Privacyand Security Concerns Regarding Health Information Systems
Thetechnical, physical, and organizational privacy and security concernsare exceedingly vital in any health facility. The technical concernsshould be such that they are in a position to guard patients againstsecurity issues. One of the technical characteristics is that thetechnology used by a health facility should have the capacity topromote patient safety (Fisher, 2013). Patient outcomes should alwaysbe offered the first priority. Another technical characteristic isthat the technology should have limited threats. Alternatively, thephysical environment is also very critical to the security concern.The physical environment should be in a position to support securityconcerns the setting must be capable of facilitating theinstallation of security details in order to guard patient concerns.
Inthe case, both the technician and Kaiser Permanente were responsiblefor the breach in confidentiality. The technician was responsible forthe breach in confidentiality because in his capacity, he shouldensure that he sends the right message to the appropriate individual.It was the role of the technician to confirm the identities of therecipients prior to sending any information since this falls withinthe duty of the technician. Besides, the technician was responsiblebecause he did not communicate about the issue to the company once hediscovered that there was a problem (Brubaker, 2000). Alternatively,Kaiser Permanente was responsible for the breach because it holds theduty of ensuring that patient information remains confidentialthrough different initiatives. In case one initiative fails, thereshould always be an alternative. However, the organization learnedabout the fault from customers.
Abreach of confidentiality has an outcome of discouraging clients fromthe services of an organization. This is because the breach tends tobreak the trust, which customers give the company. However, wherethere is a speedy resolution to the breach, customers can get thereassurance that the company is in a position to hold theirinformation confidentially. Although some of the clients may bediscouraged to let Kaiser Permanente have their information so as toseek medical advice, others will continue to let the organizationoffer services to them due to the assurance received from thedirector. Subscribers can be reassured that their data will be keptconfidential in the future through offering them reassurance messagesand explaining to them what happened and the steps that they havetaken to prevent the issue from happening again.
Patients`Files Used for Obscene Calls
Healthcareinstitutions should conduct background checks on new workers, whowill be permitted to access confidential information of patients.Such a move is important so as to ensure that the employees that willhave access to the patient information will maintain itsconfidentiality. The information that needs to be accessible to suchemployees is the data that they require in order to provide services.They are not supposed to access every health detail of the patients.
Thehospital could have prevented the misuse of patient information fromoccurring by ensuring that the computer systems of the organizationwere secured. For instance, the case indicates that the defiantemployee used the password of a former hospital administrator to haveaccess to the data this could have been prevented through thecompany ensuring that it changes passwords regularly, especiallyfollowing the removal of an employee that had a password. It can beargued that the security system of the hospital was at fault for thebreach of security because it had not changed the password that wasused by a former administrator (Brelis, 1995).
Anemployee of an organization is associated with an entity, and anorganization would suffer emanating from the actions of an employeelinked to its operations. In this case, the hospital will sufferbecause of the actions of its employee. Thus, it can be argued thatthe hospital will be held accountable for the actions of thetechnician. However, there is a need for the technician to face theliability for his individual actions.
UniversityTightens Computer Security
Hackerscan be in any place, which implies that different systems arevulnerable to hackers (Black & Chitty, 2014). However, there areplaces that may attract hackers or be vulnerable to hacking. Forinstance, in an institution such as a university, there are people ofall walks of life, which may make the records of the institutionexposed to hacking. It is for this reason I think that the universitymedical center information systems may be vulnerable to hackers.
Themedical center is accountable for any harm caused by unauthorizedentry into the patient records because it has the responsibility ofmaintaining the confidentiality of the patient data at all times.Once the patients visit the medical center, they enter in an implicitcontract with the hospital concerning the privacy of their records(Black & Chitty, 2014). Thus, although the medical center did notenter in any contract with patients, it bears the obligation ofkeeping the health records confidential.
Birch,D. (1999). Hopkins tightens computer security. TheBaltimore Sun.
Black,B. P. & Chitty, K. K. (2014). Professionalnursing: Concepts & challenges.St. Louis, Mo: Elsevier.
Brelis,M. (1995). Patients` files allegedly used for obscene calls. TheBoston Globe.
Brubaker,B. (2000). ‘Sensitive` Kaiser e-mails go astray. TheWashington Post.
Fisher,M. A. (2013). Theethics of conditional confidentiality: A practice model for mentalhealth professionals.Oxford: Oxford University Press.