Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Case Study: Information Security Issue
Macro-view of the Problem
The hospital faces a problem of end-user security: sensitive data is vulnerable to exposure in the workplace as the end-user methods of using computers in the hospital are ineffective to safeguard the data from theft. Personal health records are important for patients, but if privacy of data cannot be guaranteed, these records are more of a risk to personal privacy than a benefit with regards to having access to information. Nurses, on the other hand, require access to health information and they often need it quickly because of the amount of work they have to deal with routinely on their shift. While end-user security should be a top priority among nurses using facility computers and databases, it routinely is not—as Koppel, Smith, Blythe and Kothari (2015) point out: “a significant gap exists between cybersecurity as taught by textbooks and experts, and cybersecurity as practiced by actual end users” (p. 215). This gap is evidence that in the real world of health care, nurses and care providers are less concerned about systems security than they are about providing timely quality care to patients and quick access to information. Ideally, they would be concerned about both—but the real world often falls short of the ideal.
Conaty-Buck (2017) notes that “all healthcare employees should learn about cybersecurity risks and work to protect patient privacy and safety” (p. 62)—and that education should take place at school and carry over into the facilities where nurses work. In this case, both nursing department and the systems themselves need to be addressed. The nurses and care professionals (even the physicians) need re-education on what it means to safely use information systems and why it is important to follow the guidelines. The systems,...
The Privacy Rule has set national standards in terms of when personal health information (PHI) may be shared. In the case scenario, it is unknown who gained access to the HIV patient list or how it was shared—but someone who knew what to look for and where to look for it broke this privacy rule under HIPAA.
However, the Privacy Rule would not have been broken most likely had the Security Rule been better enforced. The Security rule provides a standard of safeguards to protect hospitals like this one so as to ensure the “confidentiality, integrity, and availability of electronic PHI” (HIPAA, 2016, p. 1). The Breach Notification Rule requires hospitals like this one to alert affected individuals that their personal health information has been stolen. The Rule also requires the care provider to alert the U.S. Department of Health & Human Services (HHS) and even the media if it is particularly expedient—though of course in this case the media needed no alerting. The problem is that it is unknown whether the hospital even knew about the breach before it was made public. If so, then the hospital also broke this rule regarding alerting the proper authorities and the individuals involved.
Two Similar Situations
On March 20, 2017, UNC Health Care—the University of North Carolina Health Care System sent out 1,300 letters to prenatal patients regarding a data…
References
Conaty-Buck, S. (2017). Cybersecurity and healthcare records. American Nurse Today, 12(9), 62.
Daitch, H. (2017). 2017 data breaches—the worst so far. Retrieved from https://www.identityforce.com/blog/2017-data-breaches
HIPAA. (2016). Basics for providers. Retrieved from https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/Downloads/HIPAAPrivacyandSecurityTextOnly.pdf
Kim, L. (2018). Cybersecurity matters. Nursing Management, 49(2), 16-22.
Koppel, R., Smith, S. W., Blythe, J., & Kothari, V. (2015). Workarounds to computer access in healthcare organizations: you want my password or a dead patient?. In ITCH (pp. 215-220).
Health Information Exchange BOON OR BANE? Health Information Exchange in the U.S. The Guidelines Benefits Privacy and Security Challenges and Strategies Why Clinicians Use or Don't Use HIE Doctors' Opinion on HIE Consumer Preferences around HIE Health Information Exchange or HIE is a system, which allows the immediate electronic access of a person's health information records by a health provider (Fricton and Davies, 2008). The overall objective is to improve the safety and quality of health, especially for emergency care.
Information Systems in Health Care: Personal Health Records Introduction Information systems in health care are critical to processing and storing data related to patients and patient services, which in turn ensures that safe, quality care is provided to every patient (Heeks, 2006). One area that needs focus among health care providers is the area of the personal health record (PHR), as Kahn, Aulakh and Bosworth (2009) point out: a gap exists between
Health Information Technology System Hospital Information Technology System Over the years, improvement of service provision within this medical institution has been of massive essence. This has led to the establishment of a number of measures to enhance service delivery one of which constitutes the development of a variety of information systems within the organization. The information technology system under consideration here was established with the view of enhancing operations within all the
Security at Work Information Security within the nursing fraternity With the advent of consolidated information storage within the nursing fraternity, there has grown the need to have better security and controlled access to such information that may be considered confidential and for the use by the nurse and the patient alone. When anyone wants therefore to have access to the documents I will always need to verify several details just to be
Health Information Technology (HIT) is technology that is used to help make health care easier for all stakeholders—both patients and care providers. Examples of HIT include electronic health records, personal health records, e-prescribing, and online communities. HIT allows information to be communicated, stored and shared among people in the industry, whether they are patients providing care givers with access to information or care givers sharing information with other care givers.
Managing Medical Records and the Implementation of Tools and Safeguards Required within HIS Introduction Few practices are more important in managing health information systems than managing medical records, safeguarding patients’ medical history, and ensuring that all end users of medical information technology are approved and trained. Some of the biggest factors in security breaches are end users themselves (Rhee, Kim & Ryu, 2009). This is why training of staff on how to