Explore BrainMass

Internal controls for a database system

Lower Hills Hospital plans to install a database management system (HospInfo) that will maintain patient histories including tests performed, test results, vital statistics, and medical diagnoses. The system also will manage personnel and payroll, medical and non-medical supplies, and patient and provincial health care billings.

The decision was made by the hospital board on the advice of a consultant who is a former employee of Medical Data Services Inc., the developer of HospInfo.

Lower Hills Hospital's chief information officer has come to your accounting firm to ask for advise on what general controls she should ask Medical Data Services Inc. to install to preserve the integrity of the information in the system and to deal with privacy issues. The system would permit data about patients to be entered by doctors, nurses, and medical technologists.


Describe in general terms the controls you would suggest for the system as a whole.
Considering the nature of Lower Hills Hospital, describe potential risks the hospital should be concerned about with respect to HospInfo.
Describe the advantages of such a database management system

Solution Preview

The controls that I would suggest for the system as a whole include:

1. User name and passwords. These user name and passwords would be able to allow the hospital staff to see what individual is inputting information into the system about a specific patient. This would ensure that if there was a problem with any patient misinformation, that individual could be questioned about it.

2. Ensure that the human resource department be the only department that would have access to any ...

Solution Summary

This solution provides an explanation of suggested internal controls for a database system.