Course Description

This course focuses on privacy, security, and compliance issues associated with health care informatics as well as the moral and ethical concepts of information security. The course covers creation and storage of healthcare data, enterprise risk management, regulatory compliance measures pertaining to healthcare data, and confidentiality and privacy of patient data. Students are introduced to cybersecurity and threat actors and what organizations need to do in event of a data breach and the unauthorized disclosure of PHI. Importance is placed on understanding and demonstrating the relationship between technology, regulatory affairs, and organizational factors and their impact on healthcare data security and ethics.

• Explain the risks and benefits of having personal and enterprise medical devices interconnected on the internet,
• Analyze the types and sources of medical and non-medical data that medical devices and healthcare information systems may generate,
• Review organizational security plans and protocols and identify areas for improvement,
• Differentiate between the various types of threat actors and vectors commonly used to target healthcare organizations,
• Understand the Common Vulnerability Scoring System (CVSS) and its use and purpose in the cybersecurity field,
• Apply the data governance lifecycle to existing organizational processes for improvement purposes,
• Formulate data breach investigation plans using the incident response framework,
• Apply the principle ethical theories to the storage and security of healthcare data,
• Propose ethical arguments to organizational decisions before they are made,
• Take part in ethical discussions pertaining to the creation, collection, use, and storage of healthcare data, and
• Ethically evaluate the secondary use of research data for additional purposes unrelated to its original collection.