PCIS & Computer Security

Marc Berg explains that success cannot be statically defined for the implementation of patient care information systems; instead, he states that success “is a multi-dimensional concept, which can be defined rather differently by the different involved parties, and which evolves over time” (Berg, n.d., p. 5). Success is a dynamic aspect of the implementation and will only be reached at specific points and will only be proclaimed by specific groups of people. The author (Berg, n.d.) sheds light on three myths to provide designers with a few ideas to help build and implement a successful PCIS. Using the first myth, Berg (Berg, n.d., p. 16) describes implementation as a “process of mutual transformation” (p. 16). The organization is affected by the IS that is implemented, and the IS is also affected by the “organizational dynamics of which it becomes a part” (Berg, n.d., p. 16). While disproving myth two, the author (Berg, n.d.) states that when a project is designed with both management and end users’ input, the implementation is more likely to be successful (p. 8). Finally, Berg explained why myth three should not be followed in the design process. Sometimes, designers try to redesign business processes from scratch, but in the health care environment, this is not possible (Berg, n.d., p. 11). Due to an unpredictable environment and meshing standards, redesigning processes would be a daunting task, not to mention nearly impossible.

Not only is success one of the goals of implementing a PCIS, but so is security. Patient records and personal information is extremely confidential and must be protected as well as possible. “It is much easier to locate and copy data stored on computers” (Post & Anderson, 2006, p. 174) than it is to find hardcopies of specific files and copy them. For this reason, patient care information systems must be physically secured and access to the system must be restricted.

Since security is a topic not to be taken lightly when referring to data stored on a PCIS, who determines access restrictions to the systems. Server administrators require administrative rights to the systems, but how would they be cleared to access such a confidential system? What would be the determining factor to give them access?

Berg, M. (n.d.). Implementing information systems in health care organizations: Myths and Challenges. Rotterdam, Netherlands: Institute of Health Policy and Management.

Post, G. V., & Anderson, D. L. (2006). Management Information Systems: Solving business problems with Information Technology. New York: McGraw-Hill/Irwin.