CRITICAL ANALYSIS 1
Healthcare is essential for human survival. Considering the increasing complexity of infections and diseases, youcould say that the role played by healthcare in the protection ofhuman life has become crucial. The introduction of technology hasimproved delivery of Medicare and increased the chances of humansurvival. However, a few drawbacks have risen from technologicaladvancements. These drawbacks have the capacity of destroying all theadvancements made in the recent years. Infringement of patient’sprivacy and data theft are the common drawbacks. Our organization isexperiencing the effects of these drawbacks after its reputationtainted when medical records were leaked online. The firm is renownedfor its quality in the provision of Medicare services especially inthe sector of AIDS treatment. The recent saga whereby someone postednames of those patients infected with HIV/AIDS on the internetindicating a major breach of patient`s privacy and even somerecklessness on the part of the clinic. Finding the way forward todeal with the issue and prevent future occurrence of a similar issuewill be vital in redeeming the image of this clinic.
According to the report collected by thecomputer security consultant, I hired, the clinic has some seriousissue that needs an immediate resolution to make any positivestrides. The passwords in use were common and were used to access thewhole database at ago. The systems would be left open without anysecurity measures while a doctor would write their password on apiece of paper and leave it taped on a piece of paper. The rooms,which could be used for replicating information, did not have anysecure means of access so anyone could enter and duplicate whateverinformation they deemed as useful. The password remained largelyunchanged due to the absence of programs reminding staff members tochange their passwords regularly. The staff members are also recklessand irresponsible. The consultant pretended to be amber of stuff whohad forgotten her password. Other nurses volunteered to let her usetheir passwords. The security consultant also requested access tosensitive information, which may have required verification of theusage, but the nurse just provided her with the information withoutquestioning.
All the rules and regulations implemented aimsat protecting the security, privacy, and confidentiality of patient`sinformation. HIPAA was introduced in 1996 with the aim of protectingthe patients` medical information. HIPAA (Health Insurance andaccountability clause) contains several sections some of which applyto this scenario. Federal laws demand confidentiality, privacy, andsecurity of a patient`s information. Privacy is the new term thatcomes into context since the introduction of HIPAA, but the issue ofconfidentiality has been in existence for quite some time.Confidentiality covers the moral obligation of physicians who canaccess patient`s medical records. The medical professionals shouldhold the given information in confidence. Code of ethics provided theboundaries beyond which the professionals are deemed as irresponsiblethus necessitating for action from relevant authorities.
According to Rothstein (2013), HIPAA is anexample of a federal law concerned with these issues arising frommedical records. When considering the HIV status confidentiality ofinformation is crucial since when such information is shared, thevictims could face discrimination from members of the public. Peopleensure that testing for HIV/AIDS is only after they are sure of theconfidentiality and privacy of their information. However, legalproceedings may override confidentiality especially if the court oflaw requires using the records as evidence. Privacy entails lettingthe patient make decisions on who is to get access to their personalmedical information and its usage. The said decision normally relateto healthcare provision. The rule limits scenarios for informationuse or disclosure. Security entails the protection of the medicalrecords. Restricting access to unauthorized parties is part ofsecurity measures aimed at protecting the medical records.
According to News(2015), a sexual health centerin London mistakenly leaked names of patients who had attended theHIV clinics. The names on the list exceeded 800 and to make mattersworse it was not everyone on the list who was infected with HIV/AIDs.The director of the clinic sent a personal apology to all theaffected patients an hour after discovering the mistake. In BeijingChina, a similar scenario occurred whereby HIV carries informationsupposedly leaked to the public. The leak was noted some weeks laterwhen several of the victims reported approaches from telephoneswindlers. The incidence affected about 313 patients. The callerswere claiming to be government officials and demanded financialinformation from the victims, which they used to steal their moneyfrom banks. They callers threatened the victims of publishing theirinformation on online platforms if they reported the incidence asdefined by News24 (2016). The Chinese health platforms reported thematter to law authorities. The platform also upgraded theirencryption mechanisms since it seemed that previously they were usingweaker technology, which hackers could easily bypass.
In this scenario, undertaking several stepswill help reduce the severity of the issue containing the personresponsible for the leakage and kindly ask them to retrieve anddestroy the disclosed information if it will be possible to do that.We will also contact the HHS, describe the scenario and even requestan investigation into the matter. Discovery of violations will promptthe agency to warn or discipline the responsible parties. Freezingall accounts affected by the leak will also be vital since cybercriminals can perpetrate their heinous acts by making use of theleaked information. Users will be required to avail themselvespersonally at the clinic to create new accounts and receivecounseling. The staff members will get new identity cards integratedwith the microchip technology, which will identify them to avoidduplication of information on the same. Changing the databasepasswords immediately will restore the integrity of the compromisedsystems while at the same time locking out unauthorized users. Theinclusion of two-factor authentication mechanism on user accountswill ensure their security.
It will also be worthwhile to introduce amechanism that will restrict the level of information accessed. Torestrict information access, medical practitioners will only haveaccess to only the information they need at the time a dictated bytheir access keys. Fingerprint identification is an upcomingtechnology that will ensure that only the authorized personnel willaccess the medical information as defined by Filkins (2016). Creationof forums to educate staff members on privacy and confidentialitymeasure they are supposed to take to avoid future leakages will beessential. Staying informed is the one way that will help in avoidinga future occurrence of a similar situation. Setting up Cyber-securitynews forum, which will receive instant news and update changes onattack patterns will help the organization alert. The next step willinvolve setting up Email alerts for password leak to notify the usersif their passwords leak. The notification will also remind users ofwhen to change passwords and provide them with tips of completing thetask. Setting up accounts on sites such as haveibeenpwned.com willallow users to detect immediately when their email address or anyother online information related to that email leaks.
In conclusion, technology has improved deliveryof Medicare but its use is coupled with drawbacks such as security ofmedical records, data theft, confidentiality issues, and breach ofprivacy. Some of these issues are unavoidable while the rest resultfrom human irresponsibility. Preventing the occurrence of theseissues is one of the responsibilities of healthcare providers sincethey are entrusted with the patient’s private information.Following the HPAA privacy rule and guidelines will help alleviatesome of these issues but internal interventions will be vital to keepthe staff members informed of their duties and responsibilities.Upgrading the security measures, regular change of passwords,restricting information access and setting up passwords leaknotifications will go a long way towards achieving the intendedgoals.it is vital to note that technology may have brought benefitsin delivery of healthcare but ignoring the important security andprivacy aspects could lead to explore of its ugly side.
Filkins, B. L.-C. (2016). Privacy and security in the era of digital health: what should translational researchers know and do about it?. American journal of translational research, 8(3), 1560.
News, B. (2015, September 2). London clinic leaks HIV status of patients. Retrieved from BBC News: http://www.bbc.com/news/uk-england-london-34127740
News24. (2016, July 19). China HIV info leak violates patients` rights: WHO. Retrieved from News24: http://www.news24.com/World/News/china-hiv-info-leak-violates-patients-rights-who-20160719
Rothstein, M. A. (2013). HIPAA Privacy Rule 2.0. The Journal of Law, Medicine & Ethics, 41(2), 525-528.