Privacy and Security Concerns Regarding Health Information - Case Study Discussions (Case Study Sample)

Privacy and Security Concerns Regarding Health Information - Case Study Discussions Name Institution Privacy and Security Concerns Regarding Health Information - Case Study Discussions Case 4.8: E-Mail Goes Astray The management of Kaiser Permanente, particularly Registry and Information Technology (IT) personnel, are responsible for the violation of clients’ confidentiality. Before carrying out the system upgrade exercise, the IT and registry staff failed to set up suitable measures so as to guarantee smooth transition. Specifically, Kaiser Permanente’s registry and IT personnel did not institute structures that would ensure that clients’ data does not become mixed up. Such oversight led to the catastrophic phenomenon whereby confidential messages were emailed to the wrong customers. If the registry and IT departments had appropriately coordinated the system upgrade, client information would not be jumbled. Messages would thus be forwarded to the correct email addresses. The aforementioned violation of client privacy could dissuade Kaiser Permanente customers from using the company’s online platform while executing health-related tasks. Clients would be wary about the confidentiality of any data that is transmitted through the company’s online system. According to Sankar, Mora, Mertz and Jones (2003), patients mostly provide medical information freely if clients are not concerned about the exposure of such data to the public (Sankar, Mora, Mertz & Jones, 2003). The authors’ above comments reflect the unwillingness of Kaiser Permanente clients to generously submit information through online means. Customers could opt for the tedious face-to-face method of accessing healthcare services. So as to regain client confidence with regard to confidentiality, Kaiser Permanente could set up a communication system that automatically rejects commands that entail sending information to the wrong customer. Further, Kaiser Permanente ought to promulgate the existence of such a system to the company’s clients. The firm could send out invitations to all customers, asking any willing client to ask for a free demonstration about the effectiveness of the system. Case 4.17: Patients’ Files Used for Obscene Calls Healthcare institutions need to carry out background verifications on new workers whose tasks would entail accessing private client data. Such checks would cover issues such as workers’ criminal history so as to forecast possible motives for misusing patients’ information. Healthcare institutions would also investigate new workers’ medical history with the aim of predicting potential incidences relating to abuse of clients’ confidential data. Other new workers’ data that ought to be looked into by healthcare institutions includes employees’ employment history. On this front, healthcare institutions would contact former employers of the new workers so as to investigate if the fresh members of staff have previously engaged in misuse of confidential clients’ data. Zivin, et. al. (2008) concur that background checks on new employees are permissible as per the 2003 Medicare Prescription Drug, Improvement, and Modernization Act (Zivin, et. al., 2008). The orthopedic technician falls into the category of healthcare professionals that are described by the above-mentioned authors. The hospital could have avoided the orthopedic technician’s misuse of clients’ data in two ways. Firstly, the hospital could have thoroughly vetted the orthopedic technician, thereby establishing the employee’s criminal history. Such awareness would have suitably alerted the hospital of the dangers of bringing the orthopedic technician into contact with the personal information of young clients. In addition, the hospital’s IT department could have frequently updated the passwords used to gain access to the institution’s automated system. Such caveats would have prevented the orthopedic technician from obtaining the confidential patients’ data that the employee used to assault customers. Based on the above expose, the hospital system was to blame with regard to the violation of security. The main error that is attributable to the system relates to its inability to detect suspicious activity. To this end, the system did not ‘notice’ the unusually large quantity of client data (for nine-fifty-four patients) that the orthopedic technician gained access to. In addition, the system did not have an inbuilt capacity for frequently detecting old passwords and updating the same. The above faults facilitated the orthopedic technician’s breach of confidential data. Nevertheless, the hospital ought not to be made liable to the misdemeanor of the orthopedic technician. Rather, the healthcare institution should be held responsible for the civil wrong of failing to maintain a dynamic system. Criminal charges for the assault on patients ought to be leveled against the orthopedic technician. Case 4.44: University Tightens Computer Security Information systems at university medical centers are particularly vulnerable to computer hackers based on several factors. Such systems are bound to contain medical data about persons with various health issues. Considering that hackers are usually pe...