Play

Business and Economics Essay

Privacy and security of health information technology 

Health organization

Hospitals have been trying to deal with the issue of using information technology to save, share and protect patient’s information at their disposal. Providence health is a hospital that has implemented this technology in its operations and has reaped benefits and also faced numerous challenges from it. The information manager at the institute narrated to me the process and how it has impacted on the operations of the organization since incorporating it 5 years ago. The organization effected this project after realizing that other organizations had improved their efficiency since adopting information technology. The firm had problems’ retrieving information saved long time ago and was also running out of space to keep files that contained patient’s information and also those containing records of the operations of the hospital. The hospice was already using computers to print receipts and book patients but was not saving patients medical information in the system. The management then decided to acquire a computer information management system that could handle the receipts, bookings, patient’s information, purchases, sales, financial information, assets owned by the hospital among others. 

The system was bought and installed in the computers that had been purchased to handle the increased traffic and work load. Every department has a number of computers meant to make it possible for all members of staff to access a computer any time they need one since all information they use is available there. The first major challenge was training the employees while they were still supposed to be using the system in their duties. The management did not anticipate the problems that arose from this arrangement since most of the older staff were not conversant with complex computer tasks. Consequently, they took longer to learn and hence were more affected during the translation period when they were required to learn and work simultaneously without a drop in output. The whole hospital was in a mess during the first month as there were mix-ups and omissions that affected the operations of the hospital. The second month involved rectifying the problems that emerged from the first month and also ensuring that all members of staff were equipped to work with the system. Since then, there have been a few problems arising from data mix-ups which are expected to occur occasionally and also system upgrades which have led to loss of some data. However, there has been a serious challenge arising from protecting the information that is stored in the system. Patient information is confidential and should not be shared with outsiders without their consent. However, there have been a few instances where patients have lodged complaints after they found insurance companies in possession of information that they had only shared with this organization. These breaches have been traced down to a few members of staff leaking information to insurance companies, press and other organizations and individuals. There was also an instance when the system was hacked and some crucial information deleted. 

There are measures implemented to keep this information private. The first is providing login details to only the doctors, nurses and a few other members of staff. This makes it easier to identify where the breach occurred since there are few individuals who have access to the system. The second is restricting access to this information only to one’s computer. This implies that even doctors are not allowed to use their colleagues’ computers when accessing any information in the system.

This has helped identify where a breach occurs if a hack occurs. Furthermore, there is a security system that monitors the activities of all computers. This is meant to identify cases where data may be downloaded to an external drive or even shared through an email with an outsider. These strategies have lowered the occurrences of security breaches to less than 5% from a high of 20% a few years ago. The few cases that have been reported this year have involved sharing of information through word of mouth. This implies that the information technology system that is in use here has been upgraded and customized to safeguard the privacy of the information that patients have provided to doctors and other care givers in the institution. Doctors have also been able to share information among them easily which has improved the efficiency of the organization. Monitoring of finances and the resources of the hospital is also very easy which has made it easy for the management to maximize on all it has at its disposal. The organization intends to make the system better by incorporating any new security measures that are deemed useful. The system has improved the efficiency of the organization which means there are no plans of discarding it. The plan is to improve it to minimize any leaks that may occur. This improvement will be achieved through liaising with leading organizations that develop security systems to ensure that any new developments are passed on to the hospital. 

Organization history

The hospital was started in 1905 and has been owned and operated by the Daughters of Charity. This is religious organization under the Catholic Church that provides health services to people in different states in the United States. The mission of the organization is to serve all persons with special attention to the poor and vulnerable. It is also offers services that are spiritually centered, holistic care which sustains and improves the health of individuals and communities. The core values of the organization are service of the poor, reverence, integrity, wisdom, creativity, and dedication. All the clinics are managed by administrators who report to the chief executive officer. This ensures that all clinics are operated in accordance to the set objectives. 

Literature review

Technology has evolved creating better and more efficient ways of doing things. Most industries have incorporated information technology in their operations reaping huge benefits. Health care has changed as technologies gain traction into this field improving existing infrastructure (Blumenthal, 2009). Patients’ records are kept in electronic format and doctors can monitor the welfare of patients recuperating at home through sensor networks. These technologies are expected to make health care better and more effective, since information is readily available to the care giver making it possible to provide the right treatment any time the patient’s checks into a health organization (Buckovich, Rippen & Rozen, 1999). Technology is also expected to reduce costs and medical errors while also making it more personalized and of better quality. However, the privacy of patient information is in jeopardy since it is far much easier to access information stored in digital records. This situation is expected to change as technology improves and better information security is available (Dimitropoulos & Rizk, 2009). 

McGraw et al (2009), opines that there have been problems in the adoption of information technology in health institutions. This has impeded the success of this process since most organizations are more concerned by the privacy of the patient’s information. They are aware of the consequences information breach would have on the organization and are not willing to risk it (McGraw, et al., 2009). However, this can be avoided through a comprehensive framework designed to implement core privacy principles that guide care givers and other members of staff on how they should handle data at their disposal (Huang, et al., 2009). The framework should also cover adoption of trusted network designs that are known to safeguard the information stored in the system, this is vital in the whole set up since some network designs are vulnerable and prone to attacks exposing the information stored (Smith & Eloff, 1999). In addition, the frame work should establish oversight and accountability mechanisms. This is imperative in the whole set up since it ensures that members of staff are liable to punishment if they are found to infringe the privacy policy of the institution (Rindfleisch, 1997). In addition, it also establishes a command structure that makes it possible to identify culprits if a breach is reported. It has also been found that the public policy has inhibited the implementation of successful frameworks since it gives more emphasis on what should not be done without providing any details on what should be done. This can only be changed if the current laws are improved to cover entities outside the health care sectors, a better more involving approach to the role of patient consent in provision and storage of information and finally a stronger enforcement mechanism. This is expected to make information stored in computers systems secure and maintain its privacy without affecting the implementation of information technology in the health sector. In addition, a majority of the public is comfortable with their records stored in electronic format because they believe it improves the quality of the services they receive (Blumenthal, 2009). However, they believe health organizations may provide information to outsiders who then use it for marketing purposes, employers accessing patient’s medical history, insurance companies accessing the data, and identity theft and fraud using patient’s data obtained from the medical records (Meingast, Roosta & Sastry, 2006)..  

There is also a challenge that arises when health organization share patients information. The law expects the sharing organizations to keep the information private but the moment it is shared, it becomes relatively hard to determine who leaked it (Shortliffe, 2005). Therefore, organizations that are involved in the sharing process must build trust which is usually hard. This faces its biggest challenge from the way different organizations approach the issue of privacy and security of patient’s information. The law clearly stipulates that this information should be kept private at all times. Consequently, every organization has its unique framework that is designed in a way to make it private. Therefore, two organizations find it hard to agree on a mutual way of keeping the shared information private (Hiller, McMullen, Chumney & Baumer, 2011). This yields mistrust complicating the whole process since no organization wants to be charged with breach of private information if a leak occurs. There is also another challenge that arises from existence of different laws from one state to another. This has led to creation of different policies in different organizations operating in different states (Jha, et al., 2008). This impedes the process of sharing information between organizations in different states which affects the provision of treatment services to a patient seeking them in a different state. The cause of this confusion in development of privacy laws in different states and organizations is attributed to a misunderstanding on the security laws related to information privacy (Hodge Jr, Gostin & Jacobson, 1999). The laws provided by the state and HIPAA are friendly and encourage organizations to share information but different organization view their security policy as the best which leads to problems when the two decide to share data. The other problem arises from organizations concentrating on the technology while the law is focused on security (Goldschmidt, 2005). This has created unnecessary conflicts between the two which have resulted in slow growth of security and the necessary framework to keep patients records private. All these challenges will be eradicated when the existing misunderstanding is overcome and the laws harmonized to make it easier for organizations operating in different states to work together and share information without fear (Hersh, 2004). 

Discussion

The issue of information privacy is a huge problem to my organization. This is because there is a lot of information stored in the computers that should be kept private at all cost. The company keeps all its records in the computers which can be used by our competitors to overcome our strategy. In addition, clients’ details are stored in the system including all the transactions that they have carried out with the organization. This implies that the information is of paramount importance and any leak can have devastating effects on the company and its clients. Information leaks are common and are often hard to prevent especially in big organizations. This is because many employers have access to the system which makes it hard to monitor what each one is doing with the data they are downloading from this system. This has affected many organizations and created a challenge to others that are contending with this problem. This business is concerned that it might one day lose important information through a security breach that might cause irreparable damage. 

The issue of privacy of information stored in information technology systems is a major concern to most organizations. It needs to be addressed and the right policy developed to ensure that any risks arising from a breach are anticipated and the right checks and balances put in place. Therefore, this research topic is important to the organization since it provides an opportunity to study what the current law states and the challenges that hamper the security of information in different companies. Consequently, this is an issue that needs to be addressed since the organization has implemented a computer information system and is prone to the problems that others have faced. 

The organization has come up with a number of measures meant to safeguard the information that is stored in the system. The first one has been to implement a system that is hard to hack. This has been achieved through use of the best servers in the market that are hard to access without login details. This is to nullify the threat posed by hackers who access information and then sell it to competitors or use it to tarnish the name of a company. They prey on weak networks and can be overwhelmed when complex networks are adopted that make it hard to access any information. The second strategy has been to restrict access to certain critical information to specific individuals. The system is designed to allow access to people from different levels to different information. Consequently, junior employees have access to very little information while this changes as the ranks change. This implies that it is possible to tell the rank of the people who leaked information making it probable to discipline them. It also ensures that there is accountability and responsibility where information is concerned. Thirdly, all employees are expected to sign a code of conduct that bides and makes them liable to punishment and legal repercussions if they are found to have shared any material without the consent of the company.  These measures are expected to minimize the cases of information security breaches. 

Finally, the organization should ensure that its security system is reviewed regularly to identify any weakness that may be exploited. This should be done at least every month to certify that all changes that arise and are likely to affect the system adversely are dealt with. In addition, the employees should also be sensitized on the need to contribute towards maintaining the security of the information stored here. This is because any breach will also affect them adversely which might affect their job security and their future in the industry. There should also be regular system upgrades to ensure that any bugs are removed to create a strong secure system that is reliable and likely to withstand any form of attack. These recommendations should be adopted to improve the security policy of the organization. 

Close