An incident occurred in a general hospital that touched on confidential communications. An employee from the hospital left a message that contained critical details about patients on a telephone message deliberately. It was a home telephone, and therefore the daughter of the patient learnt about her mother’s illness and treatment. Prior the incidence, the patient had directed the hospital to reach her through her work number. The issue led to confidentiality breach because the information landed in the wrong hands. In response, the hospital came up with new strategies to help its employees in handling patient information more carefully. The first recommendation touched on the concept of the minimum necessary. The hospital trained its employees on limiting the content that they leave on telephone messages. Furthermore, the training emphasized the importance of scrutinizing patients’ documents and registration details thoroughly, for any leads and directives concerning leaving messages. Lastly, the hospital made the new recommendations part of their standard program that teaches employees about privacy matters (Office of Civil Rights, 2017).
In another incidence, a general hospital released the information of a patient to the media without permission. Accordingly, the issue touched on safeguard issues such as disclosure and impermissible uses. A hospital treated a patient who had been involved in a sporting accident and later released critical details to the media without authorization from the patient. Some of the details that were released include the skull e-ray, patient’s gender and medical condition, and a detailed description of the nature of the accident and how it occurred. The hospital felt that the disclosure helped in preventing similar threats to health. The information was featured on the front page of a local newspaper. However, when the OCR conducted an investigation, the hospital was found guilty of breaching privacy standards. The hospital had violated the “Rule’s de-identification standard.” The OCR instructed the hospital to establish a policy that would guide the disclosure of serious health and safety threats. Also, it was issued with the mandate of training its employees about the new policy (Office of Civil Rights, 2017).
Delegate your assignment to our experts and they will do the rest.
Administrative and physical safeguards are among the most vulnerable areas of information security in hospitals. As part of the enforcement plan, policy establishment is vital. Policy documents should guide employees training programs, unauthorized access of information punishment, and information access (Mehraeen, Ayatollahi & Ahmadi, 2016). Employees’ especially new ones, should be trained on how to handle patients’ information. Refresher courses and annual compliance training should be implemented for all employees. Secondly, hospitals should implement effective security strategies. Also, they should outline security requirements when getting into agreements with third parties. Monitoring data accuracy and entirety, nurturing knowledge through educational programs, and access level leads to increased protection of information leakage (Mehraeen, Ayatollahi & Ahmadi, 2016). Physical safeguards should be improved through the identification of secure areas and use of entry controls. Furthermore, hospitals should implement effective measures of disposing and re-using related equipment to ensure that the security of information assets is not compromised. As for disaster management, hospitals should set up a backup system that runs critical information and process in case of any serious threats to the original system.
Enforcement of access safeguards requires hospitals to put to use identity confirmation processes for individuals who access their online platforms. Assigning of unique usernames to everybody can tighten the security of information. Usernames that have been assigned before even to individuals that left the firm should never be reused. Prohibiting the use of shared login information is also a paramount step towards protecting software security (Cucorani et al., 2013). In cases where generic logins are used, authentication must be a requirement. It is important to implement the electronic authentication guidelines recommended by the National Institute of Standards and Technology (Cucoranu et al., 2013). There are many authentication tools available in the market today. Biometrics, hardware and software tokens and pairs of usernames and passwords are the most common. As the most common user authentication process, the use of passwords should be done with increased care. Creating, safeguarding, and destroying passwords should be executed with utmost seriousness in a hospital. The passwords recommendations made by the International Standards Organization and other vital institutions should be followed (Cucoranu et al., 2013). Details such as password length, security questions, and password aging should be put into consideration.
Network safeguards should be enhanced with the use of Secure Sockets Layer (SSL). SSL prevents data interference thereby enhancing confidentiality. Firewalls should also be used because they prevent outsiders from accessing private networks. Firewalls can be used in the form of hardware, software or both. The software analyzes data thereby determining whether it should be granted network access. Antivirus software should be used to prevent malware that leads to increased cases of cyber-attack threats. With the growing usage of mobile devices in the healthcare setting, the integrity and security of data can be easily compromised (Moura & Serrão, 2016).
Lastly, hospitals should focus on the development and implementation of policies to ensure that mobile devices are used appropriately. Secure authentication should be enforced through regulations and procedures for tracking mobile devices. Effective policies merged with technologies such as cloud computing that enhance the transmission of encrypted messages should help in overcoming security issues. The plan was written based on the provided guidelines thereby focusing on areas of administrative, physical, and network safeguards. The recommendations provide hospitals with critical knowledge on how they can enhance security in these safeguards. However, important issues such as hardware security and data recovery measures have not been addressed.
References
Cucoranu, I. C., Parwani, A. V., West, A. J., Romero-Lauro, G., Nauman, K., Carter, A. B., ... & Pantanowitz, L. (2013). Privacy and security of patient data in the pathology laboratory. Journal of pathology informatics , 4 .
Mehraeen, E., Ayatollahi, H., & Ahmadi, M. (2016). Health Information Security in Hospitals: the Application of Security Safeguards. Acta Informatica Medica , 24 (1), 47.
Moura, J., & Serrão, C. (2016). Security and privacy issues of big data. arXiv preprint arXiv:1601.06206 .
Office for Civil Rights. (2017). All Case Examples . HHS.gov . Retrieved 16 September 2017, from https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/examples/all-cases/index.html#case11