Unit Outline
BAA548
Digital Health Privacy and Security Issues
Semester 2, 2024
Joel Scanlan
Australian Institute of Health Service Management
College of Business and Economics
CRICOS Provider Code: 00586B
Unit Coordinator
Joel Scanlan
Email: Joel.Scanlan@utas.edu.au
What is the Unit About?
Unit Description
 
This unit explores the information security issues arising from technology use in the health care environment. Consideration is given to legal and ethical concepts and issues, with an emphasis on the confidentiality, integrity, and availability of health information. Students are provided the opportunity to apply their learning by undertaking a risk analysis and mitigation process related to the core business of a health organisation. Security standards and systems are discussed in context to protecting personal health information, including the limitations of the technology to support this.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1.
Discuss the health information concepts of confidentiality, integrity, and availability and relevancy to privacy and security
2.
Analyse stakeholder perspectives and challenges in protecting of health information
3.
Justify the recommendation of appropriate information security measures to manage identified risks
4.
Consider the contribution of ethical and legal frameworks for guiding health informatics professionals
Requisites
REQUISITE TYPE
REQUISITES
Anti-requisite (mutual excl)
CRH503
Alterations as a result of student feedback
To be determined
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
Online
Tutorial (Online)
Online tutorial including scaffolding for assessment tasks 2 and 3, including dedicated group work time.
1
Once only (6 times)
Independent Learning
Working through course theory modules and activities
10
Weekly
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online or includes online activities, it is expected you will engage in all those activities as indicated in the Unit Outline or MyLO, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
Breach Report
Week 5
30 %
LO1, LO2, LO3, LO4
Assessment Task 2:
Risk Analysis Report
Week 9
30 %
LO1, LO2, LO4
Assessment Task 3:
Policy Document
Week 13
40 %
LO1, LO3, LO4
 
Assessment details
Assessment Task 1: Breach Report
Task Description:
A written assignment based on an information security news item of an event relevant to the health sector which occurred within the last two years. The assignment will discuss the event in the context of the theoretical concepts described within the course content, with attention to security principles and ethics.
Task Length:
1000 words
Due Date:
Week 5
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Accurately describes the security event and its relevance to digital health
LO1
2
Uses appropriate scholarly, industy and legal references to support discussion
LO2
3
Articulate the ethical and legal issues relevant to the topic
LO4
4
Considers the additional measures that could have mitigated the impact of the event
LO3
 
Assessment Task 2: Risk Analysis Report
Task Description:
Undertake a threat and risk analysis of a health provider detailed in a case study (provided on MyLO), considering the security risks to patients, practitioners, administrators and informaticians. The risk analysis, and associated materials, should be presented within a professional document, detailing the context in practical terms, including relation to relevant legislation for the health provider. This assignment is undertaken in small groups of 3 or 4 students.

Group assignment where the Feedback Fruits platform will be used to differentiate the contribution undertaken by team members,
Task Length:
5-6 pages (multiple tables and diagrams with supporting text explanation) – 1000 words per student in the group
Due Date:
Week 9
Weight:
30 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Explore and discuss the health provider detailed in the case study, detailing further items of significance and assumptions which are relevant
LO2
2
Describe realistic threats which are relevant to the health provider within the case study
LO1
3
Undertake a risk analysis of the threats defined, presenting the results in an easily understood form
LO1
4
Discuss legal and ethical factors relevant stakeholder behaviour and their impact on provider security
LO4
 
Assessment Task 3: Policy Document
Task Description:
This assessment item builds upon the work undertaken in the previous assessment task, responding to the risk analysis results by producing a formal response to mitigate against the risks to the healthcare provider within the case study. This will include written work targeting different kinds of risks that were present (undertaken individually), and a combined overview section. The assignment will be completed within the same group as the risk analysis, but this time will include both individual tasks and a group task.

Group assignment - the assignment will be divided into individual components and a group component. Individual student marks will vary within the group based on their individual component their group mark will be based on contribution established by using the Feedback Fruits platform.
Task Length:
15-20 pages in total (4-5 pages group component (updated from assessment task 2 based on feedback), 3-4 pages for each individual component) – 2000 words per student in group
Due Date:
Week 13
Weight:
40 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Define and describe relevant security goals suitable to the case study
LO1
2
Select and justify appropriate security measures to manage identified risks
LO3
3
Present recommendations in a clear and concise manner
LO3
4
Consider legal and ethical factors relevant to stakeholder’s ability to implement and follow mitigation measures
LO4
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
Academic integrity
Academic integrity is about acting responsibly, honestly, ethically, and collegially when using, producing, and communicating information with other students and staff members.

In written work, you must correctly reference the work of others to maintain academic integrity. To find out the referencing style for this unit, see the assessment information in the MyLO site, or contact your teaching staff. For more detail about Academic Integrity, see Important Guidelines & Support.
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.