Patient Record Security - Essay Example

From time immemorial, records of patients have been seen to contain information that could be both life-saving and life threatening. A great deal of challenges are making the access of information dangerous for both the patients and physicians as they exchange information via the internet which could expose them to major risks (Billie, 1999). The advent of computerized information has seen an increase in the number of people who can access patient records. This means that a new opening has emerged for new liability issues. Violation of patient’s legal right to privacy is increasing at alarming rates and will continue increasing should one not be careful with those allowed access to the records. Federal laws have been used to create the needed attention and they provide many privacy protections to hospital patients and their families as well. There has been enactment of the HIPAA that is Health Insurance Portability and Act to change delivery of information on Medicare and Medicaid programs, the imposition of anti-kickback prohibitions, and change to prospective payment. This implies that the number of people who have access to automated information can make out the most secretive details concerning a person and use that information for malicious damage or character assassination. It has been noted that over the years, patient data is the most valuable and content-rich for profitability and fraudulent use (Billie, 1999). These records have been used for synthetic identity theft where people can make use of it for multiple sources. This makes it criminally viable as it cannot be detected and prevention measures are limited. Specifically, the auto accident victims bear a lot of this discrimination due to several factors. Lack of awareness amongst the majority of the auto-accident patients makes it even worse as not many understand the frequency and seriousness of the synthetic theft and its impact to the individual. Containing the problem and creating a reduction in the risks involved with data exposure is evident among the major states as they have to maintain laws that regulate these. The moment people and the regulatory boards become serious in mitigating the risks involved is the moment that they will be able to maintain the risk of data exposure and incidental theft as well as fabrication of character for multiple personality (Harold, 2006). These victims are often seen as ignorant when it comes to being knowledgeable on what goes on in the hospital. Education should be given to individuals to enrich them with immediate knowledge that could assist them in knowing their rights and being able to follow up incase a breach has occurred. There have been loopholes in the regulatory boards as they are the major contributors of misunderstanding among people. They use jargons which make it hard for patients to understand simple instructions. This makes the breaching of cases to go unreported hence preventing accuracy and preciseness in reporting the frequency of occurrences amongst the patients. Research carried out shows that 56% of auto accident victims who have in turn noticed cases of breach have reported them to authorities (KFS, 2008). The hospital management has also a role to play since very few of them have even notified the concerned patients when they notice a breach in their records. Jeopardizing of data is what makes it important for all to be well informed of what is going on in the industry. Unauthorized access of the same is even difficult to tell since they cannot be notified via any mode of communication. As much as they are open to scrutiny by the health personnel in the institution, some of the reasons may be harmless and benevolent; but this happens once in a while. Some of the practitioners sell data to the Health Management organizations so as to help the HMOs net more clients. This is where the misuse of authority comes in. There have been cases of workers “accidentally” erasing data from the system. This makes it worse for them as they have no way of knowing how that happened or who is to be blamed for the accidental erasure. Difficulty arises when a need arises of striking a balance between ensuring confidentiality and access to information. This can only be made possible when one looks at the institution as a place where justice can be vetted and granted access to the people who truly require it. Issues concerning the release of information are rife amongst many health institutions making it difficult to assess the magnitude of these cases. The severity of these issues is usually way beyond the initial expectations where the patient realizes that the loss has done more damage than they could actually manage. Once these risks have been identified, a series of events that would go unnoticed are looked at and dealt with more effectively (Harold, 2006). This makes it even worse as more people could be targeted and taken to task in explaining this better. Once the link to those who are leaking information to the rest of the world has been identified, the one involved should be dealt with in accordance to the rules and regulations of the company. Surveys show that 62% of the health officials engage in unauthorized use of information while some 32% of them claim to use the information through wrongful access of paper records (KFS, 2008). This makes it hard for them to inform the patients since they are the ones who are using it and leaking it to the outside world. The technology they intend to use should fit into the company and should also be feasible. This makes it easier to monitor those who may be having ill-motives. This requires regulation of the ones who access these facilities and using them to the benefit of the patients. It can be used in litigations once a victim has been accused in a court of law making them have a lower advantage over their accusers. Issues of confidentiality, privacy and security are the top issues which a patient requires of the health institution. All these new securities create standards that are designed to protect all the electronic information held by the organization. But improper alteration, access, or loss is making it difficult for patients to trust the health institutions. There should be proper administrative requirements which will enable them regulate assessment of these records and allocate resources to offer education to the workers on the importance of maintaining client records as confidential as possible (Hossein, 2006). There should be ways in which policies on data integrity and access can be adopted and used to the benefit of both the patient and the institution. The security has to be user authenticated, encrypted when sending information over the internet or open networks, must have access controls that are limited to certain personnel only and distributed minimally amongst the personnel to ensure they offer the best form of security possible. This means that they have to avoid taking outside firms with dubious records to update their security firms and instead have legal assistance once breach of conduct and policies occurs. In conclusion, one has to be aware of the risks involved when dealing with personal data and the fact that rules that protect client information are used for the benefit of all. Encryption of data needs to be created and spread amongst all the health centers as this is an easier way of creating security on data held by the institution. The HIPAA requires that all the health centers create their own security standards that will be easily adopted by all its departments (Hossein, 2006). This means that education is of the essence and cannot be neglected if an institution is willing to perform to the maximum. The Act further stipulates that there must be ways in which patients can be let to amend and inspect their own records and ensure that they are allowed to access their own records at will. The institution will be mandated with offering information to outsiders at the request of the patient. The auto accident victims have to be aware of what goes on before they can trust their information with the health care officials. This makes it easier to disseminate information to victims. References: Billie, H.W. (1999). Developing a plan to protect patient data: managing data security. Retrieved 21 July, 2009, from http://findarticles.com/p/articles/mi_m0FSW/is_1_17/ai_n18608371/?tag=conten ;col1 Harold, F. (2006). Information Security Management Handbook, Michigan: CRC Press Hossein, B. (2006). Handbook of information security, New York: John Wiley and Sons Kroll Fraud Solutions (KFS) (2008), Security of patient data: 2008 HIMSS analytics report. Retrieved 21 July, 2009, from http://www.thehealthcareblog.com/the_health_care_blog/files/kfs_himss_release final.pdf Read More