Security Privacy in Health Care, the Protection

Security Privacy

In health care, the protection of confidential patient information is an important key in to addressing critical issues and safeguarding the privacy of the individual. To provide more guidance are federal guidelines such as: the Health Care Insurance Affordability and Accountability Act (HIPPA). On the surface, all facilities are supposed to have procedures in place for discarding these kinds of materials. ("Summary of HIPPA Privacy Rule," 2102)

In the case of St. John's Hospital, they have become known for establishing practices of innovation (which go above and beyond traditional safety standards). Yet, at the same time, there are no critical internal controls governing how this information is thrown away. What most executives are concentrating on: is meeting these objectives from an external stakeholder perspective.

This is creating problems inside the facility, as the custodial staff able to go through the garbage and read this information. The reason why, is HIPPA procedures require: that all hospitals must have tight security provisions in place to address these issues. The fact that St. John's is ignoring key provisions; is a sign that the facility could face possible legal and regulatory challenges from these practices. To address these problems, there will be an examination of specific actions that should be taken against the cleaning staff and IS personnel. This will be accomplished by focusing on: how to respond, the training that can be provided, the way the plan will be implemented and introducing a code of conduct. Together, these different elements will highlight how the hospital can deal with these challenges over the long-term.

How can you respond to these situations?

The lack of internal security procedures is problematic. This is because the sensitive information that patient files contain; could be used by others to receive a host of medical services (utilizing the individual's identity). This means that someone could show up at another hospital and impersonate them. Once this happens, is when they can begin receiving other services by: using their insurance to pay for these costs. Over the course of time, these kinds of issues could have a negative impact on patient perceptions of the hospital. (Torrey, 2012)

Moreover, these challenges expose he facility to large class action lawsuits surrounding the lack of security procedures. This will invite some kind of investigation from: state or federal regulators. When this takes place, the hospital and staff members will face the possibility of having to deal with these issues (when they are providing various services). This means that the overall quality will decline because of this distraction. In the future, this will force customers to go elsewhere (based on privacy concerns). This is the point that the hospital will face tremendous challenges in trying to overcome these issues and rebuild their image among stakeholders. (Torrey, 2012)

The best way to respond to these kinds of problems is to change the internal procedures at the hospital. This means having an independent consultant come in and explain how these kinds of challenges will impact the facility. To do this, there needs to be an emphasis on discussing (with the IS department) the seriousness of these issues. The way that this can be achieved is to have a number of meetings and workshops with staff members. During these events, is when everyone will be made aware of the different regulations surrounding: patient privacy and the need to safeguard confidential information. (Johnston, 2012)

While this occurring, consultants will create new internal procedures for discarding this type of data. The way that this will occur, is to have everyone shred the various documents prior to throwing them away. To achieve these objectives, a series of surveillance systems will be placed inside the various departments (overlooking the trash bins). Anyone who is seen digging through the garbage will be immediately questioned about their actions. If they cannot provide some kind of logical explanation, the police will be notified and criminal charges will be pursed. These areas are important, because the hospital must let everyone know that anyone who is violating these practices will be held accountable. In future, this will make it difficult for IS staff members to ignore these provisions. (Johnston, 2012)

In the case of custodial staff, they should be immediately notified that they are not to be digging through the trash. At which point, consultants will let them know what will happen in the event that they are in violation of these provisions (most notably: termination and criminal prosecution). Anyone who is observed violating these standards will automatically be placed on leave without pay (pending an internal investigation). If this is an honest mistake, they will receive a verbal and written warning not to do this again. In the events where staff members are intentionally going through the trash, this will prevent these activities by: watching and punishing this behavior. Over the course of time, this will create a standard of enforcement that is directly addressing these kinds of challenges. (Johnston, 2012)

What training can you provide to your staff?

Like what was stated previously, the most effective training will be to have a series of workshops that will discuss these challenges with everyone. This will provide a basic foundation for ensuring that all staff members understand the seriousness of the issue. Once this takes place, is when there will be an internal practical exam that is provided. This requires all employees to show that they understand the concepts presented in the course and can apply them on a regular basis. (Kilipi, 2000, pp. 90 -- 108)

After this occurs, is when a series of meetings will be conducted with the various departments. During this time, they will be contacted about the possibility of monitoring and reporting these kinds of issues to upper management (anonymously). This could be accomplished through having a position in the HR department that will examine these problems. The way that this will take place, is independent consultants will be used to: investigate, test and evaluate the current procedures. (Kilipi, 2000, pp. 90 -- 108)

If these techniques are utilized, they will establish policies for dealing with confidential information. Those who violate these provisions will be unable to claim that they were unaware of these guidelines (based on the workshop and exam they completed). Moreover, they will sign a disclosure agreement prior to returning back to work. This is when executives can use the various provisions of the law to go after anyone that continues to engage in this kind of behavior. (Kilipi, 2000, pp. 90 -- 108)

To ensure that these policies are continually being followed, consultants will conduct random spot checks of various departments. During this process, is when they will go through the surveillance and will see the procedures for destroying this data. Over the course of time, this will show how well these procedures are working and if it is identifying potential weaknesses early. This will allow St. John's to hold everyone accountable and deal with possible security issues (when they are small). Once this takes place, is when the legal and regulatory risks facing the hospital will be reduced. (Kilipi, 2000, pp. 90 -- 108)

How can you implement your management plan?

The best way to implement these kinds of changes is to invite different stakeholders into the process. This will be accomplished by having administrators seeking out key allies who share similar kinds of beliefs. These individuals must be from different departments and within the community itself. Once this happens, is when everyone will serve on a committee that is examining and implementing these changes. (Alguire, 2009, pp. 337- 343)

To determine the process, there will be an anonymous survey conducted of staff members. This will focus on understanding the importance of patient privacy and identifying weaknesses in the hospital's practices. When this takes place, there will be an emphasis on specific ideas and how they could be implemented. (Alguire, 2009, pp. 337- 343)

The committee will take these views and incorporate them into a working standard that can be utilized by everyone. If this approach is utilized, there will be a focus on specific areas that are: impacting patient confidentially and finding practices which are the most effective. Once this is used in conjunction with other policies, it will address these problems (through: taking the views of stakeholders into account during the process). (Alguire, 2009, pp. 337- 343)

Moreover, everyone will begin to have a sense of empowerment of these concepts. This is because managers are explaining how this kind of behavior will not be tolerated in the future. At same time, they will highlight the problems that this is causing the facility over the long-term. When everyone realizes what is happening, they will be more inclined to report these kinds of violations. This will serve as a stop gap measure, for monitoring and preventing possible abuses in the future. (Alguire, 2009, pp. 337- 343)

Once this takes place, is when the facility will undergo a transformation that is based on addressing key challenges and working with different stakeholders. This is when they are becoming more involved in: understanding these challenges and are working with everyone to deal with them. In many ways, one could argue that a sense of complacency from staff members is what has allowed the underlying situation to become worse. To address these problems requires: increased vigilance and cooperation (which will establish an effective system of checks and balances to prevent these kinds of abuses). (Alguire, 2009, pp. 337- 343)

Code of Conduct

To deal with these issues, a code of conduct will be created that highlights the expected employee behavior when it comes to patient safety. This will help to prevent any kind of misunderstandings and ensure that everyone knows the policy at the facility. As a result, there will be a focus on a number of areas to include: (Lowe, 2005, pp. 237 -- 252)

The disposal of client information: This will state that all sensitive data should be destroyed (via shredding). Anyone who does not follow these procedures will be subject to immediate suspension and investigation. Once this concluded, is when the individual will be provided with a verbal and written warning (if this was an oversight). In the future, these kinds of infractions will result in termination. If the investigation reveals wrongdoing, the authorities will be contacted about prosecuting this individual. At the same time, they will be terminated from their position immediately. (Lowe, 2005, pp. 237 -- 252)