Data breaches pose a major challenge for each hospital operating in the country. There is a high risk of data in terms of health records being breached by hackers or people with malicious information ( Bai, Jiang, & Flasher, 2017) . The company may also lose information or risk valuable data through the loss of computers and other devices due to a breach in its facilities. The mission of the hospital is to provide high-quality service to communities by ensuring that there is a provision of exceptional care and preventing illness as well as restoring health. The vision is to prioritize the patient by adopting relevant patient-centered approaches that protect their interests (HealthIT.gov, n.d). Some of the most important interests are privacy and confidentiality the management of their health records. HIPAA requires all health facilities and organizations to ensure they take the necessary measures to ensure the integrity of the health records kept and breaches are minimized.
There is a high risk that is involved in the hospital is found not to comply with the law. The risk comes in terms of facing lawsuits from aggrieved patients in case the data breach causes any harm to their wellbeing ( Abbott Northwestern Hospital, 2019) . Consequently, the organization’s financial information may be jeopardized and losses incurred because of the breach. The hospital should adopt countermeasures if it is to win the war against data breaches.
Delegate your assignment to our experts and they will do the rest.
Cost Versus Benefit Evaluation
To overcome the data breach experienced at the facility, there is a need for implementing a six-year plan to refurbish the systems and establish secure internet connections for data access and sharing. Some of these will include modifications to firewalls and other assets to prevent any future attacks ( Bai, Jiang, & Flasher, 2017) . This strategy should be implemented in earnest if the hospital is to save itself from costs in losses, a reputation which means customer loss, and time consumed in data recovery ( Abbott Northwestern Hospital, 2019) . These costs have to be compared to the benefits to understand if the organization would gain from implementing countermeasures (Lee, Zankl, & Chang, 2016). The hospital's benefits include a reduction in financial risks because of putting up measures to eradicate the risk. The financial risks include detecting, investigating, and stopping a breach, performing hardware and software upgrades, and compensating some of the patients who have been affected by the breach. The other benefit is having lower compliance risks ( Wright, Aaron, & Bates, 2016) . Under the HIPAA, a hospital is required to protect the health records and will be held accountable in case of any breach. Fines from data loss usually go as high as $1.5 million per year, which calls for the hospital to put in comprehensive security measures to reduce the compliance risk. The adoption of succinct measures also helps in cutting the risk of reputational damage, which can lead to the loss in revenue because of the hospital operating in a highly competitive environment ( Jalali & Kaiser, 2018) . Based on the analysis done, it is evident that the countermeasures help in eradicating the risk of the company making losses. The net benefit is $3,711,537.91. This shows that the benefits outweigh the costs and hence Abbott Northwestern should proceed with the process of putting up measures.
Table 1 : COST BENEFIT ANALYSIS
COST BENEFIT ANALYSIS |
|||||||
| Current year (CY) |
CY+1 |
CY+2 |
CY+3 |
CY+4 |
CY+5 | ||
| Settling Lawsuits |
$100,000.00 |
$80,000 |
$60,000 |
$40,000 |
$20,000 |
$ - | |
| Time Spent Averting The Breach |
$200,000.00 |
$150,000 |
$100,000 |
$50,000 |
$25,000 |
$ - | |
| Lost Business |
$500,000.00 |
$40,000 |
$300,000 |
$200,000 |
$100,000 |
$ - | |
| Negative Impact On Reputation |
$500,000.00 |
$400,000 |
$300,000 |
$200,000 |
$100,000 |
$50,000 |
|
| System Upgrade |
$300,000.00 |
$ - | $ - | $ - | $ - | $ - | |
| Total Costs (Present Value) |
$1,600,000.00 |
$670,000 |
$760,000 |
$490,000 |
$245,000 |
50000 |
$3,815,000.00 |
| Saved finances in breaches |
$200,000.00 |
$250,000 |
$300,000 |
$350,000 |
$400,000 |
$450,000 |
|
| Saving on software and hardware |
$200,000.00 |
$250,000 |
$300,000 |
$350,000 |
$400,000 |
$450,000 |
|
| Saved compensations |
$50,000.00 |
$100,000 |
$150,000 |
$200,000 |
$250,000 |
$300,000 |
|
| Lower compliance risks |
$100,000.00 |
$150,000 |
$200,000 |
$250,000 |
$350,000 |
$400,000 |
|
| Business gained for compliance |
$100,000.00 |
$150,000 |
$200,000 |
$300,000 |
$350,000 |
$400,000 |
|
| Total Benefits (Present Value) |
$650,000.00 |
$900,000 |
$1,150,000 |
$1,450,000 |
$1,750,000 |
$2,000,000 |
$7,900,000.00 |
| Net Benefit |
$4,085,000.00 |
||||||
Data Analysis
Some of the cost the facility faces and will face for the next six years, reckoning from the point they implement the strategy, are in settlement of lawsuits, the time consumed in preventing data breach that is measured in dollars, dollars wasted on a loss of reputation, and system upgrade. System upgrade will cost $300,000.00 in the first year only. The next four years will not have any expenditure on a system upgrade. The other costs will be falling at a rate of 20% and stop altogether by the fifth year except for costs on the reputation that will spill to the sixth year. The total cost in these expenditures and losses incurred will be dropping from $1,600,000.00, $670,000, $760,000, $490,000, $245,000 and $50000 in the 1 st to the 6 th year respectively. The net cost for the years will be $3,815,000.00.
As the program is implemented over the six years, there will be an increase in savings which will determine the profitability of the strategy. The savings will be generated from prevented breaches, software and hardware, compensations, falling compliance risks, and business gained for compliance. The savings in the first year through the sixth year will be $650,000.00, $900,000, $1,150,000, $1,450,000, $1,750,000, and $2,000,000 respectively. The net saving for the whole six years will be $7,900,000.00. The net savings from the project will be a net worth of $4,085,000.00 obtained by subtracting the net cost from the net savings. This indicates that the project will be a success and remains to the feasible solution for the data breach losses at the moment.
System-based Context of the Recommendations
By putting up measures to deal with the risks, the hospital will position itself among those organizations that have complied with the HIPAA regulations ( Jalali & Kaiser, 2018) . This puts the hospital in good terms and will avoid any fines. The fines can be detrimental to the operations of the hospital. Moreover, the hospital is at risk of losing customers as they fear losing information to hackers( Gabriel, Noblin, Rutherford, Walden, & Cortelyou-Ward, 2018) . The time spent in upgrading the systems and dealing with the data breach reduces the productivity of the employees in the organization. The extent of competition in the health industry means that Abbott Northwestern Hospital has to be vigilant in ensuring compliance with the HIPAA requirements.
Relationship of the Issue to the Mission, Vision, and Strategic Direction
Compliance with the requirements helps the company provide the patients with a high-quality service as per its mission statement ( Abbott Northwestern Hospital, 2019) . High quality cannot be achieved without protecting the health records belonging to the patients ( Jalali & Kaiser, 2018) . Physicians working in the hospital need to have access to health records at the right time to be able to provide them with quality service on time and in the right manner. The physicians aim to ensure that there are no medical errors at all times. This is only possible if the hospital can prevent the occurrence of incidences that increase the risk of errors through having an information management system ( Khan, & Latiful Hoque, 2016) . The hospital is required to promote ethical practice by ensuring the protection of patient information and confidentiality at all times. The values of the hospital include integrity, respect, compassion, trust, as well as stewardship ( Gabriel, Noblin, Rutherford, Walden, & Cortelyou-Ward, 2018) . The stewardship helps in ensuring a focus on the wise use of hospital resources. Research shows that the protection of patient data is important in the modern age where many challenges accompany the automation of hospital processes.
Rationale for Recommendation
Abbott Northwestern Hospital should focus on adopting measures to ensure the protection of health records from physical loss or hacking by malicious individuals. Some health organizations have been asked to pay ransoms to have the malware removed from their systems ( Sen & Borle, 2015) . Having a secure system helps the hospital in ensuring that all physicians have access to data they need to make decisions. Consequently, the hospital can avoid the mixing of third-party medical information into the patient’s medical records ( Gabriel, Noblin, Rutherford, Walden, & Cortelyou-Ward, 2018) . Customer satisfaction is enhanced when the patients feel that the hospital is doing all it can to protect their data. Fostering collaboration between all the units in the hospital is promoted with a system that is not only safe but also comprehensive ( Abbott Northwestern Hospital, 2019) . Compliance with HIPAA is beneficial to the hospital as there is a reduction in financial losses not only from the loss from hacking but also from losing clients and time spent by the employees in trying to avert the problem.
References
Abbott Northwestern Hospital. (2019). About us. Retrieved from https://www.allinahealth.org/Abbott-Northwestern-Hospital/About-us/
Bai, G., Jiang, J. X., & Flasher, R. (2017). Hospital risk of data breaches. JAMA Internal Medicine , 177 (6), 878-880.
Gabriel, M. H., Noblin, A., Rutherford, A., Walden, A., & Cortelyou-Ward, K. (2018). Data breach locations, types, and associated characteristics among US hospitals. The American Journal of Managed Care , 24 (2): 78-84.
HealthIT.gov. (n.d). Health information privacy law and policy . Retrieved from https://www.healthit.gov/topic/health-information-privacy-law-and-policy
Jalali, M. S., & Kaiser, J. P. (2018). Cybersecurity in hospitals: A systematic, organizational perspective. Journal of medical Internet research , 20 (5): e10059.https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5996174/
Khan, S. I., & Latiful Hoque, A. S. M. (2016). Digital health data: A comprehensive review of privacy and security risks and some recommendations. Computer Science Journal of Moldova , 24 (2): 273 - 292
Lee, W. W., Zankl, W., & Chang, H. (2016). An ethical approach to data privacy protection . ISACA Journal, 6: Retrieved from https://www.isaca.org/journal/archives/2016/volume-6/pages/an-ethical-approach-to-data-privacy-protection.aspx
Sen, R., & Borle, S. (2015). Estimating the contextual risk of a data breach: An empirical approach. Journal of Management Information Systems , 32 (2): 314-341.
Wright, A., Aaron, S., & Bates, D. W. (2016). The big phish: Cyberattacks against US healthcare systems. Journal of General Internal Medicine, 31 (10):1115-8.
