimum number of employees against the number of patients at the hospital by analyzing the occupancy rate. It should also allow remote access and management of patients and employees at the hospital with authorization (The Web Application Security Consortium, 2010). Therefore, the flow of work is as follows.

The process starts with patient registration, and the employee at the helpdesk books them an appointment. They then check their form of payment either, cash, credit card, or insurance. If it is insurance, the employee syncs the information with insurance services (Souppaya & Scarfone, 2013). When the patient's appointment arrives, they can visit their doctor who can access their medical records. The doctor can book them for a test in the laboratory and retrieve the results from their desk. The doctor can then diagnose the patient and stores their information in the database. They can direct them to the pharmacy after billing to get their medicines and pay for the service.

Database Security Concepts and Concerns

It is essential to protect the hospital's database because of the amount and sensitivity of the information it handles. Therefore, database security works to protect it from compromise, resulting in non-compliance to standards and regulations, destruction of brand image, and customer confidence loss because of low reputation and financial and resource loss (OWASP, 2015). Therefore, database security should protect the system from injection attacks, insufficient authentication, data exposure, vulnerabilities, abuse of privilege, and deployment failure.

Database Security Assurance

There are several database security assurance and functionality requirements to consider in the process. They include security controls for monitoring and hardening, configuration, authentication, encryption, backup, auditing, and access (OWASP, 2015). System monitoring involves checking for threats, the access state, and the system's consistency in performing its operations.

Configuration refers to hardening the system to control access and make use of the security features. Authentication is the confirmation of users as they log in to the system by comparing their credentials to the database. Upon confirmation, the users can utilize the database, network, and different data in the system (OWASP, 2015). The system should segment the data to different access levels. Auditing is essential to monitor access to the system and report the occurring issues. Backups create copies of the hospital data to provide a second plan of access in natural disasters, corruption, software and hardware failure, and cyber-attacks (OWASP, 2015). Encryption secures the data using keys accessible only to users of the system. Therefore, it protects the system from exploits like SQL injection and other hacking methods to illegally access data (OWASP, 2015).

Logging and Error Handling

Logging and error handling is essential to the database system for monitoring and recovery. It is useful in recovery when errors may lead to software and hardware failure relevant to the database (Souppaya & Scarfone, 2013). Therefore, it involves communication, resolution, detecting, and anticipating mistakes in the database system. With efficient error handling, the programs that utilize the database can execute effectively to maintain data flow. Logging presents the information from the error handling procedures (Souppaya & Scarfone, 2013). Error handling aids in the resumption of normal processes after a problem in the database system. It can utilize either specialized software or efficient lines of code (Souppaya & Scarfone, 2013).

Vendor Security Standards

The vendor should retain a document on their security procedures and policies and distribute it within the organization and follow all laws and standards (Ayers et al., 2014). The vendors should have an efficient form of administration to manage the database and the related security concerns. The vendor should manage operations in backup, storage, patches, antimalware, information exchange, change management, remote access, access control, passwords, and compliance (Ayers et al., 2014).

In storage and backup, the vendor should not retain any private information belonging to the hospital or patients. All other information should be in a protected environment and specifically away from the hospital site (Kirk, 2014). If they are collaborating with other third-party service providers, they should also provide an overview of their security policies and procedures. The vendor should test and apply operating system patches consistently throughout the hospital (Kirk, 2014). A vendor should utilize antimalware software to mitigate Trojans, spyware, viruses, and other malicious software. The vendor can only transmit information using encryption methods on any channel.

The vendor should also provide remote access using encryption of a virtual private network utilizing the latest technologies. They should give an access control method to manage the users and the data in the system (Mead, 2015). The vendor's personnel should use unique identifiers to access the system and should not share the credentials. The vendor should manage the unique identifiers to ensure employees' credentials no longer using the system and inform the hospital. In access control, the vendor should provide that individuals do not share user credentials. The vendor should enforce a robust password mechanism and deliver them separately and using encryption (Mead, 2015). The vendor should only use the hospital data for specified purposes and cannot use it to test or develop other systems unless agreed upon between the two parties.

The vendor should maintain security and access controls and give the hospital access (Ready Business Campaign, 2020). The vendor personnel accessing any hospital data should go through authorization. The data storage locations should be private and secure and away from the public and the hospital premises. The vendor should not record any of the hospital's data for use in any manner, and their employees should only access the database system upon authorization (Ready Business Campaign, 2020). The vendor should follow all the terms and agreements of the deal they sign with the hospital.

Defense Models

Enclave computing works to protect an organization's security architecture in the future. It bases on the concept of defense where an organization organizes its infrastructure, data, and network at different levels (Department of Defense, 2015). Therefore, the organization can protect its differentiated system better than using a general perimeter at all levels (Department of Defense, 2015). It is thus more like segregating the network to accommodate more boundaries at all defense levels.

Enclave computing boundary defense refers to the intrusion detection system and firewalls at the security level (McGaw, 2013). The boundaries are at various levels of the hospital's systems and other identified points; therefore, they include the internal and external ones. Firewalls are essential in an enclave boundary because it protects a database and the devices accessing the same system. Therefore, the firewalls control access to the database and the network that the system operates to ensure 'defense-in-depth' security (McGaw, 2013). Usually, the firewalls in the enclave boundary are utilized in a local area network and other smaller networks that access the same.

The types of firewalls that the enclave boundary utilizes are hybrid, application filtering, and packet filtering (Mikkelsen & Jacobsen, 2016). Packet filtering recognizes the service and address of the packets traveling through the enclave boundary. It is a fast method but unreliable mainly because it uses little information for verification. Application filtering is more secure, but it is slow and complicated (Mikkelsen & Jacobsen, 2016). It is because it manages many packet functions, for example, forwarding and interception. Therefore, users of the system virtually disconnect from the external network. There is more flexibility with application filtering, primarily because it works in the application layer (Mikkelsen & Jacobsen, 2016). Hybrid filtering is the best of the three as it combines the concepts of application and packet filtering.

Conclusion

The hospital management system should work to optimize the primary functions at the facility. The system should automate all the processes and provide an exemplary user interface for simple interaction and enable communication between the various departments and the people using it, including patients, medical practitioners, and the administration (Mikkelsen & Jacobsen, 2016). The system should store all the digital patient data, including prescriptions, laboratory test results, and allergies, and arrange it efficiently for reference (Mikkelsen & Jacobsen, 2016).