Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
How serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?
The e-mail security breach by the KP online Pharmacy was grave because it violated various HIPPA and State laws that protect patients from health information disclosure without prior consent. Moreover, such a breach of confidential and private information could cause harm and affect the patients' dignity. For instance, disclosing a patient's health data could result in embarrassment, stigma, or discrimination (Drolet et al., 2017). Protection of patients' information usually promotes quality care by enhancing effective communication and information sharing between physicians and patients. Furthermore, according to HIPPA security rule, Kaiser Permanente's mandate is to adopt applicable procedures and policies that ensure that patients' information is contained, protected from any form of a security breach. Also, that such policies and procedures can detect and correct any attempt to patient information security breach before it happens. Therefore, Kaiser Permanente leadership had to immediately contain and correct the e-mail security breach because it could cancel their trading license and legal action against the Pharmacy (Cohen et al., 2018).
Assume that you were appointed as the administrative member of the crisis team created the day the breach was uncovered. After the initial apologies, what recommendations would you make for investigating the root cause(s) of the breach? Outline your suggested investigative steps.
In evaluating and determining the exact root cause of such a security breach, Kaiser Permanente, the first step would be to determine when and where the clear violation occurred...…any access or attempt to access the electronic patient health information database. In addition, the administrative leadership of Kaiser Permanente should implement and conduct training on security awareness for all the members of the workforce. Such training programs opt to encompass how addresses can be protected from malicious software and management of password and monitoring log-ins. Furthermore, the organization should implement a contingency plan to ensure proper testing and revision procedures whenever a new code or program is used to manage patient health information. Adoption of such testing plans will ensure that security breach is not permitted. Lastly, the administrative leadership of Kaiser Permanente should execute periodic nontechnical and technical evaluations to respond to any security threats or system changes that may compromise the security of electronic patient health information (Drolet…
References
Cohen, I. G., & Mello, M. M. (2018). HIPAA and protecting health information in the 21st century. Jama, 320(3), 231-232.
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. The Journal of hand surgery, 42(6), 411-416.
Security Breach Case Scenario 1: Security Breach Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential
Both types -- qualitative and quantitative -- have their advantages and disadvantages. One of the most well-known of the quantitative risk metrics is that that deals with calculation of annual loss expectancy (ALE) (Bojanc & Jerman-Blazoc, 2008). ALE calculation determines the monetary loss associated form a single occurrence of the risk (popularly known as the single loss exposure (SLE)). The SLE is a monetary amount that is assigned to
Computer Security Breaches Internal Controls and Receivables On December the 19th Target publicly acknowledged they had suffered a data breach, which had resulted in the loss of 40 million customer payment card details, along with their names, expiry dates, and the encrypted security codes (Munson, 2013), At the time this was one of the largest security breaches, with the firm suffering not just because they were targeted by criminals, but as a
Crisis Management at the United Nations Though an admirable organization, the United Nations does not always function like a smoothly oiled machine. This is because of the organization's sheer size, but also of its many inefficiencies. However, if there is one department in which there should not be any kind of delay or misunderstanding, it is the department of communications. This department, because of the nature of the organization, is vital
The authors noted that experience played a factor in the results of the simulation, yet during a crisis experience alone cannot be relied upon to restabilize the situation. Roux-Dufort's thoughts on crisis management are particularly prescient for organizations, but may not be applicable in specific micro-level contexts (such as with Moorthy's surgeons). What the literature highlights is that the divide in thought and perspective that was identified by Pearson and
Crisis Management Uncertainty in regards to individual activities within a large student population is always a cause for concern. It is difficult to govern or even deter the questionable activities of a predominately young student population. This problem is exacerbated due to the rebellious nature of young students in regards to politics, social interactions, student programing and more. Public news often comes from universities with questionable activities such as fraternity hazing,