Crisis Management The e mail security breach by the KP online Pharmacy

How serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?

The e-mail security breach by the KP online Pharmacy was grave because it violated various HIPPA and State laws that protect patients from health information disclosure without prior consent. Moreover, such a breach of confidential and private information could cause harm and affect the patients' dignity. For instance, disclosing a patient's health data could result in embarrassment, stigma, or discrimination (Drolet et al., 2017). Protection of patients' information usually promotes quality care by enhancing effective communication and information sharing between physicians and patients. Furthermore, according to HIPPA security rule, Kaiser Permanente's mandate is to adopt applicable procedures and policies that ensure that patients' information is contained, protected from any form of a security breach. Also, that such policies and procedures can detect and correct any attempt to patient information security breach before it happens. Therefore, Kaiser Permanente leadership had to immediately contain and correct the e-mail security breach because it could cancel their trading license and legal action against the Pharmacy (Cohen et al., 2018).

Assume that you were appointed as the administrative member of the crisis team created the day the breach was uncovered. After the initial apologies, what recommendations would you make for investigating the root cause(s) of the breach? Outline your suggested investigative steps.

In evaluating and determining the exact root cause of such a security breach, Kaiser Permanente, the first step would be to determine when and where the clear violation occurred as an administrative member. Choosing the exact time and place would be essential for a proper and accurate investigation into the matter: two, Identification of the two programmers who failed to test the produced code. Also, to find out under whose instruction they had to work under pressure. Thirdly, there will be a need to establish what necessitated the use of new web-based tools and applications that had probably not passed through the recommended security and safety checks. Next is to investigate why for the first time, different groups working on other priorities had to work together without a standard coordinating body to ensure security and safety measures comply. Finally, establish whether or not adherence to workstation security requires effective procedures and policies to ensure that the right personnel executes specific and proper functions. Such policies and procedures should also safeguard access to e-PHI (Drolet et al., 2017).

How likely do you think future security breaches would be if Kaiser Permanente did not take steps to resolve underlying group and organizational issues? Why?

Due to the increasing use of technology in the management of patient health information, the failure by Kaiser Permanente to resolve various organizational issues that prompted security breaches can significantly suscept the organization to multiple future security breaches. For example, lack of clarity on who will be providing individual services on security and device maintenance to contain any malicious threat or transfer of information without authorization (Cohen et al., 2018).

What role should the administrative leadership of Kaiser Permanente take in ensuring that KP Online is secure? Apart from security and HIPAA training for all personnel, what steps can be taken at the organizational level to improve the safety of KP Online?

To improve the security of KP online, the administrative leadership of Kaiser Permanente should ensure that there is proper management to information access through the adoption of procedures and policies that will authorize any access or attempt to access the electronic patient health information database. In addition, the administrative leadership of Kaiser Permanente should implement and conduct training on security awareness for all the members of the workforce. Such training programs opt to encompass how addresses can be protected from malicious software and management of password and monitoring log-ins. Furthermore, the organization should implement a contingency plan to ensure proper testing and revision procedures whenever a new code or program is used to manage patient health information. Adoption of such testing plans will ensure that security breach is not permitted. Lastly, the administrative leadership of Kaiser Permanente should execute periodic nontechnical and technical evaluations to respond to any security threats or system changes that may compromise the security of electronic patient health information (Drolet et al., 2017).