Findings on Unsecured Protected Health Information

Findings on Unsecured Protected Health Information

Name:

Institution:

Course:

Date:

Findings on Unsecured Protected Health Information

A breach is an expose on the Private Law that conciliates the safety of the protected health data. The expose of the protected health data is said to be a breach when the covered entity puts it clear that there are minimum chances that the protected information has been bargained and this can be brought about by the following factors: the nature and degree of the health data with protection involved, the illegal individual who used the secured data , if the health data secured was really attained and finally the extent to which the risk to the secured health data has been moderated.( Hamilton, 2009)

In other terms unsecured health data with protection is health data that has protection hence has been confirmed not to be readable which can only be proven by the aid of technology authorized by the secretary in guidance. When a breach on the unsecured health data with protection occurs the business associates must inform the individuals who have been affected, the secretary or even the media about breach. (Clark, Clark & McGhee, 2008)

Some of the reputable references on the issue at hand are listed below:

A health sciences epicenter let out health data that was secured to a complaints manager without anyone’s authority. The OCR wanted the epicenter to review its procedures regarding patient authorization earlier to publication of the protected health data to the manager.

A municipal service agency let out secured health data while processing Medicaid applications by transferring very important information to computer users that could not be termed as business associate. The OCR wanted that the service agency improve on proper procedures for disclosure of secured health data only to its valid business associates.

A worker of a main health underwriter went ahead and let out health data of one of its members without following the underwriter’s authority and not obeying the correct procedures. The OCR wanted the health underwriter to educate the members on the applicable procedures. The worker who disclosed the information was warned and even advised to frequently go for counseling for about 3 months.

The above graph contains sampled data on unsecured protected health information. The information represent is based on a real situation that happened this year in March. The 4 reports for breaches occurring in 2018 for period March can be categorized by the type of breaching that occurred;

The 4 reports for breaches in 2018 for period March describe the following locations of breaching:

  1. Unauthorized Access/Disclosure leading to 26837 individuals being affected.
  2. Hacking/IT Incident leading to 40343 individuals being affected.

Some of the factors that can be termed as trends can also be used to summarize this finding. Some of the factors to be looked into keenly include: risk analysis, risk management, encryption, transmission security, security evaluation, proper disposal and training. The cover entities should take into consideration the following factors in order to avoid being breached. (Hamilton, 2009)

  1. Email (3 reports)
  2. Network Servers (1 report)
    • Paper/films(1 report)
    • Electronic Medical Record, Email,Laptop(1report)
  3. The covered entities should conduct a thorough assessment of the potential risks and this can be done by having up to date applications, computers and media devices. Risk management standard requires the use of modern security measures sufficient to reduce risks which will abide by the security rule. Most covering entities should start encrypting their ePHI. The covered entities should put into use technical security measures to protect against invalid users from accessing the ePHI that is being passed over an electronic network system. The entities should also be able to conduct a security evaluation when there are changes in the business. (Clark, Clark & McGhee, 2008)

    The covered entities should also implement clear policies and procedures for the best way of disposal of PHI in all ways. The entities should also ensure that their employees are trained appropriately and are up to date with the modern technology. Some of the trends that covered entities should put in place are: training their personnel, encrypting their information, conducting security evaluations and having the best way of disposing the information. (Hamilton, 2009)

    Some of the factors that can be termed as trends can also be used to summarize this finding. Some of the factors to be looked into keenly include: risk analysis, risk management, encryption, transmission security, security evaluation, proper disposal and training. The cover entities should take into consideration the following factors in order to avoid being breached (Clark, Clark & McGhee, 2008)

    The covered entities should conduct a thorough assessment of the potential risks and this can be done by having up to date applications, computers and media devices. Risk management standard requires the use of modern security measures sufficient to reduce risks which will abide by the security rule. Most covering entities should start encrypting their ePHI. The business associates should put into use technical security actions to protect against invalid users accessing the ePHI that is being passed over an automated web system. The entities should also be able to conduct a security evaluation when there are changes in the business. ( Hamilton, 2009)

    The covered entities should also implement clear policies and procedures for the best way of disposal of PHI in all ways. The entities should also ensure that their employees are trained appropriately and are up to date with the modern technology. Some of the trends that covered entities should put in place are: training their personnel, encrypting their information, conducting security evaluations and having the best way of disposing the information. (Clark, Clark & McGhee, 2008)

    References

    Hamilton, B. (2009). Electronic health records. McGraw Hill Higher Education.

    Clark, C. L., Clark, C., & McGhee, J. (Eds.). (2008). Private and Confidential?: Handling Personal Information in the Social and Health Services. Policy Press.

Place an Order

Plagiarism Free!

Scroll to Top