Protecting Data and Health Information

Protection of personal data is paramount in any situation. Battered women receiving help in a shelter, part of a community clinic require confidentiality to avoid problems should their abusers locate them. When computerizing an appointment system and records, sometimes such information can easily be taken if there is no protection available. Things like passwords and encryption help keep would be criminals from accessing sensitive data. Although hackers may still access the data should they gain password information, adding those layers of protection, safeguard sensitive data on most occasions. While not all negative situations can be avoided, extra precaution must be taken when attempting to protect personal data.

The stakeholders of this scenario are several. The first and most important are the battered women and children in the shelter. They are the ones that may be endangered should their information leak out. The second are the staff working in the shelter and other parts of the community clinic. They have sensitive data in the system as well from social security numbers to other identifying information like home address and telephone number. Such information in the wrong hands can lead to identity fraud. The last party that could be affected should personal data leak is the director. She could face potential legal action if the information is leaked under her supervision and guidance.

In terms of risks, problems, issues, and consequences, the staffers that have their information leaked or unintentionally leak sensitive data could risk being fired, could suffer through identity fraud, and could put in danger the participants of the community clinic. These include women and children seeking help. The second party, battered women and children, may fear being found by their abuser. They may also be victims of identity fraud. The director could face lawsuits, loss of employment, and potentially losing the community clinic should enough problems arise from personal information being leaked. Safeguarding personal data is extremely paramount to avoid permanently damaging outcomes.

Although there is increased risk with creating an electronic version of the data within the community clinic, especially in app form, made easily accessible to staffers, it does add convenience and speed. Meaning, staffers can readily access the data of their clients from anywhere and help them with whatever problems they have in relation to the services offered by the community clinic. Staffers can also send data to and from the locations belonging to the community clinic instantly thanks to email, fax, and even instant messaging should the app include this. The speed and convenience of electronic data are major benefits.

Furthermore, if clients need referrals, staffers can send the data of the client to other agencies so they may receive the care and attention they need to help them deal with the issues they need addressed. With so many agencies, clinics, and hospitals digitizing their records, the community clinic will be able to keep up to date with technological advances. Keeping up to date is crucial regarding assisting clients.

If records remain as paper records, it may slow down the process. Clients will not be able to get the help they need in a timely fashion. They may also miss out on certain programs because of deadlines. By making data retrieval convenient, staffers and clients can work together to achieve a positive and favorable outcome.

The last benefit for digitizing data and making an app for it is increased communication. Staffers and the director can communicate with each other should a problem arise. Clients can, depending on the style of app, receive information more quickly than through traditional methods like phone calls and paper fax. It is reminiscent of being able to access test results online at certain health clinics. Although the community clinic may not offer something like that, they can offer the option of making an appointment online or even chatting with a potential client since some people may be afraid to talk over the phone. Communication improves greatly when there are several options available.

Regarding legal ramifications, or legal considerations, privacy and data security are top priority. Some of the information in the community clinic may be related to health data. Health data must be maintained confidential and only released to specific groups or individuals with explicit consent from the person the data concerns. Therefore, to maintain security and confidentiality, it is important to consider anonymization of data.

This was discussed briefly before via encrypting data. By anonymizing data via encryption, the data becomes safer to access from other devices like smartphones. "It is, not possible for those who do not have the decoding key to identify a data subject by sing the encrypted information, and the decrypted data thus remain privately available only for those who do have the decoding key." (Hoeren 62) In fact, national data privacy regulations favor an anonymization option because it decreases the risk of any sensitive information leaking. " . . . some national laws provide an opportunity to anonymize by changing data in a way that guarantees that information can be reassigned to a person only with disproportionately large amount of effort, cost, and time." (Hoeren 63) The laws in the United States that deal specifically with personal identifiable information or sensitive data are the Privacy Act of 1974, the Privacy Act of 2005, and the proposed Identity Theft Prevention Act of 2005.

By taking into consideration the need to anonymize sensitive data, the digitizing of data from the community clinic can be successfully performed. This will reduce chances of unnecessary exposure of sensitive data. It will also comply with the need for privacy according to United States Law. Lastly, it will allow for more security measures to be taken to ensure personal data protection.

The scenario said the community clinic had three sites all within the same city. Of these three cites, one is a shelter. However, the scenario failed to include what the other two sites are. Are they healthcare centers? Are they places where people can get referrals? Are the staffers social workers? The scenario failed to detail what kind of jobs the staffers have.

The staffers can be health professionals or they could be volunteers. If some of the staffers are volunteers and they have access to confidential information, this could put the community clinic at risk of personal information leaks. Furthermore, the scenario states the shelter helps battered women and children and that they are identified by their first names. However, there must be other identifiable information to be able to allow staffers to recognize someone. Things like birthdays, addresses, and contact information are also available. However, the scenario made it seem like it is only made available after the women leave the shelter.

This vague information and missing information makes it more difficult to decide because there are so many things to take into consideration. The biggest potential security breach could from the staffers themselves. By not knowing the kind of staffers working at the community clinic and not knowing the kind of sites other than the shelter, there is no way to discern the potential risk associated with making information easily available via smartphone app. Should someone like a volunteer have access to this sensitive data, they may have little to lose and may abuse their privileges compared to a more experienced and paid employee.

While the scenario offers vague and missing information, there are several options to ensure maintenance of proper security measures and protection of personal data. The first is creating a log in system for access to the data available in the community clinic, especially in the shelter. Depending on the job title and job duties, the staffer will be given a username and password along with privileges. These privileges will give them access to certain levels of data. The first level allows the staffer access to first and last names and phone numbers of the clients in the community clinic. The second level allows access to addresses and prior history of the client. The third level allows access to medical records and other personal information to help make referrals and so forth.

The other option, especially for the smartphone app, is generating a log both paper and electronic of any staffer that uses the app and tries to access the sensitive data. Other places have an incident log and it allows security-aware personnel or manager to see what kind of evolving trends may happen and deal with them accordingly. "The reception area staff should be issued with an incident log, to record all suspicious events. This log should be studied daily by a security-aware manager in the search for evolving trends." (Schifreen 36). Schifreen also states an inventory log is essential to ensure management knows who takes what out of the community clinic. For example, smartphones can be given to the staffers that have the app installed and must be turned in when not in the office. This allows for maximum security of personal information via an additional added layer of security.

The next option to ensure adequate personal data protection is an encryptor. Numerous programs offer file encryption. However, one must keep in mind even if a program offers file encryption, the program may fail to provide data scramble.

Some application programs claim to provide built-in encryption and/or password protection on their data files. Lotus Agenda is one such program. However, the current version of this program does not scramble the data at all so the information is fully visible if the Agenda data file is examined with a text editor from MS-Dos. (Schifreen 109)

Keeping information restricted using usernames and passwords along with offering various levels of access ensures every staff can perform their necessary job functions. It also allows information to remain secure. The logs add additional security and responsibility to the person who attempts to access the data. Lastly, by allowing data to go through an encryptor and additional scrambling, the data will be kept secure should hackers or anyone knowledge in computers from easily accessing the sensitive information.

In terms of impact, there could be some consequences, risks, harms, benefits, and costs. For example, the overall cost of providing smartphones to staffers may be expensive. The cost of one smartphone can be at minimum $50. Secondly buying programs to encrypt data, generate log in systems, and scramble the data can also be costly. In terms of risks, staffers may still be able to access sensitive data if they simply ask someone with higher computer privileges for the information. The harm can come from people not understanding what to do in terms of data retrieval due to their inability to use computers or smartphones. Regarding benefits, as explained earlier, the increased layers of protection reduce the chances of personal data leaking and going into the wrong hands.

When applying categories to each option, ethically obligatory would be the login system. People working for the community clinic must log in to access personal information of the clients. The acceptable category can be data encryption and scrambling. It is an acceptable security measure to encrypt data to keep non-staffers from having easy access to it.

The category of prohibited is the inventory logs. Some may find this intrusive, and may not be willing to participate. Furthermore, it may not be done in the way that is needed. It may cost additional money to enforce this option. Especially if people leave with the smartphones by stealing them.

In terms of giving the option of electronic information for the community clinic, it is doable. If the community clinic can invest in creating a smartphone app, they can invest in at least buying a program or two to effectively encrypt and scramble the personal data. They can also generate a log in system with varying degrees of access. This seems like a good option so that way the community clinic has easy access to the sensitive data without compromising the privacy of the clients. These clients are high risk and need privacy to avoid any potentially negative outcomes.

In conclusion, personal data protection is of highest priority. The community clinic helps battered women in one of their sites (shelter). That means they require additional steps to ensure the data they let their staffers have access to is secure. Without the security, there may be legal ramifications. Although encryption and data scrambling may be expensive and generation of a log in system difficult, it keeps extra layers of protection to keep people from potentially accessing personal data without permission. Currently, personal data can fall into the wrong hands. Steps must be taken to protect such information.

Works Cited

Hoeren, Thomas. Legal Aspects of Digital Preservation. Edward Elgar, 2013.

Schifreen, Robert. Data Protection and Security for Personal Computers: A Manager's Guide to Improving the Confidentiality Availability and Integrity of Data on Personal Computers and Local Area Networks. Elsevier, 2014.