Incorporating Business Models into Health Information Security Implementation: The Venn Diagram Method

Incorporating Business Models into Health Information Security Implementation: The Venn Diagram Method

Introduction

Business models often don't work well in health care-related settings. However, I propose that there are some basic business models and concepts that could be effective in a health care setting. Take the issue of health information security (HIS), for example. Many of the issues or problems that arise in HIS also occur as cyber-security problems in the business world. Thus, some basic business models could be effective tools in implementing HIS policy since there should be some “overlap.” This overlap between effective business models and HIS can be viewed as a Venn diagram, which shows an overlapping similarity between two seemingly disparate sets of information.

In this Venn diagram, I look for the overlap between effective business models and HIS issues in order to find which of these models might have a direct translation and use in HIS implementation. Some examples of this intersection are discussed in the paper.

Furthermore, I propose that using the Venn diagram to address HIS issues with also aid in developing effective health policies, which will aid health practitioners in providing a better way to ensure the security of patients' electronic health information. Ensuring this information's security is a policy component of the federal HITECH Act (press release at http://www.hhs.gov/news/press/2009pres/10/20091030a.html).

Literature Review

Health information security management is the design, analysis, implementation, and support activities related to information systems focused on health and health data (Austin & Boxerman, 1998). Managing information through information technology is a core business process across all industries and the health care industry is particularly positioned to benefit significantly from its potential. Health information security has a tremendous capacity to improve health and enhance the value of limited health care dollars of health care direct care delivery and delivery support.

Many unique issues and opportunities are influencing the management and development of Health information security, and the health administrator is often the dominant leader. The administrators are relied on to accurately collect and then transform data into information and knowledge necessary to achieve strategic business goals and objectives. The core business processes used in this management effort are planning, systems design, analysis, selection processes, implementation, and support. Surrounding these core processes are dynamic, systemwide issues and opportunities where Health information security is a dominant player: the continuous pursuit of quality in a perpetually changing health delivery system; security, privacy, and data quality; and the newest medium for health innovations, the Internet. (Austin & Boxerman, 1998)

Core Functions

Systems planning is the strategic linking of information systems applications with enterprisewide strategic business goals and objectives. The information systems manager is responsible for ensuring that information systems projects are planned and executed in a manner that furthers the strategic priorities of the organization. In most organizations, the chief information officer reports directly to the chief executive officer and they jointly plan the information systems architecture to match systems with operational requirements.

Systems analysis is the evaluation of current and ...