Patient Information and Confidentiality
Order Instructions:
For this module, explain the threats to patient information and confidentiality that are present in your selected organization (Salisbury,NC VA). Be sure to link them with regulations (e.g., HIPAA and Wi-Fi security).
Module Overview
Concerns over the privacy and security of electronic health information fall into two general categories: (1) concerns about inappropriate releases of information from individual organizations and (2) concerns about the systemic flows of information throughout the healthcare industry and related industries. Inappropriate releases from organizations can result either from authorized users who intentionally or unintentionally access or disseminate information in violation of organizational policy or from outsiders who break into an organization’s computer system. The second category, systemic concerns, refers to the open disclosure of patient-identifiable health information to parties that may act against the interests of the specific patient or may otherwise be perceived as invading a patient’s privacy. These concerns arise from the many flows of data across the healthcare system, between and among providers, payers, and secondary users, with or without the patient’s knowledge. These two categories of concerns are conceptually quite different and require different interventions or countermeasures.
Presentations and Required Readings
https://www.salisbury.va.gov/
•The following is primary reading required for this module: Privacy and Security Concerns 1
•This article discusses the primary goals of information security in healthcare and examines policy and appropriate uses of medical data: Confidentiality of Electronic Medical Records 2
•Zachary Wilson offers a good explanation of the difference between internal and external sources of attacks. Additionally, he illustrates a wide range of vulnerabilities and how they can be exploited. (Do not get hung up in the technical concepts and jargon at this point. We will cover the more technical aspects later in this course.) Vulnerabilities and attacks3
•The following provides a brief overview of basic concepts surrounding information security along with an introduction to vulnerabilities, controls and policies: Security Concepts4
•Read Chapter 4 “Privacy and Confidentiality” from the following book that is available through the eBrary resource, which can be accessed from the TUI CyberLibrary:
?Anderson, J. G. (2002). Ethics and Information Technology : A Case-Based Approach to a Health Care System in Transition. Springer-Verlag New York, Incorporated, Secaucus: NJ. 63-112. Retrieved on September 8, 2007, from the eBrary database.5
•The following is the United States Department of Human Services summary version of the HIPAA Privacy Rule. HIPAA Privacy Rule6
•Wi-Fi Security concerns7
Sources for Presentation Material Referenced Above
For the Record: Protecting Electronic Health Information (1997). Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure Protecting Electronic Health Information. Washington, DC, USA: National Academies Press. 54-81. Retrieved from the eBrary database.
Barrows, R. C., and Clayton, P. D. (1996). Privacy, Confidentiality, and Electronic Medical Records. Journal of the American Medical Health Informatics Association, 3 (2), 139-148. Retrieved from the PubMed Central database.
Wilson, Z. (2001). Hacking: The Basics. SANS Institute. Retrieved from http://www.sans.org/reading_room/whitepapers/hackers/
Quinsey, C. and Brandt, M. (2003). AHIMA Practice Brief: Information Security: An Overview. American Health Information Management Association. Retrieved from http://www.advancedmedrec.com/images/InformationSecurityAnOverview.pdf
Anderson, J. G. (2002). Ethics and Information Technology : A Case-Based Approach to a Health Care System in Transition. Springer-Verlag New York, Incorporated, Secaucus: NJ. 63-112. Retrieved from the eBrary database.
Summary of the Privacy Rules. (2003). U.S. Department of Health and Human Services. Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/
Alam AS, Al Sabah SAA, Chowdhury AR (2007). Wi-Fi Security The Great Challenge. National Conference on Communication and Information Systems. National Conference on Communication and Information Security.
SAMPLE ANSWER
Patient Information and Confidentiality
Concerns over security and privacy of the electronic health information may be in relation to releasing information inappropriately from an individual organization or the systematic information flows in a healthcare industry as well as the related industries. Information leaks from an organization when unauthorized users purposefully or unintentionally disseminate or access information against the organizational policy. Outsiders could also break into the computer systems. There are also cases where the professionals act against the interests of particular patients, therefore invading the privacy (Anderson, 2002). Data or information is normally exchanged between different professionals, and these concerns could arise in between, either among the secondary users, payers, and providers, either without or with information about the patient. Therefore, countermeasures and interventions are necessary. The aim of this paper is discussing the threats to patient confidentiality and information present in Salisbury,NC VA, with reference to regulations like Wi-Fi security and HIPAA.
Based on HIPAA, security provisions and data privacy is provided to medical information. The regulation guarantees proper protection of health information and at the same time, permitting easy and efficient health information flow for high quality care to be provided. This also helps in protecting the wellbeing and health of the public. There is a particular way in which the healthcare professionals are required to handle all the patient information they come across. The regulation requires that covered entities should have the appropriate physical, technical, and administrative safeguards for guarding the privacy of non-electronic and electronic protected health information (Barrows & Clayton, 1996).
HIPAA offers protections on the insurance information. From the institution’s website, there is a section on insurance and billing. If someone is really interested in the information, he or she can easily hack to acquire it. The link on patient information also has a lot that can be stolen. Therefore, there is a need to the hospital to be cautious about leaking information as this can easily tarnish the reputation and image, therefore, leading to patient turnover.
From the website, the phone directory provides information about the service, location, and phone for the various patient advocates. This is very risky since someone outside the healthcare institution might call asking for information of a particular patient or staff, or even go to the physical addresses provided (Barrows & Clayton, 1996). Unknowingly, a professional might provide the sensitive information to an outsider, after which it can be used in inappropriate activities.
Data protection has become very pertinent in the modern day technology world. Public WiFi providers should be informed about their obligations as far as the Data Protection Act (1998) is concerned, particularly in relation to the collection and processing of personal information. Salisbury, NC VA is posing immense threats to patient confidentiality and information. A quick scan at the institution’s website makes it evident that the personal information belonging to patients can easily be interfered with. The information might even be stolen and used for malicious activities. Regardless of the fact that the information might need to be used by different healthcare professionals for promoting high quality healthcare, there should be more controls where the external people should not be able to view the data as is the case.
When using internet at the institution, there should be controls, where the guest WiFi can be separated from the business WiFi (Alam, Al Sabah Chowdhury, 2007). This can go a long way in preventing compromises on the sensitive patient information. The hospital should take charge of its information technology privacy and confidentiality, and ensure that the EPOS systems and private networks are protected. WiFi and other forms of internet are normally used at the institution, and considering how delicate the exchange of information and data among and between the professionals has become, the necessary measures need to be taken.
Having noted that there is intensive internet use at the institution, there is a great need to emphasize that in case Wi-Fi passwords are normally offered to the customers or even patients for internet access, then the management should remain informed that this is actually a big risk to the business. This is the reason why there should be a secure and separate system for the guests. A good solution to this can be ensuring that the network is protected, and a secure login can be used (Barrows & Clayton, 1996).
Conclusion
From the foregoing discussion, it has been that patient confidentiality and privacy have been compromised to a great extent. This clearly relates to the storage and exchange of personal and sensitive patient information online or through the various social media platforms. As such, it can be very easy for the outsiders or even people within to exchange and share the information either intentionally or unintentionally. Consequently, the information and reputation of the institution would be compromised. However, there are regulations such as HIPAA and Wi-Fi which offer guidance on what institutions such as Salisbury, NC VA need to do so as to protect the information their patients offer.
References
Alam, A. S., Al Sabah, S.A.A., Chowdhury, A.R. (2007). Wi-Fi Security The Great Challenge. National Conference on Communication and Information Systems. National Conference on Communication and Information Security.
Anderson, J. G. (2002). Ethics and Information Technology : A Case-Based Approach to a Health Care System in Transition. Springer-Verlag New York, Incorporated, Secaucus: NJ. 63-112. Retrieved from the eBrary database.
Barrows, R. C., & Clayton, P. D. (1996). Privacy, Confidentiality, and Electronic Medical Records. Journal of the American Medical Health Informatics Association, 3 (2), 139-148. Retrieved from the PubMed Central database.
We can write this or a similar paper for you! Simply fill the order form!
