Home > Free Essays > Health & Medicine > Health IT >

Data Breach in the Healthcare Sector Report (Assessment)

Exclusively available on Available only on IvyPanda®
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
  1. Factor Analysis Table
  2. Suggested Plan
  3. References

Factor Analysis Table

Factors (Internal and External)Potential Impact of Identified Factor on the OrganizationStrategies to Minimize or Control Factor’s Impact
Youth moving out to seek better opportunities (External)Lack of potential workforce in the future and potential nursing shortage. Such an issue is relevant for smaller towns, where youth tends to acquire education and continue working in bigger cities.Cooperating with colleges and universities to attract young professionals from other areas.
Epidemic (External)Risk of not being able to provide the best service to all patients. The example of the COVID-19 pandemic showed how vulnerable healthcare organizations and the industry in general are to the threat of the pandemic.Creating an emergency plan to prepare workforce to the increased workloads and having a developed action plan for epidemic emergency.
Data breach (External)Date breach may lead to the loss of valuable or confidential patient information. Cyber threats are some of the newest issues with the healthcare industry as many hackers target them as easy victims (Byrd, 2019). Yet, healthcare organizations operate with very important clients who want to remain incognito or conceal their condition.Investing into development of advanced data protection systems and developing protocols that minimize the risk of the breach.
Phishing (External)Loss of clients or financial losses due to employees’ misconduct. Healthcare organizations can become victims of phishing because of valuable patient data they possess (Byrd, 2019). In addition, some employees may use corporate email for their private messages.Training staff to use the Internet responsibly, creating an inner system of websites and tools that is protected from external agents. Warning clients about the correct ways of interacting with the facility.
Lack of funding and resources (External)Inability to provide high quality care and meet the needs of the patients. Many healthcare organizations struggle financially to cover their needs and the needs of the patients.Cooperating with other healthcare facilities, seeking support from governmental organizations or non-profit organizations.
Violations of the medical code of conduct by employees (Internal)Loss of reputation, possible legal consequences depending on the case.Assigning supervisory and controlling roles to some of the personnel
Interns not wanting to continue working for the organization (Internal)Could lead to a nursing shortage. Attracting young talents is essential for proper functioning and development of healthcare organizations.Assigning the best professional to supervise and motivate interns to seek improvement and growth.
Ineffective management (Internal)Delays, poor quality of service, burned out employees. Burnout is one of the leading causes of nursing shortage as nurses are more likely to quit their job or under-perform because of the emotional damage.Hiring capable managers, ensuring that they adhere to the organization’s value, using positive and negative reinforcement to achieve better performance.
There being a group of workers who are often late for work and meetings (Internal)Bad discipline and lack of motivation from personnel that is punctual. In case the issue is not addressed, employees will not take their job and the organization seriously.Creating a system of warnings and penalties to prevent systematic late arrivals.
The equipment in the organization becoming outdated (Internal)Loss of reputation, possible mistakes in the work of the equipment. Mistakes could lead to wrong diagnoses, which is unacceptable for any healthcare organization.Seeking funding for constant update of the most important equipment.

Suggested Plan

Healthcare providers are ethically and legally obligated to protect the confidentiality of medical records of their patients. However, as noted by Seh et al. (2020), there has been an increase in the number and extent of reported data breaches in healthcare over the last few years. According to Seh et al. (2020), this is due to many factors, one of which is breach reporting becoming mandatory became mandatory in 2009. Another factor is the ease at which the penetration of the healthcare sector can be conducted. Finally, there is an abundance of confidential personal information in patients’ medical records that is available and accessible to offenders. Known cases of healthcare data breaches need to be analyzed for the creation of a framework to recognize and evaluate the risks and vulnerabilities of the organization and prepare an action plan. There are three categories in which the largest number of breaches occur: portable device breach, insider breach, and physical breach (Seh et al., 2020). Each of these categories needs its own risk management framework for specific risks connected to them to be avoided, reduced, or transferred.

Portable device breach occurs when a smart phone, laptop, personal digital assistant (PDA), or any other portable device is discarded, lost, or stolen. The ever-growing variety of devices capable of storing electronic protected health information (ePHI) creates corresponding loss opportunities. Seh et al. (2020) recommend that all devices are pre-approved, and healthcare providers take an inventory of devices approved and data stored on them. All devices must be protected by screen saver passwords and automatic log-offs after a specified period of time. Strong passwords are to be employed on each device and changed periodically, and a device lock is to occur after a number of failed login attempts. In addition to that, portable device ePHI data must be encrypted, and all encryption/decryption keys must be approved regarding complexity. Device software is to be configured for automatic updates with new releases and patches becoming available. Finally, all data must be periodically backed up on company servers or cloud providers.

Insider breach occurs in the case of employees or contractors with ePHI access intentionally breaching. As per Seh et al. (2020), to reduce the risks of it occurring, first of all, there must be complete background checks for all employees entering the organization. Authorized insiders are to be provided full access to ePHI only as required, and this access is to be restricted with multiple passwords for files, fields, and folders. There is to be the separation of duties among staff and user access restrictions on the basis of employees’ roles and responsibilities. Moreover, 2- or 3-factor authentication is to be used for system access. Camera records, system and building access, and other electronic sources are to be reviewed to verify individual use and access. Finally, system access for those leaving the organization is to be immediately terminated, with all devices immediately returned.

Physical breach occurs in the case of non-electronic records, mainly paper documents such as health records, tapes, or receipts being discarded, lost, or stolen. According to Seh et al. (2020), to attempt to prevent it from happening, PHI is to be shredded and put into secure bins. Employees should be taught to secure PHI and keep it on them at all times, not leaving it anywhere in plain sight. Furthermore, contractors with PHI access are to be subject to regular audits, and contracts are to include responsibility and liability for PHI breaches. Finally, medical facilities’ physical location is to be examined in relation to past incidents of burglary and insecurity in the general area.

In conclusion, data breach in healthcare is an issue that has become extremely prevalent in the last few years and needs to be addressed. A set of measures relating to each of the three categories – portable device, insider, and physical breach – is intended for the reduction of risks related to the manipulations of patients’ medical information. The frameworks of prevention measures discussed in this paper are a key factor of a risk management program in all of healthcare, and as a consequence, the ensuring of healthcare system security.

References

Byrd, D. (2019). Cyber Threats in Healthcare Industry: Recognizing the Significance of Cybersecurity (Publication No: 22621946) (Master’s thesis, Utica College). Proquest

Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare, 8(2), 1-18.

Rate
More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2023, June 13). Data Breach in the Healthcare Sector. https://ivypanda.com/essays/data-breach-in-the-healthcare-sector/

Work Cited

"Data Breach in the Healthcare Sector." IvyPanda, 13 June 2023, ivypanda.com/essays/data-breach-in-the-healthcare-sector/.

References

IvyPanda. (2023) 'Data Breach in the Healthcare Sector'. 13 June.

References

IvyPanda. 2023. "Data Breach in the Healthcare Sector." June 13, 2023. https://ivypanda.com/essays/data-breach-in-the-healthcare-sector/.

1. IvyPanda. "Data Breach in the Healthcare Sector." June 13, 2023. https://ivypanda.com/essays/data-breach-in-the-healthcare-sector/.


Bibliography


IvyPanda. "Data Breach in the Healthcare Sector." June 13, 2023. https://ivypanda.com/essays/data-breach-in-the-healthcare-sector/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1