Essay Example on Protecting Patient Data: The Persistent Challenge of Data Breaches

Health care information, especially the data about the medical records of patients, is sensitive and thus should be protected from leaks to the public domain. Regardless of the gravity of safeguarding the medical records of patients, data breaches still occur, and sensitive medical records, including patients’ private information, continue to leak to the public. Whether due to faulty protocols, carelessness on the part of medical institutions, or hacking by criminals, the issue persists as a significant source of concern for managers in the Health Care industry (Galliers & Leidner, 2014). In this context, this discussion will focus on Big Sky Health System, an extensive healthcare system in a rural state, highlighting technical breaches associated with it as well as exploring the possible solutions to the problem.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Before delving into Big Sky System and the many data breaches that continue crippling the healthcare industry of the State where it is operational, it imperative to consider the governing organizations and the principles and guidelines governing healthcare information security (Ebron et al., 2018). In America, the Department of Health and Human Services is the principal governing organization of health care. It is responsible for the provision of healthcare services as well as the security of electronic medical records that will provide the scope of this confab. The HHS accomplishes its mission and fulfills its responsibilities to Americans through initiatives and programs funded by the federal government. These initiatives cover a broad spectrum of activities that protect and ease the lives of Americans from birth to adulthood until old age. Additionally, the HHS collaborates with other Federal entities and organizations concerning several cross-cutting topics that affect Americans.

Consequently, in the USA, the protection of sensitive patient information and medical records is guaranteed in the constitution through an Act of Government. The Health Insurance Portability and Accountability Act 1996 (HIPAA), it arguably the most comprehensive legislation that covers the protection of electronic medical records across the nation (Ebron et al., 2018). HIPAA, as included in the Administrative Simplification provisions, requires the Department of Human and Health Services to model and adopt standards and guidelines for electronic health care transactions and information and ensure their security.

HIPAA possesses the adoption of Federal privacy protections for health information. An example of such a provision in the Privacy Rule enacted in 2000 and later modified in 2002. The rule ensures the protection of individually identifiable health information, including health plans, health care clearing records, and medical records held by health care providers. Another facet of HIPAA is the Security Rule of February 2003, which states the standards and guidelines for protecting the confidentiality, integrity, and availability of electronically protected healthcare information. Since the year 2006, compliance of the rule was made compulsory, making non- acquiescence a punishable crime by federal law (Puhakainen & Siponen, 2010).

Additionally, HIPAA also incorporates the Enforcement Rule and the Omnibus Rule, which provides standards for enforcement of administrative Simplification Rules and the strengthening of Privacy and protection of electronic medical records, respectively. Another Health IT Legislation pertinent to this discussion is the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The law provides the HHS with the authority to establish programs that improve the quality, efficacy, and efficiency of service delivery through healthcare information technology (Rassam et al., 2017). The act covers the promotion of health records and privates and secure exchange of health care information.

Deducting from the definition of HIPAA and the various rules associated with it suffices to say that Big Sky has potential legal liability threatening the people involves in its running. The data breaches, for example, break both the Privacy and the Security Rules, meaning it reaches the threshold to unlock the Enforcement Rule, which requires the prosecution of the parties involved. According to the information provided in the prompt, there is confirmation that the system has suffered unauthorized external access for 25 times in six months. Such a revelation alone is enough to land the managers of the system in trouble with the federal government since each breach accounts for a single count of punishable offense.

The Security Rule provided for by HIPAA describes the relevance of only specific people or institutions obtaining access to confidential medical information. In this context, Big Sky Systems is liable for laxity and the use of faulty technology that leads to the leak of such information. Moreover, most of the records were faxed with a significant number ending up on incorrect fax numbers. Appropriately, such carelessness leads to breach of the security rule and thus triggers the Enforcement Rule hence more legal liability of the managers (Galliers & Leidner, 2014).

It is also worth noting that the HITECH Act of 2009 has even been breached in this scenario (Ebron et al., 2018). Following the legislation, secure and efficient technology should be utilized in the exchange of healthcare and medical information. It is, therefore, the prerogative of the managers at Big Sky Systems to ensure that they employ the most efficient and up to date technology in their sharing of medical records. Intrinsically, the use of a fax machine in the current environment fails to suffice as an efficient and secure method of healthcare information sharing. Moreover, its operation is cumbersome, thus the increase of error regarding the use of wrong numbers.

Another unsafe technological condition that arises upon the investigation of Big Sky Systems is the use of cloud hosting in the exchange of electronic medical records. The use of Cerner, the cloud-hosted backup for the system, is not a prudent method of storage for healthcare information for an entire state. While cloud computing may provide solutions to HER, it also poses significant risks concerning the safety of the information and data stored therein. One of these lies within the fact that cloud computing depends on healthcare institutions turning over data to third parties. In this scenario, the company is providing the hosting service, Cerner.

Trusting a cloud computing vendor in the healthcare industry takes a whole new meaning, considering the legal implications involved in cases where breaches and leakages of information occur. Security and privacy being the core issues within the healthcare information niche. Big Sky systems must invest in their database, mainly because the amount of data being handled by the company belongs to the jurisdiction of an entire state (Ebron et al., 2018). Another critical matter is data availability and liability. When using a cloud computing service, one has to hand over the control of the information and information technology operations to the service provider. In case the vendor is uncooperative, or they experience problems with the software, then the entire health information exchange operation is compromised.

Conclusion

As highlighted in the earlier sections of this discussion, the main issues of concern regarding health information are the privacy or confidentiality and security of data. Therefore the HHS has adopted standards and principles, as also explained above, based on these two concepts. Consequently, it has also established a protocol of events to be adhered to in case of breaches and design of healthcare information systems. In following these principles and guidelines, any medical or healthcare organization in the nation will be able to provide service to its clients smoothly without the risk of litigation or loss of confidential client information. Conclusively, Big Sky Systems should adhere to these guidelines, especially maintaining compliance with regards to HIPAA and HITECH regulations (Puhakainen & Siponen, 2010).

References

Ebron, S., Bailey, R., & Blumenthal, B. (2018). Using Health Information Exchange to Support Community-based Innovations. Perspectives in Health Information Management, 1-11.

Galliers, R. D., & Leidner, D. E. (Eds.). (2014). Strategic information management: challenges and strategies in managing information systems. Routledge.

Puhakainen, P., & Siponen, M. (2010). Improving employees' compliance through information systems security training: an action research study. MIS quarterly, 757-778.

Rassam, M. A., Maarof, M., & Zainal, A. (2017). Big Data Analytics Adoption for Cybersecurity: A Review of Current Solutions, Requirements, Challenges and Trends. Journal of Information Assurance & Security, 12(4).