Privacy and Security of Health Records Report

Exclusively available on Available only on IvyPanda® Made by Human No AI

Summary of the breach

A laptop computer that had information about patients of Cincinnati Children’s Hospital Medical Center was stolen. Even though nothing was pointing to misuse of information that was in the computer, the Hospital has undertaken to notify the patients in their later dated May 28, 2010, offering to protect their identity without charges. The laptop was stolen from an employee’s vehicle a day before the Hospital management offered to protect the patients’ identities. The incident was reported to the police. The information in the computer was patients’ personal information like their names, their medical record numbers, and the services the patients received at the hospital. There was no information on the patient’s social security and telephone numbers. Moreover, there was no credit card information. Because the information in the laptop was password-protected but not encrypted, Cincinnati has undertaken to intensify its encryption practices.

Was the breach an administrative, technical, or physical safeguard?

The breach was technical because password protection of documents in a laptop does not make them safe. Passwords can be cracked leading to the theft of medical records, which are supposed to be secret. Encryption should have guaranteed the safety of the records even if they fell into the hands of the wrong people because the laptop would have been tracked. The technical team ought to have put in place an avenue for communicating safe electronic practice within the medical facility. The technical team should also have updated training to guarantee the safety of information regarding the patients to its employees (Gostin, 2001). If these were put in place by the health records technical team, the laptops should not have left the hospital premises in the first place.

How the breach was resolved

Remedial measures that were taken to counter the breach included strengthening encryption processes. No laptop computers were given to employees without being encrypted. The tracking process of the encrypted laptops was improved. Training to the employees was updated to entail communicating safe electronic practices within the hospital facility. Moreover, Cincinnati contracted the services of ID experts to help the patients whose information was in the stolen laptops. The victims were to enjoy a one-year membership upon which they would enjoy the services of fraud resolution representatives who would stop, assess, and reverse frauds. For one year, the patients were to get free access to the ID expert’s personnel and their online resources, which are both advisory and educative. The patients were to be advised on how to protect their private information after the theft of the laptop. In satisfaction with the requirement of the law, the department of health and human services, the family members of the victims, and the general public were notified using a press release and postings on the hospital’s website.

What I would have done to ensure the breach never occurred

I would have undertaken to appoint a security officer on both IRB and Privacy Boards to assess data protection needs and subsequently implement staff training and remedial measures to be taken in case of theft of patients’ records. I will also intensify the encryption and encoding of laptops that the hospital uses. In compliance with the law, I will immediately inform the patients about the loss of the records so that they guard against theft of their identity (IOM, 2000). I will also do security audits at regular intervals. Together with other health industry players, I will lobby so that the federal government encourages innovations that help enhance health information system security.

Reference List

Gostin, L. (2001). Health information: Reconciling personal privacy with the public good of human health. Health Care Analysis, 9, 321.

IOM (Institute of Medicine). (2000). Protecting data privacy in health services research. Washington, DC: National Academy Press.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, September 11). Privacy and Security of Health Records. https://ivypanda.com/essays/privacy-and-security-of-health-records/

Work Cited

"Privacy and Security of Health Records." IvyPanda, 11 Sept. 2022, ivypanda.com/essays/privacy-and-security-of-health-records/.

References

IvyPanda. (2022) 'Privacy and Security of Health Records'. 11 September.

References

IvyPanda. 2022. "Privacy and Security of Health Records." September 11, 2022. https://ivypanda.com/essays/privacy-and-security-of-health-records/.

1. IvyPanda. "Privacy and Security of Health Records." September 11, 2022. https://ivypanda.com/essays/privacy-and-security-of-health-records/.


Bibliography


IvyPanda. "Privacy and Security of Health Records." September 11, 2022. https://ivypanda.com/essays/privacy-and-security-of-health-records/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1