Abstract:

The purpose of this paper is to give an insight to the complexity of the healthcare
industry. The industry is becoming increasingly transparent with the use of mobile
technology, and it is playing a greater role on communication between the hospitals and
the patients, yet there are risks involved with this. A light will be shed on the risks
included and some of the controls that can be implemented to mitigate the risk.

Healthcare in Accounting
Healthcare is a rapidly expanding industry with a demand for privacy, controls,
and ethics. With the help of accounting and information systems, one can find the
optimal balance between the three. This paper will discuss the controls that are in place in
the industry, the use of mobile technology in accessibility of patients health records, and
the increasing utilization of Electronic Health Records (EHRs) and the possible dangers
of using them.

Controls are vital in broadening the accessibility of EHRs to mobile health

technologies. The Office of the National Coordinator for Health Information Technology
(ONC) provides ways of maintaining the security of the EHRs while still allowing
patients to view such data (Crandall). The ONC lists a basic, yet vital control that
enforces a username and password authentication for all patient logins. Additionally, they
recommend encrypting all health information that stored or sent. The ONC says having a
sufficient security system where the EHRs are released is vital as well. On an unsecure
network, hackers have free range on the types of malware they could use on the

companys database. If that were to happen, a Trojan horse could pull all of the
confidential EHRs out of the system compromising the companys security protocols. In
general, any breach of a persons confidential health records could be detrimental to a
company so it is best to employ the most secure controls.

There is an ethics side to part of healthcare as well, and it is trending with

regards to the privacy adolescents have in not sharing information with their parents.
Adolescents are becoming more demanding of the privacy of their health information
being shared with their parents, and that is their right to have. HIPAA does guarantee
this right, but not entirely. According to Taylor, Williams, and Blythe, This protection
extends to adolescents who can legally consent to aspects of their own healthcare, do
not require parental consent, or whose parents have agreed to confidential care for
their adolescent, but it is still limited by applicable state and federal laws. The
authors do follow up to say that provider discretion is allowed in the process when
laws are unclear or allow for the communication between the family and medical staff.
EHRs, in regards to adolescents, are claimed to benefit the persons health overall and
[improve] healthcare delivery for patients on a timely basis (Taylor, Williams,
Blythe). Its benefits range from the lowering of costs to increased accessibility for the
patients. Doctors can view the EHRs with ease and make timely decisions regarding
the patient as they are in an office visit. Additionally, it allows for only one master file
of the patients health record, which eliminates room for error and duplication. While
all of this is great news, Taylor, Williams, and Blythe point out that there still is a
possibility for breaches on all levels of this process. Examples of such a breach

include, a reminder phone call to the patients home where the parents may become
aware of the appointment or the Explanation of Benefits (EOB) that are included in
the parents policy holder statement. This is a security protocol under the Affordable
Care Act that is routinely violated (Tebb, Sedlander, Bausch, Brindis). It places their
confidentiality at risk and often times, the adolescents are unaware of the breach.
When the adolescent has knowledge that their medical history might not be
completely private, it can act as a deterrent from going to doctor for their appointment.

With the growing presence of mobile technology, companies are beginning to

utilize personal devices, such as laptops and cellphones, as part of patient care system
(Crandall). The Health Insurance Portability and Accountability Act (HIPAA) is
requiring companies to disclose under their policies and procedures whether they
utilize mobile health technologies as a tool in their health care process (Crandall).
Furthermore, HIPAA requires mandatory testing of the security controls to search for
possible breaches of data that would compromise any data related to confidential
health information. While the security testing will help, it is known that hackers have
accessed secure databases online where some of the confidential EHRs are stored
(Boyle and Mooney). Regardless of any security system in place, there is no
protection against an insider who is trying to breach the system.

Finding a balance between security and accessibility of the healthcare

information is difficult to find. In life or death situations, the accessibility of patient
EHRs is crucial. Staffs at hospitals need to be able to access the data necessary in

order to operate on the patient in need. Often referred to as break-the-glass

techniques, an exception to the EHR policy is made in emergent situations (Kotz, Fu,
Gunter, Rubin). There is pushback from the general public regarding the amount of
information being obtained in a break-the-glass technique. It is suggested that there
should be steps in the technique so ones complete information is not unnecessarily
released, only the specific data needed. Mobile health technology is also being
encouraged for uses extending beyond the site of the medical centers (Kotz, Fu,
Gunter, Rubin). The technology would collect data based on daily activities; however,
patients may not want all of the personal activities stored and shared. The authors of
the journal explain that more controls and privacy settings should be put into place
that would extract the collection, analysis, and presentation of the data from each
other, which would help keep the patients data secure.

There are an abundant amount of control factors that can be implemented;

EHRs are becoming more common throughout the industry; and the security of mobile
technology in the realm of healthcare is improving, too. Overall, the healthcare
industry is taking steps to improve the privacy, controls, and ethics, which in turn, will
improve the healthcare industry as a whole.

Works Cited
Boyle, Annette M, and Mooney, Brenda L. '3 Emerging Threats To Healthcare Privacy
And Security'. FierceHealthIT. N.p., 2015. Web. 4 Nov. 2015.
Crandall D. Using mobile technology in patient care? PT in Motion. 2014;6(11):6-9.
Kotz, David, Fu, Kevin, Gunter, Carl, and Rubin, Avi. 'Security For Mobile And
Cloud Frontiers In Healthcare'. Communications of the ACM 58.8 (2015): 21-23. Web.
Taylor, Julia F, Williams, Rebekah L, and Blythe, Margaret J. 'Healthcare Reform,
EHRs, And Adolescent Confidentiality'. NASPAG (2015): 60(8): 34-37. (4p)
Tebb, Kathleen P, Sedlander, Erica, Bausch, Sara, Brindis, Claire D. 'Opportunities
And Challenges For Adolescent Health Under The Affordable Care Act'. Maternal
and Child Health Journal 19.10 (2015): 2089-2093. Web.