IT Infrastructure Transformation for Big Sky Health Systems


In the time of ‘big data’ processing, healthcare information faces significant challenges. The transition to electronic health databases and information systems for data exchange requires the adequacy of the tools used and their management to minimize risks. The risks might be related to the breach of confidentiality and privacy of patient health data, failure to share data between stakeholders clearly, and inefficiency of information processing. Big Sky Health Systems is currently facing a need to transform its information technology system to ensure the organization’s compliance with healthcare information protection standards.

The Importance of Data Protection in Health Care

The importance of data protection in health care is validated by the overall digitalization of the medical industry in a technologically-driven society. According to the Centers for Disease Control and Prevention ([CDC], 2015), “collecting patient data for providing direct healthcare services is the cornerstone of healthcare practice” (p. 1). However, to ensure that the collected data is properly handled without compromising the rights of the patients and the interests of the organizations, it is essential to comply with ethical and legal considerations. Overall, when utilizing digital data for care delivery and inter-organizational performance, it is necessary to identify and mitigate risks and challenges promptly.

Governing Organization Regulating Data in Health Care

The Department of Health and Human Services (HHS) is the federal government’s executive branch within the public health service category. HHS regulates human services delivery in the USA by functioning as a set of agencies to control medical facilities’ performance. Moreover, this organization issues legislation regulating information technologies in the healthcare setting. Importantly, HHS enacts guidance for organizations’ health data management by setting rules and standards for proper privacy protection for patient records and other information about organizational functioning (The United States Department of Health and Human Services [HHS], 2021).

HHS Data Standards

The key data standard generated by HHS for regulating electronic patient information is the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The national standard for electronic healthcare transactions protects electronic patient data (HHS, 2021). According to CDC (2015), HIPPA generates “the privacy and security provisions that control the access, use, and disclosure of individually identifiable health information” (p. 5). It provides a guideline for using proper health identifiers and code sets to process electronic data with relevant privacy protection. Disclosure of electronic health records is bound to patient authorization with strictly regulated exceptions.

HIPPA Rules Regulating Electronic Data Processing

There are several specific rules that HHS has initiated within the framework of HIPPA to ensure the adequacy of data protection in terms of privacy and security of data (Cohen and Mello, 2018). Firstly, the Privacy Rule protects “individually identifiable health information by three types of covered entities: health plans, health care clearinghouses, and health care providers who conduct the standard health care transactions electronically” (HHS, 2021, para. 2). Secondly, the Security Rule protects “the confidentiality, integrity, and availability of electronically protected health information” (HHS, 2021, para. 3). Finally, the Enforcement Rule necessitates the application of the administrative simplification rules (HHS, 2021).

Health Care Compliance Regulations and Policies

Patient confidentiality is essential in health care under the legislation of the USA and the human rights protection considerations. In addition to HIPPA, the US government has enacted a separate legislative document that allows HHS to expand its performance in terms of IT promotion. In particular, the Health Information Technology for Economic and Clinical Health (HITECH) Act was signed in 2009 to control the storage and exchange of electronic data in health care. Indeed, HITECH “provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT” (Health IT legislation, 2021, para. 4).

Another important regulation of data processing in health care is the 21st Century Cures Act. This legislation is aimed at “advancing interoperability, prohibiting information blocking, and enhancing the usability, accessibility, and privacy and security of health IT” (Health IT legislation, 2021, para. 1). Importantly, this Act facilitates proper and safe use of electronic data related to the health of patients with the emphasis on the protection of privacy when inducing interoperability in data exchange between stakeholders.

Identified Threats to Patient Information

The first threat to patient information safety identified during the investigation is the access to data by third parties. Big Sky’s electronic data is unprotected and is often accessed by outsiders, which leads to breaches of HIPPA and consecutive organizational non-compliance (Sittig, D. F., Belmont, E., and Singh, 2018). Such a disruption in data protection puts Big Sky at risk of reputational losses and the monetary losses associated with the compensation for the breach of confidentiality.

The second issue detected within the context of the investigation is faxing information to the wrong receiver, which is why patient information is disclosed without authorization. Such misconduct is illegal under HIPPA and should be addressed appropriately (CDC, 2015). Using fax for sensitive data exchange and using it with errors yields breaches in the confidentiality of data and demonstrates the failure to establish the adequacy of data exchange. For Big Sky Health Systems, it might result in significant reputational and monetary losses.

The third threat to patient safety associated with unsafe technology conditions is the failure to deliver records to referring providers. Since crucial data is not shared with stakeholders on time, it has been detected that patients’ treatment is hindered. Moreover, Medicare coverage is not in due force due to delays or even the lack of data exchange, which is unethical and illegal due to the failure to provide quality health care to patients (CDC, 2015). In addition, such a drawback in electronic data management might result in further deterioration of collaboration with partnering facilities.

Proposed Solutions

The proposed solutions that would address the identified threats include the following. Firstly, the encouraged conducting of security risk assessment will allow for checking possible data leakage to third parties and help prevent the breach of confidentiality under HIPPA (Office of the National Coordinator for s, IT, n.d.). Secondly, employee training for security compliance should be initiated to eliminate human errors in the unauthorized disclosure of patient data due to wrong recipients (Puhakainen and Siponen, 2010). Furthermore, to ensure consistency and safety in exchanging information with referring entities, the organization should integrate a unified IT management system and promote cyber security awareness in its organizational culture (Rassam, Maarof, and Zainal, 2017).

The advantages of the proposed solutions include the ease and safety of using a unified system for all operations with electronic data within the organization. The exchange of data and its processing integrated into one system would allow for consistency and integrity (Rassam, Maarof, and Zainal, 2017). Training will result in the reliability of employee competence in issues related to electronic data management. Overall, the combined advantages of the four solutions will result in compliance of the organizational performance with current legislation and enhanced financial and reputational benefits due to the lack of breaches in security.

Solutions’ Relevance to Current Trends

The proposed solutions are relevant to the current trends in health IT. They prioritize Long-term patient benefits by complying with HIPPA, Security Rules, and Privacy Rules. Moreover, the solutions advance organizational performance in handling electronic data with proper adherence to HITECH provisions and compliance with the 21st Century Cures Act.


Conclusively, the currently utilized technology is outdated and ineffective, which leads to significant monetary and reputational risks. Importantly, the lack of proper methods to ensure patient information privacy, security, and confidentiality breaches legislation and causes patient suffering. The cooperation with partners also deteriorates under the influence of poor digital information management. The proposed solutions are in accord with the current trends in health IT and aim at comprehensive long-term problem-solving.


Centers for Disease Control and Prevention. (2015). Federal public health laws supporting data use and sharing.

Cohen, I. G., and Mello, M. M. (2018). HIPAA and protecting health information in the 21st century.

Health IT legislation. (2021).

Office of the National Coordinator for Health IT. (n.d.). Security 101: Security risk analysis.

Puhakainen, P., and Siponen, M. (2010). Improving employees’ compliance through information systems security training: an action research study. 

Rassam, M. A., Maarof, M., and Zainal, A. (2017). Big data analytics adoption for cybersecurity: a review of current solutions, requirements, challenges and trends.

Sittig, D. F., Belmont, E., and Singh, H. (2018). Improving the safety of health information technology requires shared responsibility: It is time we all step up.

The United States Department of Health and Human Services. (2021). HIPAA for professionals.

Find out your order's cost