SlideShare a Scribd company logo

Breach of Security Final Paper

Download as DOCX, PDF
A
Andrew Blumenreich
1 of 6
Running Head: Written Assignment 2/20/2016 Written Assignment #2 Andrew Blumenreich Professor Marjorie Silverman HEA 310 OL 19 February 2016
Running Head: Written Assignment 2/20/2016 As the CEO of this healthcare facility it is plain to see that the organization and all of its healthcare professionals have fallen behind the standards of care that are expected from us by our patients. This healthcare organization faces a multitude of problems in the way we go about protecting patient health information. The nurses and physicians who are employed by this healthcare organization have an ethical responsibility to protect sensitive patient information and must act more responsibly in the way that they handle themselves while on the job. This healthcare organization needs to begin to implement information security strategies and train employees to learn how to protect electronic health records, and patient records more efficiently. This health care organization has accrued a tremendous amount of respect and earned its reputation as a world-renowned AIDS treatment center and that is not something we take lightly. After this breach of data my first responsibility as CEO is to protect patients who have HIV/AIDS because this disgusting act is an injustice to them. The public should not fear people with HIV/AIDS because HIV/AIDS does not reproduce outside of the human body. In addition to that the public needs to know that they can only get HIV/AIDS from certain bodily fluids such as, blood, semen (cum), pre-seminal fluid (pre-cum), rectal fluids, vaginal fluids, and breast milk. The public cannot get HIV/AIDS from hugging, shaking hands, sharing toilets, sharing dishes, or closed-mouth or “social” kissing with someone who is HIV-positive (HIV, 2015). One of the biggest problems that this healthcare organization faces is accountability. The culture at this healthcare organization is far too relaxed and healthcare professionals are forgetting about their Hippocratic duties and guarantee to patients to protect their rights at all times. Instead of being leaders that less experienced healthcare professionals can lookup to, employees with merit are creating negative tendencies by carelessly giving away confidential information such as passwords and login information. In addition to that healthcare employees
Running Head: Written Assignment 2/20/2016 have shown poor ethical behavior, with regards to respect of persons, because there is a lack of regard for patient confidentiality (Buchbinder, 2007). To ensure to the public that this breach of security is an odd occurrence and not the norm it is important that employees understand the laws, guidelines and regulations that are relevant in protecting patient security in the electronic information age. Employees must fully understand HIPAA, which is the Health Insurance Portability and Accountability Act of 1996, including the privacy and security rules that accompany it. The privacy rule states that there is a need for national standards to control the flow of sensitive health information and to establish real penalties for the misuse or improper disclosure of this information. The other important aspect of HIPAA is the security rule, which mandates that PHI, electronically stored or transmitted, must be kept confidential and protected against unauthorized users and threats to its security or integrity (Choi, 2006). The poor conduct of employees at this healthcare organization and failure to follow guidelines has directly caused violations of HIPAA. These violations have lead to invasion of patient privacy, which is an Intentional Tort (Buchbinder, 2007). This has serious ramifications if negligence is proven. In addition to that, the HITECH Act is also very relevant because it supports the enforcement of HIPAA requirements by increasing the penalties for healthcare organizations that violate HIPAA privacy and security rules (Salz, 2013). As an organization we did not meet the requirements of these critical laws and guidelines because we failed to meet our Fiduciary duty (Buchbinder, 2007). One of the first steps that I must take as CEO is implementing a better form of communication from upper management to staff. From now on it will be important to notify every employee about changes to protocol that may affect medical privacy because not every employee is are aware of the rules, laws, and standards that they are expected to follow in this facility (Salz, 2013). In addition to that this
Running Head: Written Assignment 2/20/2016 healthcare organization must bolster its security measures by evaluating the three ways that access can be gained to our infrastructure. Those three ways are administrative access, such as security policies and operation management. An evaluation of technical access appliances, such as web filters and firewalls and lastly an evaluation of physical safeguards, such as security guards, doors, locks, and windows (Love, 2011). This healthcare organization also failed to prevent this security breach because employees do not have defined roles and job responsibilities, which would help to determine a variation of access levels for employees and make them think twice about revealing their access codes. Thankfully there is a proven model to follow to remedy this crisis, because security breaches unfortunately happen all the time in the healthcare industry. The numbers show that in a single year, 96% of hospitals had a data breach and 60% of hospitals had multiple breaches (A Case Study, 2013). One event where a security breach happened is when an employee of Holy Cross Hospital inappropriately accessed over 10,000 patient records and looked at private information such as patient names, dates of birth, addresses, and social security numbers. Thankfully Holy Cross Hospital quickly realized that its public relations took a major hit and took the necessary actions to correct its image before it was unfixable. The first thing that Holy Cross Hospital did was mail letters to each and every one of the 9,900 patients whose demographic information was accessed by the employee to make them aware of the situation. Then Holy Cross Hospital conducted a very thorough investigation and found that the employee was attempting to use the information to file fraudulent tax returns. After that Holy Cross Hospital terminated the employee and made it known to the public that they knew what happened was wrong and wanted to pursue further prosecution. Finally, Holy Cross Hospital offered every patient affected by this crisis free credit monitoring services for a year, to attempt
Running Head: Written Assignment 2/20/2016 to alleviate any ongoing concerns (Holy Cross, 2013). The actions taken by Holy Cross Hospital show that it took this security breach very seriously and acted hastily and impulsively to build rapport with the public and the people most affected by this terrible situation. With an adjustment of behavior and a future balance of efficiency and availability of patient information and the protection of that same information this healthcare organization is on the right track to preventing future security breaches (Choi, 2006). Through proper training each employee will know the values of this healthcare organization and its mission to serve patients to the best of our ability in every way possible. In the future, if we ever have any problems with compliance to HIPAA or other regulations, this healthcare facility will be able to quickly identify the setback and implement a solution. This healthcare organization will always stay on top of technology and prevent further attacks by constantly reviewing and assessing our risks and vulnerabilities to confidentiality. As CEO, I believe these actions will give employees the abilities and knowledge that they need to correct course. This healthcare organization is considered a prestigious place around the world based on the care to patients that we deliver and this is the first step in the process of building the healthcare facilities integrity back up to the level that it deserves.
Running Head: Written Assignment 2/20/2016 Works Cited Buchbinder, S. B., & Shanks, N. H. (2007). Introduction to health care management. Sudbury, MA: Jones and Bartlett. Choi, Y. B., Capitan, K. E., Krause, J. S., & Streeper, M. M. (2006). Challenges associated with privacy in health care industry: Implementation of HIPAA and the security rules. Journal of Medical Systems, 30(1), 57-64. doi:http://dx.doi.org.ezproxy.library.berkeley.org/10.1007/s10916-006-7405-0 Love, V. D. (2011). IT security strategy: Is your health care organization doing everything it can to protect patient information? Journal of Health Care Compliance, 13(6), 21-28,64. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/912017991?accountid= 38129 Salz, T. (2013). HIPAA: Training critical to protect patients, practice. Medical Economics, 90(18), 43-44,47. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/1443260994?accountid =38129 A case study: How one seattle hospital is ready to respond to data breaches. (2013).Briefings on HIPAA, 13(1), 4-6. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/1242448963?accountid =38129 HIV Transmission. (2015). Retrieved February 02, 2016, from http://www.cdc.gov/hiv/basics/transmission.html Holy Cross Hospital Informs Former Patients regarding Data Breach. (2013, September 30). Retrieved February 20, 2016, from https://www.amsspher.com/holy-cross-hospital- informs-former-patients-data-breach/

Recommended

Audit trails
Audit trailsAudit trails
Audit trailsDavid Battle
 
Just Culture - PSOW 2015
Just Culture - PSOW 2015Just Culture - PSOW 2015
Just Culture - PSOW 2015PSOW
 
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...Michael Scott
 
Social MEdia and the MEdical Profession
Social MEdia and the MEdical Profession Social MEdia and the MEdical Profession
Social MEdia and the MEdical Profession Jordi Sabater Domènech
 
Social media and the medical profession
Social media and the medical professionSocial media and the medical profession
Social media and the medical professionCPA Australia
 
IT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveIT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveDaina Love
 
Compliance
ComplianceCompliance
ComplianceMark Lanterman
 
EMR Training Action research lit review
EMR Training Action research lit reviewEMR Training Action research lit review
EMR Training Action research lit reviewLaura Cole, BS, COT, OSC
 

Recommended

Audit trails
Audit trailsAudit trails
Audit trailsDavid Battle
 
Just Culture - PSOW 2015
Just Culture - PSOW 2015Just Culture - PSOW 2015
Just Culture - PSOW 2015PSOW
 
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...
Internship Fairview 2014 Powerpoint presentation Michael Scott HIMC 2870 HIT ...Michael Scott
 
Social MEdia and the MEdical Profession
Social MEdia and the MEdical Profession Social MEdia and the MEdical Profession
Social MEdia and the MEdical Profession Jordi Sabater Domènech
 
Social media and the medical profession
Social media and the medical professionSocial media and the medical profession
Social media and the medical professionCPA Australia
 
IT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveIT 510 Final Project - Daina Love
IT 510 Final Project - Daina LoveDaina Love
 
Compliance
ComplianceCompliance
ComplianceMark Lanterman
 
EMR Training Action research lit review
EMR Training Action research lit reviewEMR Training Action research lit review
EMR Training Action research lit reviewLaura Cole, BS, COT, OSC
 
“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”Michele Affronte
 
The Future Health Ecosystem Today
The Future Health Ecosystem TodayThe Future Health Ecosystem Today
The Future Health Ecosystem TodayDave Chase
 
DPC Overview - Final (long version)
DPC Overview - Final (long version)DPC Overview - Final (long version)
DPC Overview - Final (long version)Dave Chase
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersWirehead Technology
 
DocMe Mobile Application
DocMe Mobile Application DocMe Mobile Application
DocMe Mobile Application Jezzebell Vinuela
 
SMARTi - check drug interaction for your safety
SMARTi - check drug interaction for your safetySMARTi - check drug interaction for your safety
SMARTi - check drug interaction for your safetyGala - Shantimora Nikolaeva
 
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)Enrique Mesones
 
Mit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launchMit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launchEnrique Mesones
 
Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...Eric Shaver, PhD
 
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)Enrique Mesones
 
Legal issues in nursing
Legal issues in nursingLegal issues in nursing
Legal issues in nursingRuppaMercy
 
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to ImproveMany Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to ImproveHealth Catalyst
 
PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04Rachel S. Hommersen
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion iibeleza1669
 
Broker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare PlansBroker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare PlansDave Chase
 
Week 1 discussion 2 - Confidentiality
Week 1 discussion 2 - ConfidentialityWeek 1 discussion 2 - Confidentiality
Week 1 discussion 2 - ConfidentialityAngie_37
 
Digital Health: Medicine at the Croosroads
Digital Health: Medicine at the CroosroadsDigital Health: Medicine at the Croosroads
Digital Health: Medicine at the CroosroadsSteven Peskin
 
Hipaa and confidentiality
Hipaa and confidentialityHipaa and confidentiality
Hipaa and confidentialityDabork87
 
Grady final paper
Grady final paperGrady final paper
Grady final papersedunham
 
Jesse Plunkett 1SE
Jesse Plunkett 1SEJesse Plunkett 1SE
Jesse Plunkett 1SEJesse Plunkett
 
Humor en el A.T.
Humor en el A.T.Humor en el A.T.
Humor en el A.T.Paulo Arieu
 

More Related Content

What's hot

“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”Michele Affronte
 
The Future Health Ecosystem Today
The Future Health Ecosystem TodayThe Future Health Ecosystem Today
The Future Health Ecosystem TodayDave Chase
 
DPC Overview - Final (long version)
DPC Overview - Final (long version)DPC Overview - Final (long version)
DPC Overview - Final (long version)Dave Chase
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersWirehead Technology
 
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)Enrique Mesones
 
Mit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launchMit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launchEnrique Mesones
 
Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...Eric Shaver, PhD
 
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)Enrique Mesones
 
Legal issues in nursing
Legal issues in nursingLegal issues in nursing
Legal issues in nursingRuppaMercy
 
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to ImproveMany Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to ImproveHealth Catalyst
 
PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04Rachel S. Hommersen
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...Compliancy Group
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion iibeleza1669
 
Broker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare PlansBroker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare PlansDave Chase
 
Week 1 discussion 2 - Confidentiality
Week 1 discussion 2 - ConfidentialityWeek 1 discussion 2 - Confidentiality
Week 1 discussion 2 - ConfidentialityAngie_37
 
Digital Health: Medicine at the Croosroads
Digital Health: Medicine at the CroosroadsDigital Health: Medicine at the Croosroads
Digital Health: Medicine at the CroosroadsSteven Peskin
 
Hipaa and confidentiality
Hipaa and confidentialityHipaa and confidentiality
Hipaa and confidentialityDabork87
 
Grady final paper
Grady final paperGrady final paper
Grady final papersedunham
 

What's hot (20)

“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”“Your Web Site is Their First Impression”
“Your Web Site is Their First Impression”
 
The Future Health Ecosystem Today
The Future Health Ecosystem TodayThe Future Health Ecosystem Today
The Future Health Ecosystem Today
 
DPC Overview - Final (long version)
DPC Overview - Final (long version)DPC Overview - Final (long version)
DPC Overview - Final (long version)
 
Consumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumersConsumer ED ILHIE toolkit for consumers
Consumer ED ILHIE toolkit for consumers
 
DocMe Mobile Application
DocMe Mobile Application DocMe Mobile Application
DocMe Mobile Application
 
SMARTi - check drug interaction for your safety
SMARTi - check drug interaction for your safetySMARTi - check drug interaction for your safety
SMARTi - check drug interaction for your safety
 
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
Mit wiroon dtpss_module 4_google health and ms health_vault launch (wiroon)
 
Mit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launchMit dtpss module 4_google health and microsoft health_vault launch
Mit dtpss module 4_google health and microsoft health_vault launch
 
Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...Strategies for Successful Human Factors Collaborations with Medical Device De...
Strategies for Successful Human Factors Collaborations with Medical Device De...
 
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
Mit anonymous dtpss_module 4_google health and microsoft health_vault launch (4)
 
Legal issues in nursing
Legal issues in nursingLegal issues in nursing
Legal issues in nursing
 
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to ImproveMany Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
Many Health Systems Are Failing the LGBTQ+ Community—Two Ways to Improve
 
PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04PBL Practice Standard Confidentiality and Privacy 2015 v.04
PBL Practice Standard Confidentiality and Privacy 2015 v.04
 
HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...HIPAA compliance for Business Associates- The value of compliance, how to acq...
HIPAA compliance for Business Associates- The value of compliance, how to acq...
 
Mha 690 week one discussion ii
Mha 690 week one discussion iiMha 690 week one discussion ii
Mha 690 week one discussion ii
 
Broker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare PlansBroker & Consultant Disclosure Standards for Health & Welfare Plans
Broker & Consultant Disclosure Standards for Health & Welfare Plans
 
Week 1 discussion 2 - Confidentiality
Week 1 discussion 2 - ConfidentialityWeek 1 discussion 2 - Confidentiality
Week 1 discussion 2 - Confidentiality
 
Digital Health: Medicine at the Croosroads
Digital Health: Medicine at the CroosroadsDigital Health: Medicine at the Croosroads
Digital Health: Medicine at the Croosroads
 
Hipaa and confidentiality
Hipaa and confidentialityHipaa and confidentiality
Hipaa and confidentiality
 
Grady final paper
Grady final paperGrady final paper
Grady final paper
 

Viewers also liked

Humor en el A.T.
Humor en el A.T.Humor en el A.T.
Humor en el A.T.Paulo Arieu
 
夏休み成果発表会のスライド
夏休み成果発表会のスライド夏休み成果発表会のスライド
夏休み成果発表会のスライドTaisei Igarashi
 
Sandipkumar Ahir CV
Sandipkumar Ahir CVSandipkumar Ahir CV
Sandipkumar Ahir CVSandip Ahir
 
Día Constitución 2013
Día Constitución 2013Día Constitución 2013
Día Constitución 2013R. J. C.
 
Sugerencias para-el-trabajo-en-ciencias
Sugerencias para-el-trabajo-en-cienciasSugerencias para-el-trabajo-en-ciencias
Sugerencias para-el-trabajo-en-cienciasKevin Andrid
 
Arantxa Dominguez Obesity in childhood
Arantxa Dominguez Obesity in childhoodArantxa Dominguez Obesity in childhood
Arantxa Dominguez Obesity in childhoodArantxa Dominguez
 

Viewers also liked (14)

Jesse Plunkett 1SE
Jesse Plunkett 1SEJesse Plunkett 1SE
Jesse Plunkett 1SE
 
Humor en el A.T.
Humor en el A.T.Humor en el A.T.
Humor en el A.T.
 
Jen New Resume
Jen New ResumeJen New Resume
Jen New Resume
 
happy new year wishes
happy new year wisheshappy new year wishes
happy new year wishes
 
Kandaswamy kandar
Kandaswamy kandarKandaswamy kandar
Kandaswamy kandar
 
夏休み成果発表会のスライド
夏休み成果発表会のスライド夏休み成果発表会のスライド
夏休み成果発表会のスライド
 
Sandipkumar Ahir CV
Sandipkumar Ahir CVSandipkumar Ahir CV
Sandipkumar Ahir CV
 
Día Constitución 2013
Día Constitución 2013Día Constitución 2013
Día Constitución 2013
 
Curriculo Johnny Molletones
Curriculo Johnny MolletonesCurriculo Johnny Molletones
Curriculo Johnny Molletones
 
Sugerencias para-el-trabajo-en-ciencias
Sugerencias para-el-trabajo-en-cienciasSugerencias para-el-trabajo-en-ciencias
Sugerencias para-el-trabajo-en-ciencias
 
Taishan_612
Taishan_612Taishan_612
Taishan_612
 
Arantxa Dominguez Obesity in childhood
Arantxa Dominguez Obesity in childhoodArantxa Dominguez Obesity in childhood
Arantxa Dominguez Obesity in childhood
 
TT 09/2016/TT-BYT ban hành danh mục thuốc đấu thầu được áp dụng hình thức đàm...
TT 09/2016/TT-BYT ban hành danh mục thuốc đấu thầu được áp dụng hình thức đàm...TT 09/2016/TT-BYT ban hành danh mục thuốc đấu thầu được áp dụng hình thức đàm...
TT 09/2016/TT-BYT ban hành danh mục thuốc đấu thầu được áp dụng hình thức đàm...
 
Cs naturales1er año
Cs naturales1er añoCs naturales1er año
Cs naturales1er año
 

Similar to Breach of Security Final Paper

Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Haydenhaydens
 
A Personal Health Record ( Ehr )
A Personal Health Record ( Ehr )A Personal Health Record ( Ehr )
A Personal Health Record ( Ehr )Tasha Holloway
 
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCOVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCruzIbarra161
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoaman341480
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayMichelle Love
 
Hipa Health Insurance Portability And Accountability Act
Hipa Health Insurance Portability And Accountability ActHipa Health Insurance Portability And Accountability Act
Hipa Health Insurance Portability And Accountability ActAmy Williams
 
Week 1 discussion 2 capstone
Week 1 discussion 2 capstoneWeek 1 discussion 2 capstone
Week 1 discussion 2 capstonebuendai1
 
iCare Provider Bulletin September 2016
iCare Provider Bulletin September 2016iCare Provider Bulletin September 2016
iCare Provider Bulletin September 2016Derrick Lewis
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxkarlhennesey
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxhoney690131
 
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptx
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptxHealth-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptx
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptxLAWKUSHKUMAR3
 
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxAssignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxbraycarissa250
 
Professional Work Experience Paper
Professional Work Experience PaperProfessional Work Experience Paper
Professional Work Experience PaperNicole Wells
 
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docx
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docxS w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docx
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docxrtodd599
 
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docx
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docxSubmission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docx
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docxdavid4611
 
Confidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysConfidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysJessica Tanner
 
How to Use Data to Improve Patient Safety
How to Use Data to Improve Patient SafetyHow to Use Data to Improve Patient Safety
How to Use Data to Improve Patient SafetyHealth Catalyst
 

Similar to Breach of Security Final Paper (20)

Training on confidentiality MHA690 Hayden
Training on confidentiality MHA690 HaydenTraining on confidentiality MHA690 Hayden
Training on confidentiality MHA690 Hayden
 
A Personal Health Record ( Ehr )
A Personal Health Record ( Ehr )A Personal Health Record ( Ehr )
A Personal Health Record ( Ehr )
 
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a tCOVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
COVID-19 & Personal BeliefsValuesThe COVID pandemic has had a t
 
Apa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes agoApa format450 words1 biblical integration34 minutes ago
Apa format450 words1 biblical integration34 minutes ago
 
HIPAA
HIPAAHIPAA
HIPAA
 
Confidentiality Training
Confidentiality Training Confidentiality Training
Confidentiality Training
 
Implementing The Affordable Care Act Essay
Implementing The Affordable Care Act EssayImplementing The Affordable Care Act Essay
Implementing The Affordable Care Act Essay
 
Hipa Health Insurance Portability And Accountability Act
Hipa Health Insurance Portability And Accountability ActHipa Health Insurance Portability And Accountability Act
Hipa Health Insurance Portability And Accountability Act
 
Week 1 discussion 2 capstone
Week 1 discussion 2 capstoneWeek 1 discussion 2 capstone
Week 1 discussion 2 capstone
 
iCare Provider Bulletin September 2016
iCare Provider Bulletin September 2016iCare Provider Bulletin September 2016
iCare Provider Bulletin September 2016
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docxPage 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
Page 9 of 15Capstone ProjectYaima OrtizIDS-4934.docx
 
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptx
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptxHealth-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptx
Health-Informatics-and-Technology-Professional-Responsibilites-QSEN-ppt.pptx
 
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docxAssignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
Assignment 1 Legal Aspects of U.S. Health Care System Administrat.docx
 
Professional Work Experience Paper
Professional Work Experience PaperProfessional Work Experience Paper
Professional Work Experience Paper
 
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docx
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docxS w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docx
S w W12328 PATIENT SAFETY AT GRAND RIVER HOSPI.docx
 
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docx
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docxSubmission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docx
Submission Ide 355a4f30-c35d-4870-b28b-15af6973061347 SI.docx
 
Confidentiality Of Health Information Essays
Confidentiality Of Health Information EssaysConfidentiality Of Health Information Essays
Confidentiality Of Health Information Essays
 
Essay On Never Events
Essay On Never EventsEssay On Never Events
Essay On Never Events
 
How to Use Data to Improve Patient Safety
How to Use Data to Improve Patient SafetyHow to Use Data to Improve Patient Safety
How to Use Data to Improve Patient Safety
 

Breach of Security Final Paper

  • 1. Running Head: Written Assignment 2/20/2016 Written Assignment #2 Andrew Blumenreich Professor Marjorie Silverman HEA 310 OL 19 February 2016
  • 2. Running Head: Written Assignment 2/20/2016 As the CEO of this healthcare facility it is plain to see that the organization and all of its healthcare professionals have fallen behind the standards of care that are expected from us by our patients. This healthcare organization faces a multitude of problems in the way we go about protecting patient health information. The nurses and physicians who are employed by this healthcare organization have an ethical responsibility to protect sensitive patient information and must act more responsibly in the way that they handle themselves while on the job. This healthcare organization needs to begin to implement information security strategies and train employees to learn how to protect electronic health records, and patient records more efficiently. This health care organization has accrued a tremendous amount of respect and earned its reputation as a world-renowned AIDS treatment center and that is not something we take lightly. After this breach of data my first responsibility as CEO is to protect patients who have HIV/AIDS because this disgusting act is an injustice to them. The public should not fear people with HIV/AIDS because HIV/AIDS does not reproduce outside of the human body. In addition to that the public needs to know that they can only get HIV/AIDS from certain bodily fluids such as, blood, semen (cum), pre-seminal fluid (pre-cum), rectal fluids, vaginal fluids, and breast milk. The public cannot get HIV/AIDS from hugging, shaking hands, sharing toilets, sharing dishes, or closed-mouth or “social” kissing with someone who is HIV-positive (HIV, 2015). One of the biggest problems that this healthcare organization faces is accountability. The culture at this healthcare organization is far too relaxed and healthcare professionals are forgetting about their Hippocratic duties and guarantee to patients to protect their rights at all times. Instead of being leaders that less experienced healthcare professionals can lookup to, employees with merit are creating negative tendencies by carelessly giving away confidential information such as passwords and login information. In addition to that healthcare employees
  • 3. Running Head: Written Assignment 2/20/2016 have shown poor ethical behavior, with regards to respect of persons, because there is a lack of regard for patient confidentiality (Buchbinder, 2007). To ensure to the public that this breach of security is an odd occurrence and not the norm it is important that employees understand the laws, guidelines and regulations that are relevant in protecting patient security in the electronic information age. Employees must fully understand HIPAA, which is the Health Insurance Portability and Accountability Act of 1996, including the privacy and security rules that accompany it. The privacy rule states that there is a need for national standards to control the flow of sensitive health information and to establish real penalties for the misuse or improper disclosure of this information. The other important aspect of HIPAA is the security rule, which mandates that PHI, electronically stored or transmitted, must be kept confidential and protected against unauthorized users and threats to its security or integrity (Choi, 2006). The poor conduct of employees at this healthcare organization and failure to follow guidelines has directly caused violations of HIPAA. These violations have lead to invasion of patient privacy, which is an Intentional Tort (Buchbinder, 2007). This has serious ramifications if negligence is proven. In addition to that, the HITECH Act is also very relevant because it supports the enforcement of HIPAA requirements by increasing the penalties for healthcare organizations that violate HIPAA privacy and security rules (Salz, 2013). As an organization we did not meet the requirements of these critical laws and guidelines because we failed to meet our Fiduciary duty (Buchbinder, 2007). One of the first steps that I must take as CEO is implementing a better form of communication from upper management to staff. From now on it will be important to notify every employee about changes to protocol that may affect medical privacy because not every employee is are aware of the rules, laws, and standards that they are expected to follow in this facility (Salz, 2013). In addition to that this
  • 4. Running Head: Written Assignment 2/20/2016 healthcare organization must bolster its security measures by evaluating the three ways that access can be gained to our infrastructure. Those three ways are administrative access, such as security policies and operation management. An evaluation of technical access appliances, such as web filters and firewalls and lastly an evaluation of physical safeguards, such as security guards, doors, locks, and windows (Love, 2011). This healthcare organization also failed to prevent this security breach because employees do not have defined roles and job responsibilities, which would help to determine a variation of access levels for employees and make them think twice about revealing their access codes. Thankfully there is a proven model to follow to remedy this crisis, because security breaches unfortunately happen all the time in the healthcare industry. The numbers show that in a single year, 96% of hospitals had a data breach and 60% of hospitals had multiple breaches (A Case Study, 2013). One event where a security breach happened is when an employee of Holy Cross Hospital inappropriately accessed over 10,000 patient records and looked at private information such as patient names, dates of birth, addresses, and social security numbers. Thankfully Holy Cross Hospital quickly realized that its public relations took a major hit and took the necessary actions to correct its image before it was unfixable. The first thing that Holy Cross Hospital did was mail letters to each and every one of the 9,900 patients whose demographic information was accessed by the employee to make them aware of the situation. Then Holy Cross Hospital conducted a very thorough investigation and found that the employee was attempting to use the information to file fraudulent tax returns. After that Holy Cross Hospital terminated the employee and made it known to the public that they knew what happened was wrong and wanted to pursue further prosecution. Finally, Holy Cross Hospital offered every patient affected by this crisis free credit monitoring services for a year, to attempt
  • 5. Running Head: Written Assignment 2/20/2016 to alleviate any ongoing concerns (Holy Cross, 2013). The actions taken by Holy Cross Hospital show that it took this security breach very seriously and acted hastily and impulsively to build rapport with the public and the people most affected by this terrible situation. With an adjustment of behavior and a future balance of efficiency and availability of patient information and the protection of that same information this healthcare organization is on the right track to preventing future security breaches (Choi, 2006). Through proper training each employee will know the values of this healthcare organization and its mission to serve patients to the best of our ability in every way possible. In the future, if we ever have any problems with compliance to HIPAA or other regulations, this healthcare facility will be able to quickly identify the setback and implement a solution. This healthcare organization will always stay on top of technology and prevent further attacks by constantly reviewing and assessing our risks and vulnerabilities to confidentiality. As CEO, I believe these actions will give employees the abilities and knowledge that they need to correct course. This healthcare organization is considered a prestigious place around the world based on the care to patients that we deliver and this is the first step in the process of building the healthcare facilities integrity back up to the level that it deserves.
  • 6. Running Head: Written Assignment 2/20/2016 Works Cited Buchbinder, S. B., & Shanks, N. H. (2007). Introduction to health care management. Sudbury, MA: Jones and Bartlett. Choi, Y. B., Capitan, K. E., Krause, J. S., & Streeper, M. M. (2006). Challenges associated with privacy in health care industry: Implementation of HIPAA and the security rules. Journal of Medical Systems, 30(1), 57-64. doi:http://dx.doi.org.ezproxy.library.berkeley.org/10.1007/s10916-006-7405-0 Love, V. D. (2011). IT security strategy: Is your health care organization doing everything it can to protect patient information? Journal of Health Care Compliance, 13(6), 21-28,64. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/912017991?accountid= 38129 Salz, T. (2013). HIPAA: Training critical to protect patients, practice. Medical Economics, 90(18), 43-44,47. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/1443260994?accountid =38129 A case study: How one seattle hospital is ready to respond to data breaches. (2013).Briefings on HIPAA, 13(1), 4-6. Retrieved from http://search.proquest.com.ezproxy.library.berkeley.org/docview/1242448963?accountid =38129 HIV Transmission. (2015). Retrieved February 02, 2016, from http://www.cdc.gov/hiv/basics/transmission.html Holy Cross Hospital Informs Former Patients regarding Data Breach. (2013, September 30). Retrieved February 20, 2016, from https://www.amsspher.com/holy-cross-hospital- informs-former-patients-data-breach/