Information Systems Audit and Healthcare

Posted by Melda Research on May 17th, 2019

Topic justification

There has been growing concern over healthcare information security in the United States. This has led to changes and increased regulations in the required security practices in order to achieve compliance.  It is not surprising that healthcare organizations have wide disparities in security practices and in perceived compliance (Kwon & Johnson, 2012). Given the range of technical and non-technical security practices that healthcare organizations can implement, how do organizations ensure that they are compliant with requirements and regulations?

Different sets of security practices are associated with regulatory compliance. Information system auditing is one of these practices (Walsh & Miaoulis, 2014). The roles of Information audit functions in healthcare organizations can be categorized into different activities: Obtain and establish policies for specific issues and areas, perform a risk assessment and determine the level of risk, Monitor compliance with laws, regulations, and policies, Understand laws and regulations, Audit the highest risk areas, Train on the policies and procedures and communicate awareness on regulations and issues identified in audits.

Through a robust integrated platform, healthcare organizations can boost their audit efficiency. An effective way is through the creation of a centralized repository for the organization’s controls and standardization of internal controls including those for financial reporting, regulatory compliance and operational efficiency (Hasib, 2013). These controls are required to be directly associated with all applicable processes, regulations and anticipated or identified risks.  Information system auditing is part of integrated governance, risk and compliance solution that could potentially help healthcare payers and providers efficiently automate risk assessment and audits, monitor regulatory changes and effectively manage policies and procedures (Mukhi et al., 2014).  Advanced solutions in information system audit have the ability to support different types of audits, such as financial audits, quality audits, compliance audits, supplier audits and compliance audits, supplier audits.  It also provides an end-to-end functionality to manage the audit lifecycle.

The importance of information system auditing in healthcare is evidenced by the formation of different associations formed including Association of Healthcare Internal Auditors (AHIA) and Health Care Compliance Association (HCCA) (AHIA, 2012). These groups engage in exploring available opportunities in auditing and monitoring, addressing issues within their healthcare organizations clarifying the roles of internal audit and compliance as they develop guidance on key aspects of healthcare auditing and monitoring processes (Herath & Rao, 2009).

Given the significance of information security, practitioners and researchers have called for healthcare organizations to be more strategic in their approach to information system auditing (Lear, 2016). This is critical given that they are faced by a dynamic information security environment combined with a constantly changing legal and risks compliance issues.  In such an environment, healthcare organizations need to develop a security strategy that protects organizational and patient information as well as ensures compliance.  Achieving this objective requires a highly effective information security strategy. There is a problem where simple checklists of technical components are emphasized in place of strategic solutions. Information system auditing is an effective and strategic approach for healthcare organizations. Recent studies have paid attention to different aspects of security management. However, information system audit has not received significant attention as other practices (AHIA, 2012). This study will represent an effort to address the void in the literature by focusing on information system audit and healthcare.

Focused research questions

How do healthcare professionals benefit from information system auditing?

Answering this question will involve extensive research from peer-reviewed journals that present studies focused on the role that information system auditing plays in healthcare. These resources are available in databases and online. They will be located using “information system auditing” and “Healthcare” as keywords. 

What are the challenges faced by Healthcare organizations in system auditing efforts?

There is likely to be a number of challenges that healthcare organizations face in implementing information system auditing. Various articles will be located online to help answer this question in details.

How can healthcare organizations boost information system audit efficiency?

The efficiency of information system audit can be increased by implementing different efforts with organizations. This is the only way that organizations can achieve benefits from the process.  Resources on improving audit efficiency will be located to help in answering this question. They will be located online using relevant keywords.

Working thesis and outline


Information system auditing brings huge benefits in organizations with a range of technical and non-technical security practices such as in healthcare.



An abstract will be a concise summary describing the study.  It will include a brief problem statement, the purpose of the study, the scope of the study, methodology, results or findings and implications.


The introduction chapter will make a case for the study.  It will provide an overview of the focus and purpose of the study and contextualizes it through a summary of the basic components.

Literature review

A Literature review will situate the study in the context of previous studies and scholarly material on the topic. 


It will situate the study within a research approach


 The section will report and organizes the study’s main findings by presenting relevant data. 


The section will present a summary of the study.


Kwon, J., & Johnson, M. E. (2012). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association20(1), 44-51.

Walsh, T., & Miaoulis, W. M. (2014). Privacy and Security Audits of Electronic Health Information (2014 update). Journal of AHIMA85(3), 54-59.

Hasib, M. (2013). Impact of Security Culture on Security Compliance in Healthcare in the United States of America: An Information Assurance Approach. Tomorrow's Strategy Today, LLC.

Mukhi, S., Barnsley, J., & Deber, R. B. (2014). Accountability and primary healthcare. Healthcare Policy10(SP), 90.

Lear J., (2016). Healthcare Internal Audit: The Next Generation. Risk complexity calls for a new approach that delivers far greater depth. 

AHIA (2012). Top priorities for internal audit in healthcare provider organizations: Assessing healthcare industry results from internal capabilities and need survey. 

Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems18(2), 106-125.

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in essay writing services. If you need a similar paper you can place your order from cheap assignment writing service services.

Like it? Share it!

Melda Research

About the Author

Melda Research
Joined: January 25th, 2019
Articles Posted: 80

More by this author