Introduction
Many health institutions use Electronic Health Record Systems to store all the data and information in their health facilities. In these systems, they keep patient information, workers information and information about the health facility. Patient health records and workers financial information are personal information that the system needs to secure with high profile security technology.
The scenario provided points to a case that sound a great alarm. It is a matter of grave concern to hear that an unknown account exists in a system, and it has all the access rights allowed by the system. This means that the three accounts stated in the scenario had a copy of all the activities that happened in the health facility, they had information about all the patients in the hospital and they had all the access right meaning they had administrator rights.
The first security fault in the system is that the system allowed the creation of three accounts that were verified by the server but not verified by the system administrator. Normally, the server liaises with the system administrators to monitor the activities happening in the system. In this scenario, it turns out that the server accepted the opening of the accounts without notifying the system administrators for verification.
The second security fault in the system Is that it allowed the escalation of the three accounts, which were established as standard user accounts, to full access rights over a period that the system is set not to allow. A standard user account cannot auto upgrade to an administrator account with all access rights. Under normal circumstances, an administrator must elevate a standard account to an administrator account. Alternatively, the system can do that when the system creates an account for the chief administrator of the system. How these three accounts gained all access rights to the entire information in the system raises a troubling question. This scenario is a severe case of security breach.
The third and the last security fault in the system is that it allowed the access of more than the maximum number of records that a single account can access in a single day. To make matters worse, the system permitted a considerable margin in terms of the difference between the actual records obtained and what the system allows. The mistake, in this case, is that the system allowed this to happen without issuing an alert to any of the system administrators. These activities were in progress until there was a system audit. By default, the system should issue warnings of illegal activities happening in the system to the system administrator (Korableva, Kalimullina & Kurbanova, 2017). However, this was not the case for this hospital system's instance.
Organizational Policy
The scenario provided translates to a cybercrime of gigantic proportion. It is a crime that could bring down the entire hospital by leaking out their information or sabotaging the whole system. The fact that this happened is a clear indicator that the hospital lacks policies on cyber-crimes. In this connection, therefore, the following are the three policies I would set for the organization and conforms to international standards and procedures;
When the organization acquires an information system, it should have the capacity to run, monitor and control all the system operations and run all the security checks required.
The organization should always run regular checks in terms of audits to account for the system's activities for a certain period.
Any organizational worker handling the organization's systems should be morally and ethically upright and must adhere to the terms and conditions of the system use.
Policy Justification
The above policies aimed at ensuring that the system information is secure and that the system is not prone to any attacks. The policies conform to HiTech standards in that they aim at improving healthcare quality, safety, and security. The procedure to adhere to terms and services also conforms to HiTech in that users cannot conduct available in HIPAA, and they cannot violate a patient's or worker privacy. Regular audits assist in maintaining the system security, points out to specific misconducts in the system and also prevents system intrusion by external perpetrators (Kiel, Ciamacco, & Steines, 2016).
References
Kiel, J. M., Ciamacco, F. A., & Steines, B. T. (2016). Privacy and data security: HIPAA and HITECH. In Healthcare information management systems (pp. 437-449). Springer, Cham. Retrieved from https://link.springer.com/chapter/10.1007/978-3-319-20765-0_25
Korableva, O., Kalimullina, O., & Kurbanova, E. (2017, April). Building the Monitoring Systems for Complex Distributed Systems: Problems and Solutions. In ICEIS (2) (pp. 221-228). Retrieved from
Cite this page
Essay Sample on Health Record Scenario. (2022, Dec 04). Retrieved from https://proessays.net/essays/essay-sample-on-health-record-scenario
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Antibiotic Resistance and Impact on Human Health
- Addressing New Jersey's Opiate Issue - Sociology Essay Example
- Snake Venom and Treatment of Cancer Essay
- Obesity Prevention and Treatment in School-Aged Children Paper Example
- Description of Funding Sources of Malaria Prevention and Elimination Program
- Essay Sample on Advanced Practice Nursing: Quality Care & Cost Reduction
- Essay Example on Supervising Patient Access: Ensuring Care, Safety, & Accuracy