Security Privacy in Health Care the Protection Essay

Download this Essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Essay:

Security Privacy

In health care, the protection of confidential patient information is an important key in to addressing critical issues and safeguarding the privacy of the individual. To provide more guidance are federal guidelines such as: the Health Care Insurance Affordability and Accountability Act (HIPPA). On the surface, all facilities are supposed to have procedures in place for discarding these kinds of materials. ("Summary of HIPPA Privacy Rule," 2102)

In the case of St. John's Hospital, they have become known for establishing practices of innovation (which go above and beyond traditional safety standards). Yet, at the same time, there are no critical internal controls governing how this information is thrown away. What most executives are concentrating on: is meeting these objectives from an external stakeholder perspective.

This is creating problems inside the facility, as the custodial staff able to go through the garbage and read this information. The reason why, is HIPPA procedures require: that all hospitals must have tight security provisions in place to address these issues. The fact that St. John's is ignoring key provisions; is a sign that the facility could face possible legal and regulatory challenges from these practices. To address these problems, there will be an examination of specific actions that should be taken against the cleaning staff and IS personnel. This will be accomplished by focusing on: how to respond, the training that can be provided, the way the plan will be implemented and introducing a code of conduct. Together, these different elements will highlight how the hospital can deal with these challenges over the long-term.

How can you respond to these situations?

The lack of internal security procedures is problematic. This is because the sensitive information that patient files contain; could be used by others to receive a host of medical services (utilizing the individual's identity). This means that someone could show up at another hospital and impersonate them. Once this happens, is when they can begin receiving other services by: using their insurance to pay for these costs. Over the course of time, these kinds of issues could have a negative impact on patient perceptions of the hospital. (Torrey, 2012)

Moreover, these challenges expose he facility to large class action lawsuits surrounding the lack of security procedures. This will invite some kind of investigation from: state or federal regulators. When this takes place, the hospital and staff members will face the possibility of having to deal with these issues (when they are providing various services). This means that the overall quality will decline because of this distraction. In the future, this will force customers to go elsewhere (based on privacy concerns). This is the point that the hospital will face tremendous challenges in trying to overcome these issues and rebuild their image among stakeholders. (Torrey, 2012)

The best way to respond to these kinds of problems is to change the internal procedures at the hospital. This means having an independent consultant come in and explain how these kinds of challenges will impact the facility. To do this, there needs to be an emphasis on discussing (with the IS department) the seriousness of these issues. The way that this can be achieved is to have a number of meetings and workshops with staff members. During these events, is when everyone will be made aware of the different regulations surrounding: patient privacy and the need to safeguard confidential information. (Johnston, 2012)

While this occurring, consultants will create new internal procedures for discarding this type of data. The way that this will occur, is to have everyone shred the various documents prior to throwing them away. To achieve these objectives, a series of surveillance systems will be placed inside the various departments (overlooking the trash bins). Anyone who is seen digging through the garbage will be immediately questioned about their actions. If they cannot provide some kind of logical explanation, the police will be notified and criminal charges will be pursed. These areas are important, because the hospital must let everyone know that anyone who is violating these practices will be held accountable. In future, this will make it difficult for IS staff members to ignore these provisions. (Johnston, 2012)

In the case of custodial staff, they should be immediately notified that they are not to be digging through the trash. At which point, consultants will let them know what will happen in the event that they are in violation of these provisions (most notably: termination and criminal prosecution). Anyone who is observed violating these standards will automatically be placed on leave without pay (pending an internal investigation). If this is an honest mistake, they will receive a verbal and written warning not to do this again. In the events where staff members are intentionally going through the trash, this will prevent these activities by: watching and punishing this behavior. Over the course of time, this will create a standard of enforcement that is directly addressing these kinds of challenges. (Johnston, 2012)

What training can you provide to your staff?

Like what was stated previously, the most effective training will be to have a series of workshops that will discuss these challenges with everyone. This will provide a basic foundation for ensuring that all staff members understand the seriousness of the issue. Once this takes place, is when there will be an internal practical exam that is provided. This requires all employees to show that they understand the concepts presented in the course and can apply them on a regular basis. (Kilipi, 2000, pp. 90 -- 108)

After this occurs, is when a series of meetings will be conducted with the various departments. During this time, they will be contacted about the possibility of monitoring and reporting these kinds of issues to upper management (anonymously). This could be accomplished through having a position in the HR department that will examine these problems. The way that this will take place, is independent consultants will be used to: investigate, test and evaluate the current procedures. (Kilipi, 2000, pp. 90 -- 108)

If these techniques are utilized, they will establish policies for dealing with confidential information. Those who violate these provisions will be unable to claim that they were unaware of these guidelines (based on the workshop and exam they completed). Moreover, they will sign a disclosure agreement prior to returning back to work. This is when executives can use the various provisions of the law to go after anyone that continues to engage in this kind of behavior. (Kilipi, 2000, pp. 90 -- 108)

To ensure that these policies are continually being followed, consultants will conduct random spot checks of various departments. During this process, is when they will go through the surveillance and will see the procedures for destroying this data. Over the course of time, this will show how well these procedures are working and if it is identifying potential weaknesses early. This will allow St. John's to hold everyone accountable and deal with possible security issues (when they are small). Once this takes place, is when the legal and regulatory risks facing the hospital will be reduced. (Kilipi, 2000, pp. 90 -- 108)

How can you implement your management plan?

The best way to implement these kinds of changes is to invite different stakeholders into the process. This will be accomplished by having administrators seeking out key allies who share similar kinds of beliefs. These individuals must be from different departments and within the community itself. Once this happens, is when everyone will serve on a committee that is examining and implementing these changes. (Alguire, 2009, pp. 337- 343)

To determine the process, there will be an anonymous survey conducted of staff members. This will focus on understanding the importance of patient privacy and identifying weaknesses in the hospital's practices. When this takes place, there will be an emphasis on specific ideas and how they could be implemented. (Alguire, 2009, pp. 337- 343)

The committee will take these views and incorporate them into a working standard that can be utilized by everyone. If this approach is utilized, there will be a focus on specific areas that are: impacting patient confidentially and finding practices which are the most effective. Once this is used in conjunction with other policies, it will address these problems (through: taking the views of stakeholders into account during the process). (Alguire, 2009, pp. 337- 343)

Moreover, everyone will begin to have a sense of empowerment of these concepts. This is because managers are explaining how this kind of behavior will not be tolerated in the future. At same time, they will highlight the problems that this is causing the facility over the long-term. When everyone realizes what is happening, they will be more inclined to report these kinds of violations. This will serve as a stop gap measure, for monitoring and preventing possible abuses in the future. (Alguire, 2009, pp. 337- 343)

Once this takes place, is when the facility will undergo a transformation that is based on addressing key challenges…[continue]

Cite This Essay:

"Security Privacy In Health Care The Protection" (2012, June 11) Retrieved October 27, 2016, from

"Security Privacy In Health Care The Protection" 11 June 2012. Web.27 October. 2016. <>

"Security Privacy In Health Care The Protection", 11 June 2012, Accessed.27 October. 2016,

Other Documents Pertaining To This Topic

  • Security of Health Care Records

    " (Harman, Flite, and Bond, 2012) the key to the preservation of confidentiality is "making sure that only authorized individuals have access to that information. The process of controlling access -- limiting who can see what -- begins with authorizing users." (Harman, Flite, and Bond, 2012) Employers are held accountable under the HIPAA Privacy and Security Rules for their employee's actions. The federal agency that holds responsibility for the development

  • Security in Healthcare the Recent Advances in

    Security in Healthcare The recent advances in technology -- databases that store personal medical records and information -- are bringing tools to patients, doctors and other healthcare professionals that were simply not available just a few years ago. There is hope that eventually, a doctor in Hawaii that is treating a medical emergency for a tourist from Florida, will be able to access the digitally kept medical and healthcare records

  • Health Care System United States

    These stakeholders are also vital in the promotion of the application of standards-based technology. This is critical as it enhances the safety and security of the citizens as they pursue low-cost health care services and products within the context of the United States. The federal and state governments have also been influential in the development and implementation of policies towards addressing security and privacy issues in relation to the utilization

  • Healthcare Government Regulations the Role of Government

    Healthcare Government Regulations The role of government regulatory agencies and government regulations in general is particularly important in health care. The reasons for this are many, but the most important of those reasons is that health care delivery is a special case with regard to consumer use, as to some degree all individuals have the right to safe and ethical treatment and treatment that above all else does no harm. Government

  • Health Care Law Privacy and

    S. Department of Health and Human Services, 2011). Furthermore, subpart C explains the privileges and the protections of confidentiality that is attached to the patient's record along with much exception (U.S. Department of Health and Human Services, 2011). The penalty for anyone who breaks confidentiality is imperative. In "November, 23, 2009" was increased to $11,000 (U.S. Department of Health and Human Services, 2011). This goes for anyone in the medical field

  • Health Care Information and the

    Information technology and computers have also begun to affect, in ways that are both bad and good, family life, community life, education, freedom, human relationships, democracy, and many other issues. By looking into the broadest sense of the word it can be seen that cyber ethics should actually be understood as a branch of applied ethics, and ethics should be something that is believed in by all that provide

  • Healthcare HIPAA Summary Healthcare

    They must provide awareness training to employees, (both paid and unpaid), on HIPAA privacy principles and they must implement regular assessment procedures for evaluating compliance with HIPAA rules, including general information security and information security during electronic transfers. Covered entities must also provide written privacy policy notices to patients that include notification of patients' rights to file complaints with designated personnel and directly to appropriate government officials (HHS, 2003). 4.

Read Full Essay
Copyright 2016 . All Rights Reserved