Database Design and Data Security Breeches - Essay Example

The IRB waiver can be applied if the information is exceptional. The information with de-identified status can be given to the researcher. This is the information that gives details about a particular group of patients but cannot be narrowed to a specific patient. Such information is exempted from HIPAA regulations since it is in a general format (Wilson, 2010). Such information does not have any hint that links the information to a particular patient, such as contacts, names, job numbers, geographical information, official documents, account number, e-mail, and medical record numbers.

The current rule and regulation governing health information are HIPAA. This stands for the health insurance portability and accountability act. The laws were put in place in the year 1996 by congress. The rules are meant to give the mandate to transfer and link health insurance coverage and reduce health information abuse and fraud. It also gives rules on the confidentiality and protection of health information. Giving access to the restricted areas has to involve some consultations first with the senior administrators.

Later the researcher is given access using MySQL 5.1 version which can access different databases. The privileges to be accorded to the academic researcher include being allowed to be a member of the data reader so that he or she can access the data easily. The database system should only avail the information needed by the researcher. Other information should be kept private. The SQL statement used should be able to sort the data according to the limited privileges. Such statements include GRANT PRIVILEGE_NAME option. For the record: Protecting electronic health information.

Examples of data breach the department of health of Utah had their system accessed and personal information stolen. This is where a hacker made the figures of those who were affected rise from 24,000 to 780,000. Social security numbers were also stolen from 280, 000 individuals and personal data from 500,000 people. The reason behind this act was attributed to a weak password. Therefore, it is the responsibility of the database managers to ensure that they have a unique entry key.

This can also be accompanied by a multilayered security system to ensure that one has a long way to go before accessing the data (Gertz&Jajodia, 2008). The password can also be changed after a certain period. This ensures that even if a person leaked the secret code, the system will still be safe. In another case, an employee sent a mail about the ID, phone numbers, and social security numbers of people to a personal account. This happened in the South Carolina Department of Health and Human Services. This kind of stealing is associated with a lack of integrity among the employees.