Jordan University of Science and Technology
Faculty of Computer & Information Technology
Computer Information Systems Department
CIs436-Privacy of healthcare information
Spring 2024-2025
Course Catalog
3 Credit hours (3 h lectures). This course covers several concepts such as, an introduction to privacy
and security of healthcare information systems, how to protect the confidentiality of patient
information, types of access and the appropriate availability of healthcare information to health care
providers, concepts of limiting unauthorized access, standards and specifications that help keeping
patient medical information secure in an electronic environment, common data protection issues, and
exchanging clinical information between healthcare organizations need to be addressed. Related case
studies will be used and administrative issues will be researched and presented by students as the
course project.
Title
Textbooks
Healthcare Information Security and Privacy
Author(s)
Sean P. Murphy
Publisher
McGraw Hill
Year
Edition
Book
Website
2015
1st
Edition
http://www.mhprofessional.com/product.php?isbn=0071831797
Title
Computer Security: Principles and Practice
Author(s)
William Stallings and Lawrie Brown
Publisher
Pearson Education
Year
2012
Edition
2nd Edition
http://www.pearsonhighered.com
Book
Website
Recent references
Book name
Author
Year
Introduction to Health Information Privacy and Security
Laurie A. Rinehart-Thompson
JD, RHIA, CHP, FAHIMA
2018
1
Instructors
Instructor
Dr. Amal Alzu’bi
Office Location
A2L3
E-mail
aazoubi9@just.edu.jo
Class Schedule & Room
Section 1:
Sunday, Tuesday, Thursday 11:00 -12:00
Topics
Book/Chapter
Week Number
Introduction. Basic security principles.
Cryptography: Simple symmetric-key ciphers, PublicKey Encryption
Stallings/1
1
Stallings/ 2+20+21
2+3
User Authentication: Means of Authentication,
Password-Based, Token-Based, Biometric, Remote User
authentication. Security Issues for User Authentication.
Stallings/ 3
Access Control: Access Control Principles. Subjects,
Objects and Access Rights. Discretionary Role-Based
Access Control.
Stallings/ 4
5
Healthcare Organization, Technology and Data
Murphy / 1
7
Healthcare People, Roles, and Third-Party Partners
Murphy / 2
8+9
Information Risk Decision Making
Murphy / 4
6
Information Security and Privacy Events Management
Information Privacy: Patient Rights and Healthcare
Responsibilities
Protecting Digital Health Information: Cyber Security
Fundamentals
Impact of Information Privacy and Security on Health
IT
Administrating Risk Management and Cyber Security
Murphy / 6
10 + 11
Murphy/ 7
11
Murphy/ 8
12 + 13
Murphy/ 9
14
Murphy/11
15
Mapping of Course Objectives to Program Outcomes1
1. A successful student in this course will understand the importance of information
security, and how authentication and access control methods defend attacks[a,f]
2. A successful student in this course will comprehend the common elements of
healthcare and their relationships, and identify the variety of occupations and roles
in a healthcare organization
3. A successful student in this course will be able to anticipate security and privacy
2
4
Assessment method
Exams, Quizzes
Exams, Quizzes
Exams, Quizzes
issues related to third-party relationships
4. A successful student in this course will be able to understand the phases of data
incident management and apply responsibilities of incident response team members
5. A successful student in this course will recognize how privacy protects patient
rights and supports the confidentiality of the healthcare information.
6. A successful student in this course will appreciate the role of and requirement for
the healthcare privacy officer.
7. A successful student in this course will be aware of the risk of medical and
financial identity theft and understand patient care issues related to data breach.
Exams, Quizzes
Exams, Quizzes
Exams, Quizzes
Exams, Quizzes
Evaluation
Assessment Tool
Midterm Exam
Case Study + Quizzes
Final Exam
Expected Due Date
TBA
TBA
According to the University final examination schedule
Weight
30 %
30 %
40 %
Policy
Attendance
Homework/Lab
Exams
Attendance is very important for the course. In accordance with university policy, students
missing more than 10% of total classes are subject to failure. Penalties may be assessed
without regard to the student's performance. Attendance will be recorded at the beginning or
end of each class.
Students are expected to keep up with the material as it is presented and submit assignments on
time.
All exams will be CLOSE-BOOK; necessary algorithms/equations/relations will be supplied as
convenient. The date of the Exams will be scheduled later.
3