Security Practices and Regulatory Compliance An Article Review

  • Uncategorized


In their study, Security Practices and Regulatory Compliance inthe Healthcare Industry, Kwon and Johnson (2013) investigated therelationship between the characteristics of various healthcareamenities in the enactment of health information security andcompliance with stipulated regulations. Thus, the study highlightedthe impact of regulatory and legal aspects of nursing care,practices, and outcomes.

The authors used previously collected data from the Kroll/HealthcareInformation and Management Systems Society (HIMSS) to conduct theresearch and utilized Ward’s bunch analysis to evaluate securitypractices in organizations. The data was collected through theadministration of interviews of 250 security and privacy managers ofrandom health organizations in the United States. The authorsobserved that hospital’ security system adoption patterns could becategorized into three clusters namely leaders, followers,and laggers (Kwon &amp Johnson, 2013). The leaders andfollowers comprised of general, academic or critical accesshospitals. The laggers consisted of smaller general andcritical access hospitals. The study concluded that primarily, thegeneral medical organizations have the highest security-practiceadoption as compared to critical access and academic institutes.

All the three categories implemented the entire 4 security practicesnamely: safeguarding information, auditing, human resourcesmanagement, and third-party security management. However, therespective categories practiced different measures of securitymanagement and compliance. The finding implies that effectivesecurity practices and regulatory practices involve regularmonitoring and following up of the shared patient data to ensure theprotection of privacy, a notion supported by in other studies(Cucoranu et al., 2013). For instance, the results revealed that theleaders took more steps to conduct security audits and trainthird-party affiliates on information and security breach practicesafter signing the confidentiality agreements whereas the followersand laggers moved only one step ahead.

As much as many hospitals focus on achieving compliance with HIPPA,the means employed do not basically yield greater levels of healthinformation security. Kwon and Johnson (2013) conclude that hospitalsshould effectively manage audit training and breaches since auditingplays an imperative function in enhancing compliance. Therefore, thestudy plays a significant role in benchmarking healthcare informationsystems and adoptions.


Cucoranu, I. C., Parwani, A. V., West, A. J., Romero-Lauro, G.,Nauman, K., Carter, A. B., … &amp Pantanowitz, L. (2013). Privacyand security of patient data in the pathology laboratory.&nbspJournalof pathology informatics,&nbsp4(1), 4.

Kwon, J. &amp Johnson, M. (2013). Security practices and regulatorycompliance in the healthcare industry. Journal of the AmericanMedical Informatics Association, 20(1), 44-51.

Close Menu