User Account

All Pages

Patient privacy issues

Assignment Help Other Subject
Reference no: EM13802339

Patient Privacy Issues

New technology has brought many benefits to the healthcare industry but it has also resulted in challenges involving keeping patient information private and confidential. As more and more healthcare facilities go digital the threat of the private patient record going public is an alarming problem. Not only do patients risk someone hacking into their private patient file there is also the risk of their information being sold. Patient privacy is no longer as secure as it was in the past with the written record. Keeping a patients record from being accessed requires the healthcare facility to take steps to properly secure this information. Even then this private information is at risk from internal and external sources at the healthcare facility.

One situation where the private information of the patient becomes vulnerable is a case where an employee sold patients private information for illegal gains. An employee at Howard University Hospital named Laurie Napier used her position as a hospital tech to access private hospital records and to sell them to criminals so they could be used for criminal purposes (Shultz, 2012). In this situation the employee was caught selling the private information of patients. This private information includes name, address, birth date, Medicare health numbers, and social security number. This private information can be used by criminals to create fraudulent accounts, open credit cards, and create new identities.

The employee was able to steal the private information of tens of thousands of patients because the patient files were password protected but the information was not encrypted to prevent theft. Not only did patients become vulnerable to fraud, the reputation of the healthcare facility also becomes damaged due to their inability to protect patient records. As a result of the illegal actions of Napier she was charged under the HIPPA law. The Health Insurance Portability and Accountability Act (HIPPA) privacy rule ensures the healthcare facility does not release the private information of the patient without their express permission.

The Privacy Rule is balanced so that it permits the disclosure of health information needed for patient care and other important purposes but also ensure this information is held in confidence (DHS, 2015). The Security Rule defines the necessary security safeguards required to be put into place by the healthcare facility, business associates, and healthcare clearinghouses that share patient's healthcare information. When Laurie Napier stole the private information of over 34,000 patients she violated the privacy rights of the patients and broke the law. Her violation was criminal but they hospital was also at fault due to their failure to protect private patient information.

Prior to the Napier theft the hospital had a previous situation where another employee downloaded patient files in order to sell them. Under federal law Napier was charged with wrongful disclosure of patients' individually identifiable health information. Because she yielded less than $5,000 dollars for her crime she received house arrest with three years probation. Napier is responsible for paying a fine of $2,100 dollar fine and will have to complete 100 hours of community service (Narasi, 2012). Before she can go on house arrest Napier must first six months in a halfway house.

Hospitals are considered covered entities under the HIPPA. All covered entities are responsible for taking the necessary steps to protect the patient's private information. This includes taking steps to block the information from being stolen electronically. While Howard University Hospital placed password protection on patient files it was not sufficient to stop employees from stealing the information and selling it to others. When the first theft occurred by an employee the hospital should have taken immediate steps to rectify the security issues. If the hospital had simply placed encryption software on hospital computers any stolen information would have been unreadable.

While the employee is responsible for her illegal behavior she took advantage of an opportunity to steal information that was not properly protected. If the hospital had the proper protections in place the two breaches would never have occurred. New reporting rules require that the healthcare facility warn the patient, the public, and the media of the breach. Because the healthcare agency is required by law to report these breaches there has been a growing number of cases were the private records of the patient are breached. In November of last years the countries larges data breach in the healthcare industry when thieves stole the private information of five million patients of TRICARE, a military healthcare insurance agency.

According to an HHS database, more than 40 percent of medical data breaches in the past two and a half years involved portable media devices such as laptops or hard drives (Shultz, 2012).In the Napier case and the case earlier in the year a laptop was used in order to obtain the private information. When private information is accessed through a third party device it increases the security risk especially when the private data is not encrypted.

If Howard University Hospital was in full compliance with HIPPA the security breach would have been prevented but the hospital was not in full compliance of the law. HIPPA requires that health care entities, under the Security Rule, apply administrative, physical, and technical safeguards to ensure the private information of the patient is secure. By failing to protect this information the company is vulnerable to private information being lost. When this happens patients have the right to sue the hospital for their failure to protect patient privacy. In response to the two security breaches the administration of the hospital claimed they were taking steps to fix the problem.

Healthcare facilities have an ethical duty to their patients that includes upholding their privacy. When Howard University Hospital failed to take the steps to protect the patients they failed in their ethical duty. If a healthcare organization fails to displays the ethical behavior expected of them it can result in damage to the reputation of the hospital and result in a loss of trust by patients. Healthcare organizations have other ethical duties to the patient but making sure the confidentiality of the patient is upheld is an important one especially in the 21st century. When a patient's private information is not properly secured it becomes vulnerable to security threats.

The Howard University Hospital has a legal and ethical duty to properly secure the patients private information.

In order to prevent security breaches in the healthcare setting the same level of security applied to financial sector should be applied to the healthcare industry. The financial sector has long recognized the need to develop a comprehensive, multi-tiered, security plan that will ensure no avenue is left open for the criminal to breach the private data of the hospital. This begins with conducting an assessment to identify security vulnerabilities and then developing a plan to address the vulnerabilities. In the case of Howard University Hospital the hospital failed to recognize the vulnerability associated with not using encryption software to protect employee files and the vulnerabilities associated with the use of third party devices accessing sensitive hospital data.

The first step is to place encryption software on all hospital data and to add additional layers of security. This would include placing computers servers in a secure location that can only be accessed by personnel with the authority to access the sensitive data. When too many people have access to passwords and computer servers it can create security breaches. Lastly the hospital needs to restrict the use of third party devices to access sensitive hospital data unless the device is assigned by the hospital after it has been properly secured.

The healthcare industry is changing. It is no longer a simple matter to keep track of patient information in patient files that could simply be locked up. With new electronic patient files the healthcare industry has no choice but to enter the 21st Century and make sure that patient information is properly protected. This means restricting access to patient files and putting the proper security measures in place. The Howard University Hospital was negligent when they failed to properly secure patient files especially after the first incident. In order to ensure security breaches like the one committed by Napier do not happen again the hospital needs to be in compliance with HIPPA and establish a more effective security approach to protecting patient information.

Reference no: EM13802339

Questions Cloud

Describe a situation where you personally experienced : Describe a situation where you personally experienced (or became aware of) communication interferences that had a negative consequence.
Healthcare marketing reflection : Normal 0 false false false EN-US X-NONE X-NONE Healthcare Marketing Refle..
Display the sine cosine and tangent of the angle : Write a program that asks the user for an angle, entered in radians. The program should then display the sine, cosine, and tangent of the angle
Patient privacy issues : Normal 0 false false false EN-US X-NONE X-NONE Patient Privacy Issues
Determine related characteristic that you already possess : Determine the related characteristic(s) that you already possess, and propose strategies for developing the remaining characteristic(s) through education and / or experience
Describe the types of gifts : You have to decide what the best approach to this situation would be, and fully explain your decision to your supervisor in a memo.
Dna sequencing and replication : DNA sequencing and replication

Reviews

Write a Review

Other Subject Questions & Answers

  Therapist claims that a particular technique

A therapist claims that a particular technique has been sucessful in the treatment of eating disorders. You find out that only 7 out of 10 clients were actually helped. What is the probablitity of onserving 7 successes if the probability of success e..

  What are therapeutic factors that allow person to mature

Psychoanalysis is viewed as a learning process in which the individual resumes and completes the growth process that was interrupted when the neurosis began. Describe the term "transference". In psychoanalysis what are three therapeutic factors th..

  Write a paper on qualitative reasoning and analysis

Write a paper on Qualitative Reasoning and Analysis. This is not meant to be a full research plan in that you will not be constructing data collection instruments or generating data to use.

  Franchised stores and company-owned stores

Panera Bread has two types of stores (franchised stores and company-owned stores). In general, company-owned stores have higher revenues than franchised stores, but Panera is reversed.

  Skill variety-job identity-job significance-autonomy

Apply thefive core characteristics of any job (skill variety, job identity,job significance, autonomy, and feedback) to create highlyproductive technical positions in several process-layout-structure combinations.

  Intestate succession–problems

Jenevive is a famous singer with a multi-million dollar estate. She died of a drug overdose at the age of 26. She left no spouse and no children. Her mother is still living. Her father abandoned her and her mother when Jenevive was three. Her mother ..

  Most common causes of amnesia

What are some of the most common causes of amnesia? Do people ever get their memory back?

  Federally supported state health planning has risen

Federally supported state health planning has risen

  Health and health economics

To what extent are various public health goods public or private? Why is it important for you, given your current or future professional role, to understand this distinction on how various public health goods and services are delivered?

  What are other characteristics of world health organization

Research World Health Organization. Besdes holding responsibility for ICD-9-CM what are other characteristics of this organization?

  Describe what venn revealed-was this method useful

Identify any premises or conclusions with which you agree or which you believe are false. . Explain whether you found any syllogisms which appeared to be valid or invalid and why. Diagram one of the syllogisms. Describe what the Venn revealed. Was th..

  Prestige pricing policy fit into a marketing mix

How does a prestige pricing policy fit into a marketing mix? Would exclusive distribution be necessary?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd