In the modern world, information technology is quite a necessity in various sectors of life, development, and coexistence. Information technology is integrated into various areas to help improve the flow of information and to record, analyze, and store data. In the healthcare environment, information technology has become a necessary tool used in the acquisition, analysis, record-keeping, and protection of medical and patient data, or information. With proper information technology infrastructure in place, data or information is easily acquired, retrieved, or passed to various individuals or departments. Suitable information technology programs also help protect data and make it quite easy to access data. Bulk papers which may easily get destroyed or lost made work quite difficult in healthcare in the olden days. Patients can easily and more effectively access their records or medical history through information technology systems. The Johns Hopkins Hospital is an excellent example of a healthcare facility with proper information technology infrastructure in place.
Johns Hopkins and its Information Technology System
Johns Hopkins Hospital, located in Baltimore, Maryland, and a part of the Johns Hopkins School of Medicine, is both a hospital and a biomedical research center. The facility was founded by Johns Hopkins in 1889, who died about sixteen years earlier. The healthcare facility is considered one of the greatest as far as modern American medicine is concerned. The healthcare, together with the institution as a whole, is regarded as the origin of modern American medicine. This is due to the fact that many popular medical practices were conceived or created in the institution (Blitz et al., 2018). Today, Johns Hopkins Hospital remains to be regarded as one of the greatest hospitals and medical research institutions in the world. Currently, the hospital ranks number one in Maryland and third throughout the entire United States. The information technology systems in the Johns Hopkins Hospital is no doubt one of the best. The information technology system mainly deals with medical data and patient medical records. These records or data are managed by the Department of Health and Information Management within the facility.
Delegate your assignment to our experts and they will do the rest.
At Johns Hopkins Hospital, medical records at the Department of Health Information Management is open to the public. People can access data from eight o’clock to five o’clock, Monday to Friday, except on holidays. A patient requesting a copy of their medical recording only has to download and complete a request form available at the hospital’s website. Alternatively, one may obtain the form directly from the HIM department or have the form emailed, mailed, or faxed to them. The completed form is then either mailed, faxed, or dropped off at the HIM department. Processing of copies of medical requests may take up to three weeks. One has to provide a photo ID when picking up a copy of their health record. There is a different form to be filled by those who wish to acquire medical records for others. Processing fees for the copies of medical records are applied in accordance with the Maryland and Federal law. Charges only apply in the case that the copies are released to a third party. It is important to note that the Johns Hopkins Hospital does not issue birth and death certificates.
Requirements for Health Care Information Technology Systems to Comply with Federal, State, and Local Laws Governing Patient Information Security
The department of Health and Human Services in the United States is in charge of healthcare operations and regulations. The HIPAA act created in 1996 required that certain regulations for the protection of privacy and security of health information and data be developed by the Department of Health and Human Services. The federal security rules through the HIPAA, for instance, require that confidentiality and integrity of information are ensured. Healthcare organizations must also ensure that threats to the security of data are identified and blocked in order to maximize the integrity of data. A written set of privacy standards and procedures must be adopted, and the procedure must reveal the employees with access to the healthcare information stored in the information systems. Healthcare organizations must comply with the rules and standards of HIPAA (Drolet et al., 2017). The HIPAA privacy rule regulates the disclosure and utilization of protected health data or information, which is held by various healthcare organizations and providers.
The Johns Hopkins Hospital complies appropriately to the HIPAA privacy and security standards. The facility has a proper information technology system and programs in place for keeping and providing medical data as required. A procedure outlining the accessibility and those eligible to access various sets of information is available. Threats to the information stored within the system are identified in due time and appropriate measures put in place to block the threats and ensure integrity of data. Procedures for acquiring information is well-outlined, and every individual knows what to do in order to gain access to medical information. The risk of medical information falling into the wrong hands has been explored, and measures put to prevent such incidents. Third parties who receive medical information from the facility, for instance, have to go through specific procedures to ensure that the information received does not fall into the wrong hands.
The Johns Hopkins Hospital is also aware of the various state and local regulations governing patient information security. The Maryland State privacy laws, for instance, requires healthcare providers to obtain patient consent in written form before they can disclose their medical information to other organizations, individuals, or third parties. The Johns Hopkins Hospital complies with this rule, as well as others, by ensuring that patients give consent in writing before their information is transferred or provided to third parties (Blitz et al., 2018). The procedure and programs involved in keeping, accessing, and transferring medical information are well documented, and the employees allowed to obtain information or involved in the procedures are also identified. At the local level, the facility maintains a close and healthy relationship with the community or the public by ensuring the safety and integrity of information and also availing information as quickly as possible after patients have made requests.
Risks and Affected Stakeholders in the Event of a System Breach or Failure
Systems breaches occur all the time and may affect a considerable number of people and stakeholders depending on the size of the healthcare organization. The Johns Hopkins Hospital is a big healthcare facility with more than one thousand and seven hundred employees. The healthcare facility receives patients from all over the United States and beyond, given its popularity and success. In the event of a system breach, medical data may be lost, altered, or released to the public for malicious intentions (Bai et al., 2017). Patients may thus be affected, and depending on the nature of the breach, their information may be altered, lost, or put out there for everyone to see. The entire hospital and its stakeholders may also be affected as the hospital’s reputation will be damaged, and it may also have to face lawsuits. Medical records which contain the health history of an individual is critical for their future health and development. The loss or alteration of such data may interfere with further treatment programs, which may put the patient in a very difficult situation. Critical health information of certain individuals may cost them a fortune if the information is seized by malicious individuals or put out in public. Allowing people to access their health information and transferring their health data to other organizations is crucial, but if necessary security procedures are not implemented, a security breach may occur.
Approaches that Can Be Used to Safeguard Confidential Information.
Confidential information is that which a person does not wish to make public. Healthcare organizations often get hold of such information as they may be vital in the diagnosis or management of health or illness. Such information must be kept safe in line with patient rights and the federal, state, and local privacy and security regulations and standards ( Shenoy &Appel, 2017) . In the case of the Johns Hopkins Hospital, one fundamental approach that may help ensure the safety of confidential information is to use biometric utilities. This approach only allows the individual patient or the person to whom the data belongs to access or give consent to the access of their medical information. No outsiders will be able to gain direct access to medical information.
An alternative may involve the use of complicated passwords. Simple passwords may be easy to guess. Leaving clues around on pieces of paper, on the surface of objects or devices also makes those passwords simple and useless. Anyone close to the patient or those working within the healthcare organization may give out passwords to malicious individuals. Employees who leave the organization may have information on patient medical records. People close to the patient may know the password. It is, therefore, important not only to have strong passwords but also to change the passwords periodically ( Balestra, 2017) . This way, it would be impossible for people to get hold of one’s password and use it to access their vital or highly confidential information. Complicated passwords are difficult to guess and are changed regularly. While working with patients with confidential information, the healthcare organization, through the Department of Health and Information Management, can educate the patient on creating complicated passwords to avoid scenarios of data breaches.
References
Bai, G., Jiang, J. X., & Flasher, R. (2017). Hospital risk of data breaches. JAMA internal medicine , 177 (6), 878-880.
Balestra, M. L. (2017). Electronic health records: Patient care and ethical and legal implications for nurse practitioners. The Journal for Nurse Practitioners , 13 (2), 105-111.
Blitz, A. M., Ahmed, A. K., & Rigamonti, D. (2018). Founder of modern hydrocephalus diagnosis and therapy: Walter Dandy at the Johns Hopkins Hospital. Journal of neurosurgery , 131 (4), 1046-1051.
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic communication of protected health information: privacy, security, and HIPAA compliance. The Journal of hand surgery , 42 (6), 411-416.
Shenoy, A., & Appel, J. M. (2017). Safeguarding confidentiality in electronic health records. Cambridge Quarterly of Healthcare Ethics , 26 (2), 337-341.