Database Security Assessment: Request for Proposal (RFP)

This is a Request for Proposal (RFP) paper that is designed to inform potential vendors to apply in order to provide the healthcare organization with a functioning and effective new medical health care database management system. The Records Database Management System (RDBMS) designed for the healthcare organization is integral to increase the efficiency of service delivery and customer satisfaction. The analysis of this paper outlines the key components to which the vendors should aspire to deliver and provide to the healthcare organization. This comprises of the RDBMS security concerns, resolve, and maintenance of the maximum protection of health information systems and data. The capacity to maintain progressive and effective RDBMS directly impacts to raising the confidence of the patients in the healthcare organization. This is vital to build a positive reputation for the organization. Therefore, the RFP informs vendors of the requirements and standards to meet in order to be selected as the most viable option to help the organization meet its overall objective of improving service delivery and security of the health information systems, RDBMS.

Step 1: Overview for Vendors

The RDBMS is designed to enable the healthcare organization effectively manage the health information provided by patients at different levels. The datasets that the RDBMS should enhance its management can be categorized into six key components in which the vendors must adequately illustrate how to protect, manage, and facilitate its use to meet the day-to-day needs of the organization (Talmadge, 2019). These include; (i) administrative enrollment, (ii) inpatient records, (iii) outpatient records, (iv) billing records, (v) medical and pharmaceutical records, and (vi) insurance information. Each component is integral to effectively serve the hospital in delivering efficient services. The protection and security of these datasets is critical to impact on the confidence of the patients in the hospital. This culminates in creating a conducive environment in which patients can disclose their health information vital to effective diagnosis, treatment and intervention (Dash, Shakyawar, Sharma & Kaushik, 2019).

The capacity to develop an efficient RDBMS is integral to the operations of the healthcare organization as it provides a patient-centered system which facilitates all entities towards offering patients the best services and satisfaction. With the existence of profound health information security such as cybersecurity threats, big data analytics, patient experience and safety, transparency demand, and increased sophistication and demand for health information – it is paramount to develop high-grade and secure RDBMS (Chang & Lin, 2016). Thus, the vendors are required to develop an efficient RDBMS that can handle 1,000 in and outpatient served weekly in a healthcare with 100 employees across different levels.

Step 2: Context for the Work

The development of the RDBMS is expected to meet the minimum standards of a functioning medical health care database management system. This is based on the primary objective of enhancing service delivery and patient’s safety. A thorough assessment of the security features must be comprehensively assessed and illustrated to indicate the functioning and handling of information leakage and errors. The medical health care database management system must meet the minimum requirements include completeness by providing error free data, relevance provided in the accuracy of the data in the system, accessibility that it is available whenever needed, and confidentiality to patients (Hong et al., 2018). These key features should guide the development of the health information and management database that guarantees patients and the healthcare organization a reliable system. The consistency of the data, its timeliness, uniqueness, accuracy, and completeness are the overall features that the health information system is required to meet for smooth and efficient running of the healthcare organization (Ma, Wang, Zhou, Wen & Zhang, 2018).

The system’s reliability is integral to enhance the operations of the medical personnel and emergency responders. The concerns raised in the utilization of the RDBMS such as memory leakage, security breach, errors, information leakage, cross-site scripting flaws, insecure configurations, SQL injections, authentication, and access control must be ascertained (Abouelmehdi, Beni-Hessane & Khaloufi, 2018). This provides the users of the system and the patients the assurance of the safety and security of the system. Hence, vendors ought to provide sufficient measures to counter and guarantee the safety of the medical and health care database system.

Step 3: Vendor Security Standards

The competing vendors should focus on meeting three sets of standard that guide their operational procedures and capacity to meet the database development requirements. These should comprise of internationally accepted standards which include National Institute of Standards and Technology (NIST) standards, International Organization for Standardization (ISO), and the International Electrotechnical Commission which is poised to develop standards and technicalities for maintaining and promoting standards in the information technology, as well as, information and communications technology fields (Yuan & Li, 2019).

The standards outlined by the internationally accepted entities which the vendors should comply with are critical for effective health information database. The development of the database should take into account measures that include strategies for disasters and disaster recovery, counter cyberattacks and threats, and provide mission continuity (Mbonihankuye, Nkunzimana & Ndagijimana, 2019). This entails a fully functioning system that is integral to the service delivery in the healthcare organization. The strategies include data protection and recovery which can be maintained through the establishment of back-up systems including cloud storage of health information and external storage of servers in secure locations. This is fundamental for disaster management and recovery, as well as, provision of mission continuity. The establishment of up-to-data antivirus, system vulnerability diagnostics, and upgrading of the database security measures is critical to prevent or deter cyberattacks and threats on the system (Jacobs & Popma, 2019). These measures are fundamental in which the vendors illustrate the preparedness in handling any eventuality that may impede the functioning and operations of the healthcare organization.

Step 4: Description of Defense Models

In healthcare information systems and databases management, the capacity to maintain the maximum security and protection of the health information is fundamental. The use of approaches such as Defense in Depth (DiD) provides extensive security mechanisms and controls that are critically examined and layered to provide maximum security throughout the system (Cho & Ben-Asher, 2018). The DiD defense model provides three critical layers including physical, technical, and administrative controls. These controls culminate in the realization of confidentiality, integrity, and availability (CIA) of health information and the system’s reliability. The CIA measures attained through DiD defense model are achieving through defense mechanisms that establish perimeter defense measures, protect the host, the system and its application, as well as information/data protection (Galinec, Moznik & Guberina, 2017). Therefore, vendors’ capacity to outline these measures are critical assert the preparedness in ascertaining maximum protection for the health care information system and database security. Hence, the healthcare organization, medical practitioners, and the patients have a system that can adequately and effectively serve them to the efficiently. Thus, the realization of the objective of service delivery and patient’s satisfaction is guaranteed based on DiD controls and CIA measures (Cho & Asher, 2018).

Vendors have a responsibility of understanding the defense principles in order to maximize on all the controls and measures outlined as protective to the health information system and database. The defense controls establish the minimum requirements to which the vendors must comply with in establish system’s safety measures (Kou, Liu, Talley & Pan, 2018). The enclave computing boundary defense stipulated across the three layers facilitate the protection of the system from manipulation. For example, in the administrative controls – measures such as security clearance is critical to the accessibility of the information. This establishes security firewalls that filter the quantity and context of information access by different individuals within the system. This determines who can edit, add, format, or delete and information on the system (Sittig et al., 2020). The physical controls regulate who gains authorization to the system on physical capacity. The use security guards, facial recognition systems, biometric systems, among others are essential for physical recognition as a measure to gain access. These deters attacks such as social engineering that gain malicious access to health information systems and database. The technical controls deter hackers through regular vulnerability diagnosis and strengthening the capacity of the system’s base configuration (Alotaibi & Federico, 2017). Thus, deters cyberattacks and other technical threats to the system.

Step 5: Database Defensive Methods

The competing vendors are required to establish measures that are critical for the database security and protection. The establishment and extensive explanation of the use of MySQL database protection measures is a high requirement for the medical health care database system. The utilization of the MySQL approach provides measures that enable the developers to drop the test database (Mukherji & Egyhazy, 2004). The capacity to illustrate removal of all anonymous accounts in the database is critical to ascertain high system security. MySQL database security outlines of the change of default port mappings which facilitates the removal of dummy accounts and potential security threats through external devises. This requires the prevention of running MySQL database on root level privileges that may miss the potential system’s vulnerabilities.

Further, MySQL history file shows the number and regularity of the activities done on the system presenting potential attacks based on the acquired data. Remote logins should be disabled to ensure that only database configured devices can gain access to the system. This establishes a point where only employees can gain access to the key levels of the database that allows data entry, manipulation, and deletion (Fehis, Nouali & Kechadi, 2016). The altercation of the hosts that have access to the database provide irregular system in which the database diagnosis is conducted and from which node. Therefore, this builds the capacity to protect data in the system to the maximum level. Encryption of data in the database is fundamental in case of data bleach. Thus, the approach to the defense method that applies MySQL database protection creates an environment where every potential and emerging loopholes on the system are sealed.

Step 6: Requirement Statement for System Structure

The RFP requires the competing vendors to develop a web interface that provides a structure in which patients and other healthcare providers can be view, modify, and update the database. The web interface should user friendly and supportive to the users (Demírel, 2017). Different levels and categories of the users should have diverse access limitations based on the nature of information they are allowed to access. For example, the web interface should allow patients to access, view, and only modify personal information on the database. Health information, diagnosis, treatment, progressive, feedback, and recommendations should only be modified by healthcare professionals (Lintern & Motavalli, 2018). This is vital to provide consistency, integrity, and authenticity of the information.

The web interface should enable the users’ levels to determine the context and nature of information at that category. This is provided on the based on integrated access across multiple systems and levels of the database. For example, while patients are open to use any device to check their health information on the database, the healthcare providers can only modify and update health information on company provided devices (Kim et al., 2017). This is to limit potential data/information breach that threatens the safety and security of the information. Also, this serves as a critical measure to prevent data exfiltration by external media to the healthcare information database. Such measures that competing vendors should outline include the approaches towards block unauthorized communication and access to the system, ways to prevent phishing attacks, and systemic revoking of data access for former employees. As well, the education and training of employees is critical to build the capacity of the staff to identify and eliminate database security threats (Sittig et al., 2020). The vendors should illustrate the measures taken to identify and redact sensitive data from being accessed by different levels. Thus, maintaining of maximum protection from malicious and ill-intended entry to the database and web interface are eliminated.

Step 7: Operating System Security Components

The establishment of segmentation requirements by the operating system rings is crucial to ensure that the processes do not affect each other. This can be established through the utilization of hierarchical protection domains that provides security of the database’s operating system. The security components for the segmented rings are stipulated in terms of the sensitivity of the information accessed. This is done in the level of privilege offered at each ring with the innermost being the one with most privileges while the outmost has the least privileges (van Vee, 2018). The innermost level is identified as Ring 0 which comprise of the system administrators and healthcare organization’s top management such as the president and the chief executive officer (CEO). Ring 1 will comprise of security level of the other top level organization’s managers and heads of departments. The level of privileges differs the Ring 0 which has the most. This indicates that, Ring 1 should seek the approval and guidance of Ring 0 category in the management of the database. Ring 2 should be designed to comprise of healthcare practitioners across different departments. At this level, the privileges are designed to allow the professionals to view, modify, and update the health information system. Ring 3 will entail the outmost and least privileged level in the database (Jacobs & Popma, 2019). This comprises of patients with the privilege to view and request for modification for personal information only. However, their modification and update pends the approval of Ring 2 or 1. Thus, enables the protection of information system and the database from different users and levels.

Step 8: Requirements for Multiple Independent Levels of Security

As discussed in step 7 above, the use of hierarchical protection domains provides the requirements of the Multiple Independent Levels (MILs) of security in the handling and utilization of the database. The approach provides level privileges and security clearance based on the sensitivity of information. This determines who can and cannot access certain information under its security code – “critical,” “confidential,” “general/public” use (Chico, 2018). The RFP stipulates that, the competing vendors are required to define the security clearance and privileges based on the level of information/data sensitivity. Therefore, hierarchical protection domains will start from Ring 0 (innermost and most privileged level) and Ring 3 (outermost and least privileged level). Each level should identify and define the potential users and components of personalities classified as suitable for the position (Mbonihankuye et al., 2019).

The approach best aligns with the use of the Chinese Wall security model following the fact that the policy separates two or more groups in a system. The groups of users of the database can be used to facilitate the protection of the system based on access security clearance. This is intended for the protection of the information and data in the database from wrong utilization. The users should have an understanding of the context of the information they view, modify, and update on the database. Therefore, the defining of the security protocols for each group and level is critical for the security and protection of the database.

Step 9: Access Control Concepts and Capabilities

The management of the database requires vital access controls and capabilities to determine who gets access to the system. The competing vendors should extensively outline the authentication requirements, access controls and direct object access. Such measures include security clearance levels, voice or biometric authentication controls, physical access to system administrator’s station, among others (Sittig et al., 2020). The identification of the access controls and authentication features is vital to ensure only the authorized personnel gains access to the database. Also, this must put into account the measures put in place to ascertain information security and safety. The protection of health information is vital to raise the confidence of the patients in the healthcare organization (Galinec et al., 2017). Therefore, the access control and authentication measures are to be developed on the sensitivity of the information.

Step 10: Test Plan Requirements

The vendor should include a test plan which illustrates the functionality and safety of the database. The assessment of the test plan comprises of the determination of the safety and security competence of the database against various vulnerabilities and threats. The competing vendors are required to submit their RFP within the next three months to allow for extensive review and assessment of the effectiveness of the system (Fehis et al., 2016). The proposed database will be subjected to expert evaluation and capacity to withstand different threats. Hence, the database must be efficient, effectively developed, and highly functional to ease top operations of the healthcare organization.

References

Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: preserving security and privacy. Journal of Big Data5(1), 1.

Alotaibi, Y. K., & Federico, F. (2017). The impact of health information technology on patient safety. Saudi medical journal38(12), 1173.

Chang, H. T., & Lin, T. H. (2016). A database as a service for the healthcare system to store physiological signal data. PloS one11(12), e0168935.

Chico, V. (2018). The impact of the General Data Protection Regulation on health research. British Medical Bulletin128(1), 109-118.

Cho, J. H., & Ben-Asher, N. (2018). Cyber defense in breadth: Modeling and analysis of integrated defense systems. The Journal of Defense Modeling and Simulation15(2), 147-160.

Dash, S., Shakyawar, S. K., Sharma, M., & Kaushik, S. (2019). Big data in healthcare: management, analysis and future prospects. Journal of Big Data6(1), 54.

DEMİREL, A. P. D. D. (2017). Effectivness of Health Information System Applications: Clinical Information and Diagnosis-Treatment Systems in Turkey. European Journal of Multidisciplinary Studies2(5), 122-131.

Fehis, S., Nouali, O., & Kechadi, M. T. (2016). A New Distributed Chinese Wall Security Policy Model. Journal of Digital Forensics, Security and Law11(4), 11.

Galinec, D., Možnik, D., & Guberina, B. (2017). Cybersecurity and cyber defence: national level strategic approach. Automatika: časopis za automatiku, mjerenje, elektroniku, računarstvo i komunikacije58(3), 273-286.

Hong, L., Luo, M., Wang, R., Lu, P., Lu, W., & Lu, L. (2018). Big data in health care: Applications and challenges. Data and Information Management2(3), 175-197.

Jacobs, B., & Popma, J. (2019). Medical research, Big Data and the need for privacy by design. Big Data & Society6(1), 2053951718824352.

Kim, M. O., Coiera, E., & Magrabi, F. (2017). Problems with health information technology and their effects on care delivery and patient outcomes: a systematic review. Journal of the American Medical Informatics Association24(2), 246-250.

Kuo, K. M., Liu, C. F., Talley, P. C., & Pan, S. Y. (2018). Strategic improvement for quality and satisfaction of hospital information systems. Journal of Healthcare Engineering2018.

Lintern, G., & Motavalli, A. (2018). Healthcare information systems: the cognitive challenge. BMC medical informatics and decision making18(1), 3.

Ma, X., Wang, Z., Zhou, S., Wen, H., & Zhang, Y. (2018, June). Intelligent healthcare systems assisted by data analytics and mobile computing. In 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC) (pp. 1317-1322). IEEE.

Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare Data Security Technology: HIPAA Compliance. Wireless Communications and Mobile Computing2019.

Mukherji, R. J., & Egyhazy, C. J. (2004). The Architecture of a modern military health information system. Perspectives in Health Information Management/AHIMA, American Health Information Management Association1.

Sittig, D. F., Wright, A., Coiera, E., Magrabi, F., Ratwani, R., Bates, D. W., & Singh, H. (2020). Current challenges in health information technology–related patient safety. Health informatics journal26(1), 181-189.

Talmadge, T. A. (2019). Database Security Request for Proposal. Journal of Cybersecurity Awareness and Education1(1), 23-28.

van Veen, E. B. (2018). Observational health research in Europe: understanding the General Data Protection Regulation and underlying debate. European Journal of Cancer104, 70-80.

Yuan, B., & Li, J. (2019). The policy effect of the General Data Protection Regulation (GDPR) on the digital public health sector in the European Union: an empirical investigation. International journal of environmental research and public health16(6), 1070.

Essay-Writing
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Essay-writing.com

Quality Research Papers

If you’re looking for an Essay writing service to help turn all of your hard work into a product that readers can appreciate, then look no further than our essay writing website. With a team of writers who go the extra mile, and customer support representative’s around-the-clock eager to assist you, we are ready to ace any exam or provide any posterity with what they need.

Top Assignment Writers

Our essay writers are experienced professionals who have the knowledge to write an essay about any subject matter in an interesting way while maintaining academic integrity. Our professional essay writers work day and night to ensure that you receive quality essays on time without any delay or interruption. With many years of experience behind us, our essay writing website is now led by professionals with extensive knowledge in various fields of study.

Zero Plagiarism

For any write my essay for me request, you will never need to worry about plagiarism or getting caught up in the stress of completing assignments when you use our professional services! Get started today by ordering your first paper from us and we'll give you 10% off!

24/7 Customer Support

We are available 24/7, 365 days a year to help you out with your academic needs! if you have any "do my paper" questions or technical concerns, simply chat with one of our essay writing customer service representatives via the Chat Window on the bottom right corner of this screen

Prompt Delivery and 100% Money Back Guarantee

These academic experts are distinct from most other essay writing websites because they have doctoral degrees and decades of professional experience in academia. And because they know how overwhelming college life can be, we waive all minimum deadlines so you can focus on studying without worrying about your assignment always hanging over your head.

Free Revisions

Our Academic writers are confident and highly capable to take on any challenge ranging from a simple high school essay, question and answer assignment help, PowerPoint Presentation, research paper, dissertation, among others . However, we do not allow customers who abuse the free revisions privilege.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

When the world rushes and deadlines increase, it's hard to put your best foot forward. Essay-writing.com is here to help you with top quality essays on all topics, from history papers and engineering design descriptions to sociology case studies. For any write my essay for me request, you can count on a professional team of essay writers who are well experienced and researched in their field as they develop an original paper for you with 24/7 customer support.

Essays

Homework Help Service

Essay-writing.com is an excellent solution for all your problems regarding writing an outstanding admission essay. You don't need to worry about anything anymore because we will provide you with high-quality papers written by expert writers who know how to write professionally!

Admissions

Paper Formats and Types

From time management skills to APA format citations; from MLA formatting rules for research papers; from college application essays where the stakes are high--all these aspects of academic life become clearer as we write it all down on paper! Essay-Writing.com is a professional essay writing service that provides students with well-researched, high quality essays on any topic and at any level of study.

Reviews

Editing & Proofreading

Some of our clients prefer to write their essays themselves and have a third-party like Essay-writing.com proofread it for errors after they are done writing. We have a skilled team of editors who examine your paper closely, looking out for any mistakes that may lessen the appeal or effectiveness of the essay as well as make amends in order to better improve its overall quality before you submit it anywhere else! For all your editing needs, turn to Essay-writing.com

Reviews

Revision Support

You work hard at your academics, and you should be rewarded, with a revision or modification for free on any order from a discursive essay , assignment to dissertation papers.