If you are reading this introduction, you are probably one of two types of people. The first type is someone who has worked in healthcare for a few years and whose responsibilities are becoming more dependent on information technology—and therefore information security. Perhaps you work in healthcare records management, and your organization recently implemented an electronic healthcare record. You have been chosen to provide your records management expertise to the new digital system. Congratulations! You are clearly valued in your organization. And this book will serve you because it will address, in a practical manner, your concerns about moving from paper-based records to digital, networked systems.
The second type of person is someone who has worked in information technology in healthcare or an industry other than healthcare. Perhaps you are a network operator who previously worked for the local bank or supermarket. Now you have the opportunity to be the firewall administrator for the community hospital. Congratulations to you as well! You are now an important person in the delivery of healthcare. You may not consider yourself a healthcare provider, but you are, and you most certainly support directly those personnel who provide patient care. Within this book, you will learn the implications on patient care and healthcare business of providing information security and privacy in a healthcare organization. When it comes to healthcare provision, the actions or inactions of information technology practitioners can impact patient safety or clinical quality.
For those of you who do not fit into the two categories I mentioned, do not worry. This material is very much applicable to your pursuit to elevate your competency and your dedication to the profession. Having performed healthcare information security and privacy work for a decade or two, I offer this book as a collection of lessons learned as much as anything else. Here, you will find real scenarios, actual issues, and practical solutions. I name no names to protect the innocent. In sum, I grew up in healthcare information security and still maintain a "healthcare first" attitude. When perfectly acceptable information security practices are applied to healthcare without considering the impact on patient care or provider practices, healthcare often suffers. My goal is to be part of mitigating the risk that information protection can actually introduce when trying to do the right thing. Competent healthcare information security and privacy professionals can, in fact, enable better healthcare, improve outcomes, and advance organizational initiatives.
I hope you will enjoy reading this material as much as I have enjoyed constructing it. I welcome your feedback on any and all of the material. In many ways, what you will read is the result of many discussions and commiseration sessions I have had over the years with like-minded colleagues and friends. Actually, the need for this book can be described by that same feedback loop. Let me know what you think.