Patient Centric Healthcare Practices
HSA-520: Health Information Systems
Healthcare Information and System Breaches happen everywhere across the US. In today’s world, everyone personal account is getting hacked and the company’s computers or laptops are having a breach. This paper will first outline the four key factors contributing to other organizations HIMS failures and or breaches. Secondly, it will analyze three ways the HIMS failure impacted Baptist Memorial Hospital operations and patient privacy information. Third, it will diagnose the leadership teams’ reactions to the failures. Next, it will list three outcomes for the company and state overall verdict. It will then go on to list three best practices Baptist Memorial Hospital can adopt to avoid HIMS failures and breaches. Lastly, it will explain one government requirement to ensure health care and patient information is secure.
Four key factors contributing to other organizations
Information Technology failure/breach occurred at Baptist Memorial Hospital. This organization is at a risk of a huge impact with information technology failure and breach. There are four key factors contributing to HIMS failure or breach. These four factors consist of improper disclosure, unauthorized access, theft, and loss. Patient data should only be accessed by management and the patient itself. Disclosing one’s personal information is unacceptable at Baptist and corrective actions will be taken if information is leaked to the incorrect person. Theft is stealing someone’s identity without permission. “There is no way to inoculate yourself against identity theft completely, but if you’re diligent in learning how your info can be at risk what fraudsters get hold of it.” (Prater, 2014). An unauthorized person having access to someone information is known as theft. HIMS failure or breach is caused by a lot of factors. The fourth factor is a breach that occurs from theft and loss of information. For example, companies’ cell phones and laptops being stolen that has patient privacy information stored in it.
Three ways the HIMS failure was impacted
A large amount of patient information can cause violation due to hard manage data, patients’ errors, and use of technology information, which makes it harder for attackers to hack private health information. Another failure impacted is patients’ errors, this happened when the responsible person information safe fails to follow the rules and procedure required for personal data storage. Patient information is critical when it comes to protection, privacy, and personal safety. The second factor failure from the HIMS is trustworthy. No patients have enough confidence build up to believe Baptist Memorial has breached its patient information. This case also resulted in financial loss as the company can be out a lot of money for damages. As a service to the organization patients, we work diligently with them to determine if they qualify for federal or state local healthcare programs. (www.baptistmemorial.org). The concern about inappropriate releases of information from individual organizations. Inappropriate releases from the organization can happen from unauthorized users who intentional access one’s personal information from outsider’s computer systems. Systematic concerns are the open disclosure of patient health information to those that may act against the interests of the specific patient. The last failure impacted by the HIMS is disbelief and stigma to the patient, especially when a family member is disclosing of the patient information, or any other authorized person listed as a contact person. Breach of vital health information may also lead to patients feeling uncomfortable.
The leadership team at Baptist Memorial indeed took the proper measure to address various stakeholder group impacted. Leadership addressed the issues and concerns from one’s perspective to see where the group was failing at. Other resources had a tremendous amount of resources in place to prevent the breaches and releasing patient information from happening. When going to a new doctor, you can choose whether to share your previous medical records with them by giving a written consent to your other doctor, so they can send the new doctor the information in your medical file. (Prater, 2014).
Leadership teams’ reactions to failures
Teams are put together to accomplish strategic skills and solve problems here at Baptist Memorial Hospital. Team failures results from a no trust among each other, improper communication, poor role clarity, and poor time management. When a breach of information has occurred, the organization becomes affected. Reactions to the HIMS breach and failure was a discerning. At Baptist Memorial, their top focus is to protect patient’s privacy, respect their services and we try to offer the best quality care for the patients. The organization leadership has taken lots of steps in dealing with the organization violations that were impacted by the failure. It has shown that no information has gotten out of control and patients were aware of the necessary actions that were caused by breach failures. The organization had set rules and policies to control patients’ access in the information system. There has been no proven evidence of encryptions in the company’s computers or laptops that pertains to patient information.
Three Outcomes for the Overall Verdict
Due to violation of the breach, the facility is willing to pay for any damages that were affected by this failure. The organization will also pay for government fees from the breach and terminate those that played a part in the verdict. I agree with the overall verdict outcome because it helps patients feel happy that the company has done its job by making the patients feel safe and secured. This company assumes outsiders are attacking one’s health information. “While not specifically describing threats to health care organizations, these reports indicate the growing vulnerability of information system connected to public infrastructure such as the Internet.” (Chouffani, 2016)
Three best practices the Hospital can adopt to avoid HIMS failures
Baptist Memorial Hospital should implement electronic records to protect against patient personal information, data security, and their privacy. This should help unauthorized people not be able to gain access to the patient’s personal information. It’s also a good idea to train and educate staff that do not have access to patient’s personal health Information. This will help them better understand their role when it comes to securing patients personal information. “Healthcare organizations may have stellar employees, but human error can always lead to security issues. Proper training on regulations, security protocols and support for employees using mobile devices can help reduce these errors and improve overall security. Employees should only have the data necessary to perform the functions of their job”. (https://datafloq.com/read/5-best-practices-avoid-data-breaches-healthcare/2155). Another practice is Choosing Vendors Carefully. Choosing different vendors from a third-party company can be a bad idea. “Many organizations choose off-site data storage systems and assumes it’s the safest vendor to go with. Choosing partners who follow best practices are essential to keeping data safe. When an organization does not have direct control over the data, the security precautions must be just as strict as if the data was stored in-house”. (https://datafloq.com/read/5-best-practices-avoid-data-breaches-healthcare/2155).
One current government requirement for all healthcare
The facility should follow the Health Insurance Portability and Accountability Act on security rule to protect security and data privacy of patient health information. “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. The Rule also gives patients’ rights over their health information, including rights to examine and obtain a copy of their health records, and to request corrections”. (US Department of Health and Human Services, 2015).
In conclusion, while it is a top priority when it comes to failures and breaches in the healthcare facility, it is very important actions are taken immediately. When an organization responds to a security breach in a system, the first step is to always disconnect the accounts associated with that breach. During a breach and failure, most companies are focused on the scope of the breach and its policies that are put into place. Practices that affect the Hospital HIMS failures are good to have in place, so everyone is aware of the procedures. It concluded that leadership followed the procedures in the organization and the government requirements were also met and in compliance.
Five Best Practices to Avoid Data Breaches in the Health Care Industry (https://datafloq.com/read/5-best-practices-avoid-data-breaches-healthcare/2155).
Reda Chouffani, 2016. Biz Technology Solution. Common failures of responding to security breaches in healthcare.
Prater Valérie S. (2014). Confidentiality, privacy, and security of health information. Retrieved on 11/20/2019 from http://www/healthinformatico.uic.edu
US Department of Health and Human Services. (2015). Guidance regarding methods for identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (The HIPPA Privacy Rule)