Management Plan in the Case of a Security Breach - Essay Example

Management Plan in the Case of a Security Breach al Affiliation Management Plan in the Case of a Security Breach It is of crucial significance to acknowledge the fact that confidentiality and privacy is one of the most important things in all sectors of the society. It is significant to note that confidentiality of information is important in several aspects of life since it maintains trust as well as confidentiality within different organizations (Haux, 2010). In addition, information security and confidentiality is important in the protection of the client information. In the health sector, it is of crucial significance to note that the protection of confidential client information is of paramount importance. The information of such clients should be accorded due protection and security deserved. There should be several policies, rules and regulations put in place to govern the information (Einbinder, 2010). These rules, policies and regulations should ensure maximum security and confidentiality of the information of such clients. Moreover, the websites and databases where such information is contained should be protected with secure passwords to prevent cases of hacking. This is important in ensuring that the information of each client in kept free from access by unwanted or unauthorized parties (Clarkson et al, 2012). However, in cases involving breach of security of such information, it is highly likely that unauthorized persons may get access into the client’s information. This is very dangerous since the people may use the information of the clients in several bad ways (Blyth, 2008). As such, the right to privacy of such clients will be compromised. This may lower their trust with such organizations. The leakage of the privacy of such clients may destabilize them psychologically, mentally and socially. This should always be discouraged at all costs by putting in place several restrictions, policies and rules governing the safety, security and confidentiality of such information. It is important to note that the scenario experienced in the administration at St. John’s Hospital depicts a breach of security of information of the clients. The fact that the cleaners could get access to the information of the clients when tidying up the place was vivid evidence that the people responsible did not take proper care in keeping the client’s information. This was negligence in the part of the people involved in the security section of the information. The discarded printouts should always be kept safe or assigned specific individuals within the organization to always access and dispose of them professionally. However, it is important to note that whether the printouts are discarded or not, they contain the information of the clients. Therefore, confidentiality of such information contained in such printouts should be accorded the security, confidentiality and safety deserved (Winter and Haux, 2011). It is of crucial significance to note that the personnel working late should have taken the duty of warning the cleaning staff against reading the documents within the office. This follows that some of such documents always contain confidential information. In addition, the personnel staff should warn the cleaning staff against sharing the information already illegally acquired. Again the personnel should state to the cleaning staff some of the consequences that may follow any disclosure of such confidential information. This is geared towards ensuring that the information is not disclosed by the cleaning staff. There are several actions that IS administration should take in such a scenario. The IS administration should ensuring that such documents are kept safe and secure where no other third party may have access to them. The department should also warn the cleaning staff against leaking the information contained in such documents read (Haux, 2010). The IS administration should come up with rules, regulations and restrictions governing the practices within the facility. The IS administration should define punitive measures to be taken against any employee who breaches the facility’s code of conduct. This is critical in ensuring that all the employees take active roles in protecting and securing the information within the facility. As such, the issues regarding breach of security will be minimized. Moreover, the IS administration should retake the potential risk analysis in order to identify the threats and vulnerabilities facing their security plan (Wolper, 2011). This should aim at coming up with combative measures to address such risks and vulnerabilities. St. Johns Hospital Patient Data Privacy and Security Plan It is critical to note that the protection of the patients’ health information is very important in the health sector. One of the aims of St. John’s Hospital is to ensure that the patients’ health data are protected in all ways possible. This involves the electronic health information as well as the physical health information. The facility’s patient data privacy and security plan provides detailed information on the security requirements relevant to patients’ data. St. John’s Hospital is a “Covered Entity”. Thus, it has the responsibility of ensuring proper regulations of identifiable health information (Einbinder, 2010). The facility also provides leadership on the significance of ensuring that the patient health information is put safe, secure and protected at all costs. In reinforcing the above, the facility has designated security and privacy officer to ensure that the data is secure. Relevant to security measures, the facility always documents its processes, findings as well as actions. This is important in highlighting the areas where security measures exist, the procedure of coming up with them as well as the ways of monitoring them (Blyth, 2008). St. John’s Hospital always carries out Security Risk Analysis. This is important in comparing the current security measures to the legally and conventionally required security measures for managing its patients’ data. This involves identification of threats and vulnerabilities that may face the patient information data (Clarkson et al, 2012). This is always followed by designing action plans for dealing with such threats. The action plan is then implemented upon successful establishment. The implementation of the plan involves establishing credible policies as well as procedures for protecting the patient health information (Winter and Haux, 2011). In order to reinforce risk management, the facility also trains as well as educates its workforce. This involves training and education on policy implementation procedures as well as security audits. In addition, the workforce also gets training and education relevant to breach notifications. The facility also emphasizes communication with the patients through the use of educational materials as well as open and free consultations. Alongside updating business agreements, St. John’s Hospital also attests Meaningful Use Objective. This is a legal statement that proves that the facility meets the requisite standards of operation relevant to protection of patients’ health data (Einbinder, 2010). References Blyth, M. (2008). Risk and security management: Protecting people and sites worldwide. Hoboken, N.J: John Wiley & Sons. Clarkson, K. W., Miller, R. L. R., Cross, F. B., & Clarkson, K. W. (2012). Business law: Text and cases : legal, ethical, global, and corporate environment. Mason, OH: South- Western Cengage Learning. Einbinder, L. (2010). Transforming health care through information: Case studies. New York: Springer. Haux, R. (2010). Strategic information management in hospitals: An introduction to hospital information systems. New York: Springer. Winter, A., & Haux, R. (2011). Health information systems: Architectures and strategies. London: Springer. Wolper, L. F. (2011). Health care administration: Managing organized delivery systems. Sudbury, Mass: Jones and Bartlett Publishers. APPENDIX 1 St. John’s Hospital Code of Conduct St. John’s Hospital is committed to provide sound policies as well as procedures to ensure maximum protection as well as ascertain highly levels of confidentiality relevant to client information. This code of conduct sets the guideline for the entire workforce within the facility to adhere to the facility’s mission, targets and commitment. The standards set herein are important and are binding to all the employees regardless of rank or position. Thus, any behavior leading to breach of any standard within will attract punitive measures as stated within the Corporate Compliance Program. The Corporate Compliance Program This is responsible for managing the workforce behavior, recommend as well as implement changes. This is an essential and proactive tool in avoiding any incidence of violations of the standards wet within the code of conduct. Questioning and Reporting Violations The workforce has the right to get answers to their queries regarding their operations within the facility. The workforce is also expected to report any instances involving breach of standards set within the code. This should be done procedurally by discussing the matter with the supervisor first. In case the employee feels uncomfortable discussing the issue with the supervisor, he should directly present the case to the Corporate Compliance Officer. St. John’s Hospital Commitment to Compliance St. John’s Hospital aims to achieve the following. 1. Comply with the law. St. John’s Hospital operates within several laws and regulations. As such, all employees are expected to abide by such laws as defined by the facility. 2. Ensure provision of world-class patient care. St. John’s Hospital’s workforce is expected to treat the patients with the care and hospitality required. This involves respect, kindness, patience as well as understanding. Any discriminatory elements against patients are strongly shunned by St. John’s Hospital. The patients are attended to by competent and qualified personnel in St. John’s Hospital. 3. Ensure proper protection to confidential information. St. John’s Hospital is committed to ensure that the patients’ health records, data and information is kept safe, secure and protected. 4. Keep accurate records. St. John’s Hospital is committed to keep accurate as well as complete records of all its patients. Such records must be kept safe and secure. 5. Protect the environment. St. John’s Hospital is committed to ensuring environmental conservation and protection through engaging in environmentally friendly operations. The wastes should be disposed of in accordance to the laws as well as regulations defined by the facility. Read More