Unauthorized access of data, networks, applications and devices by bypassing the underlying security mechanism entails a security breach. In a patient-physician relationship, privacy is the key principle. Patients may refuse to reveal significant information to the physician if disclosure may lead to stigma and discrimination. Medical health records have a range of purposes apart from diagnosis and treatment. A good example is that such information is utilized in improving the health care system efficiency, development of public policy and in conducting medical research. Such information is also shared with payer organization such as insurance companies (Huston, 2001). The information should only be shared with the full consent of the patient. However, the consent requirement should not hinder medical research though proper procedures need be developed to solve this procedural problem.
All healthcare information shared with any organization should be used for the primary purpose only and privacy should be maintained. In addition, the electronic systems used in the sharing and storage of health care information should be well protected with firewalls and other security applications (Win, 2005). Other web-based platforms for the exchange of information should be secure and confidential. However, this will only happen if patients manage their data effectively.
Threats to privacy are categorized into two categories, which include organizational threats and systemic threats. Organizational threats arise when an external or internal agent exploits system vulnerability and accesses patient’s data. Systemic threats mostly occur from inside the information flow by people who are legally allowed to access the health care information. Insurance companies should always take measures to ensure that patient’s privacy and confidentiality is maintained. It is important to regularly conduct security risk assessment to uncover any system vulnerabilities.
Security Breaches in Healthcare Insurance
A security breach entails the unauthorized access of data, networks, applications and devices by bypassing the underlying security mechanism. This usually occurs when an application or individual illegally accesses a private and confidential IT perimeter. A security breach is the first stage of a security attack usually by a trespasser such as a cracker, hacker or a reprehensible application. A security breach is deemed to have occurred if any of the procedures, system or security policies are violated. In many organizations, security breach is carefully monitored for quick identification and mitigation. The whole process of monitoring to mitigation is done by a firewall of software. When a potential breach is identified, the firewall or software sends a message to the security administrator. Health insurance companies hold the medical data of their clients mostly in digital form. Such data is prone to a security breach. Some of the reasons why anyone would want to steal medical data are for blackmail, identity theft, activism and fraud among others.
Health information privacy and security background
In a patient-physician relationship, privacy is viewed as the key principle. To enable correct diagnosis and treatment, patients are required to share their personal information with the physician. However, in cases where disclosure may lead to stigma and discrimination, patients may refuse to reveal significant information to the doctor. Over the years, a patient’s health care information records accumulates important personal information such as identification, habits, genetic information, medication history, sexual preference, employment history, psychological profiles, income history and assessment of mental and personality state.
Medical health records have a range of purposes apart from diagnosis and treatment. A good example is that such information is utilized in improving the healthcare system efficiency, development of public policy and in conducting medical research. Medical records are shared with the payer organizations such as insurance companies, Medicaid, Medicare and social insurance in justifying payment of rendered services. Healthcare providers can also use the information in the management of their operations and improving service quality (Appari & Johnson, 2010).
In the last few decades, the US healthcare industry has experienced tremendous changes driven especially by the registration such as “Health Maintenance Organizations Act of 1973” and “landmark Health Insurance Portability and Accountability Act (HIPAA) of 1996” (Appari & Johnson, 2010 p. 282). HIPAA privacy and security rules require that covered entities maintain a safeguard to their information using policies and physical and technical safeguards. This will help in the monitoring and control of information access. With the sophisticated technology existing in recent times, healthcare information is mined, digitalized and transmitted for efficient health care provision. This has revolutionized the threats to healthcare information access. Considering these emerging threats and the need to provide cost-effective health care, the US Congress has considered significant federal regulations such as the Health Information Privacy and Security Act ((Appari & Johnson, 2010, p. 282). All this is meant to protect the privacy of patients and ensure that health care data is safe from any unauthorized access. In addition, payer organizations such as insurance companies have a responsibility to ensure that healthcare data in their disposal is safe.
A review of security of electronic health records
Patient safety is a very significant aspect in the health care industry. An integral part of the healthcare system is the electronic health records (EHRs). EHRs should always be kept safe from unauthorized access. Various functions of EHRs include storage of healthcare data, results management, decision support, order management, electronic connectivity and communication, administrative support, patient support and population management. It is evident that data breaches have an adverse effect on the health care consumers. With that in mind, security of EHRs is very significant. Integrity, confidentiality and availability are all attributes of information security (Win, 2005). Confidentiality is a kind of privacy characteristic in certain relationships such as patient-doctor relationship. Information about the patient obtained in such a relationship should never be revealed to anyone unless the patient is notified and consents to disclosure. The integrity of EHRs is crucial since any inaccuracy or changes in data can cause a tremendous impact in the health care process. For efficiency, healthcare information needs to be readily available to the authorized person when required.
Security of EHRs can be ensured by maintaining the physical security of the system, access only by authorized users and installing encryption technologies and firewall. Sensitive consumer I information such as HIV status and mental health can become easily accessible as medical records are fully automated. If other unauthorized people access such information, it would be a breach of the patient’s privacy. All stakeholders in the health care industry have a responsibility to maintain the confidentiality of data and systems. Protection of patient records can be achieved if the existing security policies to control access are implemented. Health care providers need to abide by the set rules and procedures to make the privacy a reality.
Consent plays an important role in ensuring the privacy of the patient data. Informed consent means that the patient understands the implications of their medical status and gives permissions to divulge any information. The individual should understand the contents of his/her records to be disclosed to third parties such as insurance companies. It is very unethical to use an implied consent when the patient is not completely aware of the disclosure information. Again, any disclosed information should be used for the intended purpose only. However, in cases where the disclosure of the information leads to a threat to the public interest, the information need not be disclosed.
EHRs contain very sensitive information which if wrongly accessed can cause a negative impact on the patients. EHRs involve different activities in the management of health information thus creating the purpose to maintain security for all the functionalities. Requirements of consents for data to be used in research should not hamper medical research. However, there is need to develop a procedure that addresses this problem to ensure that patients privacy is maintained. Information system breach can emanate from confidentiality breach by authorized users as well as abuse of access privileges. This calls for the consideration of legal and ethical responsibilities of users for the security of EHRs.
Information security and technology
Currently, the common mechanism used in EHRs for authentication is the ‘identifier’. The presence of a firewall can also be seen in many organizations to control data access. A good way to maintain confidentiality is by implementing a role-based access system. This means that the health care providers access the only information related to their roles only rather than accessing all the data. Another important tool is audit trails given that security breaches have in times resulted from misuse of access controls by authorized persons. There are mechanisms that can be used for identification and authentication including biometrics, voice pattern, fingerprints and hand characteristics.
Data interoperability and information security
Health care systems in most cases store data in different formats. This diversity in data formats has created a major problem in data sharing between healthcare organizations including data used in research. Recent studies suggest that investing in interoperability together with a health information exchange can save the heath care industry a lot of resources (Appari & Johnson, 2010, p. 288). Without the interoperability, continued use of the EHR will still lead to data silos that exist with paper-based records. The major challenge still existing is the development of a functional interoperable EHR system.
Information security issues of e-health
With the emergence of internet technology, the business models for customer-oriented industries have transformed. The health care sector has not been left behind in this transformation. This is evident since health care services are enabled through the mobile technology and the internet. Such services include the e-clinic, online consultation, e-prescription, e-clinic trials and asset tracking (Appari & Johnson, 2010, p. 289). The advancement in web technology has created new approaches to health care information management such as health bank.
A health Bank is a platform where health care information is stored and exchanged and consumers can upload or download information. Such systems include the ‘Google health’ and the ‘Health Vault’. However, such web based systems open up many security risks thus increasing the security threats. The success of e-health will depend on how effectively patients can manage their own information. Recently, leading technology vendors have joined hands in developing a platform for security and privacy in e-commerce. Such a platform can be used in e-health.
Healthcare systems security breaches
Recently, studies in policy have broadly categorized threats to privacy into two categories, which include organizational threats and systemic threats. Organizational threats arise when either external or internal agents access patient’s data by exploiting system vulnerability. Such threats can be of different forms such as a hacker who hacks the system to steal data. Organizational threats are characterized by four components, which are resources, motive, technical capability and accessibility. Different threats pose different levels of risk depending with the quantity of accesses data. The motive behind the threats could be monetary or non-monetary. In addition, recent studies have categorized organizational threats into five categories, which are accidental disclosure, insider curiosity, insider data breach, outside data breach with physical intrusion and unauthorized intrusion of the system (Huston, 2001). Systemic threats mostly occur from inside the information flow by people who are legally allowed to access the health care information
With the emergence of sophisticated technologies, there has emerged a trail of hacks. Large insurance companies have been hacked and patient’s data including social security numbers stolen. The size of data usually stolen from such unauthorized access just shows how valuable health care data is valuable to hackers. The primary reason why health insurance companies are targeted is because their low level of security. These companies tend to assume that health care information is not valuable to anyone else except the patients.
Between the years 2010 to 2013, organizations reported 949 cases of security breach exposing twenty-nine million patient records in the US (Korolov, 2015). Data encryption, which is used by a number of these organizations, is still not a perfect solution to the problem of data breach. This is because at some point, someone authorized will have to look at the data for use meaning the data will have to be unencrypted at some point. However, encryption of data makes it harder for hackers to access the data.
External people who hack into the system usually do most of the security breaches in health care organizations. However, employees and other people authorized to access the data can cause a security breach by misusing their access rights. When an authorized person accesses health care data and uses it for other reasons other than the primary reason, the person is deemed to have caused a security breach (Korolov, 2015). The use of the data for any other purpose other than the primary use requires one to obtain consent from the patients. There have been concerns from the medical research fraternity that the requirement of anonymity and informed consent undermines medical research (Huston, 2001). However for effective monitoring of outbreak responses, vaccines safety and infectious diseases control, surveillance has to override patient’s privacy.
Healthcare systems security breaches prevention
Healthcare data breaches need to be prevented given the strict rules set by HIPPA. According to the HITECH Act of 2009, if a data breach affects more than five hundred patients, the provider should immediately notify the Department of Health and Human services. The provider is also subject to a fine of two million dollars. This calls for strict control measures on the provider side (Nordrum, 2015).
One way to avoid a security breach is by regularly conducting risk assessment. It is always important to assess the vulnerability of the system to avoid anyone from taking advantage of such vulnerabilities. Conducting risk assessment will help in identifying possible threats, uncovering system vulnerabilities and reviewing security policies. In addition, employees should be regularly educated on the regulations set by HIPPA. Again, the employees should be aware of any other state regulations regarding the privacy of patient’s data. Employees need also to be reminded about the negative implications of data breaches.
However, though it is the work of the information technology department to keep the data safe, employees should also take it a responsibility to keep any data at their disposal safe. Electronic devices or paper records should not be left unattended since data breaches mostly occur from theft of such devices. Again, all data and hardware should be kept in encrypted form. HIPPA does not consider loss of encrypted data as a security breach (Nordrum, 2015). Furthermore, hardware such as network, servers, mobile devices and points should be protected for they are vulnerable. Again, networks available to the public can easily be used to hack into the system. Creating a subnet for visitors is a good to avoid such a security breach. Medical devices and applications transmitting sensitive data should use an internet connection that is not available to the public.
With so many people in the organization or company accessing healthcare data, it is significant to safeguard the identity of the users. A safe method to do this is to allow access depending with the roles. The employees should only access data that is related to their work rather than accessing the whole bunch of data. Recently a study conducted to understand the compliance behavior of health care providers showed that the health care providers at public institutions have a higher belief in their capability o]to maintain patients privacy as compared to their counterparts in the private sector. In addition, administrative staff has a higher self-efficacy than the medical staff.
The issue of security breaches in health care systems has been in rise recently. This is greatly contributed by the ever-emerging technologies and systems. Anyone company handling health care information should ensure that its systems are secure from unauthorized access by installing firewalls and other blocking applications. In addition, since a number of people use such information, the access should be well managed to ensure employees do not misuse their access privileges. Again, employees should also take it a responsibility to keep any data at their disposal safe. Patient’s data should be stored in encrypted form to make it hard for hackers to succeed. Company networks should not be open to the public since they increase the system vulnerability. Furthermore, hardware such as network, servers, mobile devices and points should be protected for they are vulnerable. In addition, employees should only access data that is related to their work rather than accessing the whole bunch of data.
Security Breaches in Healthcare Insurance
Health insurance companies hold the medical data of their clients mostly in digital form. Such data is prone to a security breach. Some of the reasons why anyone would want to steal medical data are for blackmail, identity theft, activism and fraud among others. Security breaches on healthcare facilities are becoming very rampant with the advancement of technology. The fact that anyone with the knowhow can remotely access the system of any company makes the matter even worse. Again, the change from paper work to digital data has also made security breaches easier to accomplish. It is upon the management of healthcare facilities especially insurance companies to upgrade their security tactics and systems.
Over the years, a patient’s health care information records accumulates important personal information such as identification, habits, genetic information, medication history, sexual preference, employment history, psychological profiles, income history and assessment of mental and personality state.
The Wikipedia process is not so complicated and it is easy to follow. It is good to note that volunteers write Articles found in Wikipedia. The only problem is that the authenticity of these articles cannot be proven. Though the site is run by Wikimedia foundation, it is hard for the foundation to control the volunteers and what they write. The ideal idea was for volunteers to write articles on different topics and then the experts can use these articles to develop articles that are more informative. The volunteers however have formed a complex system of governance.
Tom Simonite views Wikipedia as a declining foundation. His argument is that the website is run not by the sophisticated organizations but by a collection of volunteers with no leaders (Simonite, 2013). He asserts that ninety percent of these volunteers are male and the site has very skewed coverage. Its coverage on non-academic or historic issues is very comprehensive but issues such as famous novelists and sub-Saharan Africa are very sketchy.
Just like Wikipedia, the healthcare sector is declining in terms of securing the data of its clients. These organizations seem to be run by people who do not care much about the value of the client’s data. Art Thomat says that hacking your way into such information is more valuable than hacking into a bank (Nordrum, 2015). The healthcare industry is lagging behind in system security management effectiveness. Health care companies believe that such hackers are after the credit card numbers, but they are greatly mistaken. Medical records are very valuable in the black market as compared to the credit card numbers.
Wikipedia intended to create an encyclopedia covering as much topics as possible for the greater benefit of the people. Healthcare facilities in the same way accumulate personal information about patients to help them serve their patients better. However, with the rampant security breaches, the accumulation is becoming a problem to the patients as well as the organizations. Patients are using a lot of resources to recover their stolen data or through blackmails. Something meant to help people has turned on them. Wikipedia, which was meant to inform people, has become a disgrace to the same people.
Appari, A., & Johnson, M. E. (2010). Information security and privacy in healthcare: current state of research. International Journal of Internet and enterprise management, 6(4), 279-314.
Huston, T. (2001). Security issues for implementation of e-medical records. Communications of the ACM, 44(9), 89-94.
Korolov, M. (2015, March 19). Health records are the new credit cards. Retrieved March 19, 2015, from http://www.cio.com/article/2899117/data-breach/health-records-are-the-new-credit-cards.html
Managed Solution.10 Tips to Prevent a Healthcare Data Breach. (n.d.). Retrieved August 14, 2015, from http://managedsolution.com/10-tips-to-prevent-a-healthcare-data-breach/
Nordrum, A. (2015, April 14). Data Security: 29 Million Patient Records Compromised In Health Care Breaches, Study Shows. Ibtimes. Retrieved August 14, 2015, from http://www.ibtimes.com/data-security-29-million-patient-records-compromised-health-care-breaches-study-shows-1881245
Simonite, T. (2013, October 22). The Decline of Wikipedia: Even As More People Than Ever Rely on It, Fewer People Create It | MIT Technology Review. Retrieved August 18, 2015, from http://www.technologyreview.com/featuredstory/520446/the-decline-of-wikipedia/
Win, K. T. (2005). A review of security of electronic health records. Health Information Management, 34(1), 13-18.
Do you need an Original High Quality Academic Custom Essay?