ALL >> Education >> View Article
On August 8th during my routine work, I discovered a breach. The breach was that a contractor gained access to the Unity points EMR system with no any legitimate reasons. An employee from Unity Point Health had given his password to another employee working in another company that also provides care to patients. The EMR system contains data on patients Names, home addresses, and account numbers for medical insurance, dates of birth and most importantly their health information. The employee from the other company accessed the system from February 2013 to Augusts 2013(PHIPrivacy.net).
The breach of patient’s privacy and right of confidentially has a serious impact on all parties involved. The HIPAA sets out the regulations for handling the private information of patients. It is a responsibility for all healthcare providers to abide by the HIPAA regulations and avoid the risks of noncompliance. The incident is a case whereby the confidential records have ended up in the hands of a person who is not a privy to the EMR system information, and it can lead to overwhelming consequences. The medical records breach can lead to identity theft leading to destroying the person’s reputation, credit, and finances. The victim will also have the right of seeking litigation against the Unity Point Hospital practice. The breach can affect multiple patients leading to a long legal tribulations journey to this hospital. The case of the employee sharing the login details of Unity Point EMR system is a blatant violation of the HIPAA.
The employee at Unity Point divulged the confidential information to the patient to an employee of another healthcare organization. Healthcare employees are mainly aware of the regulations against sharing passwords with each other or other employees in other healthcare organization. Knowledge of the privacy and confidentiality policy in healthcare organizations has made disclosing of patient’s information to be lower (Rauhofer, 2008).
The breach of patients’ health records affects the confidentiality of customers. Since they now that their privacy is at risk, they will shy away from such hospitals. The customer’s loose trust of the hospital since their medical background innovation is exposed. To the employees involved in discussing patient’s records, they will lose their jobs and other serious penalties such as being the strip off their practice license. The public will end up not trusting the laws that govern the sharing of medical information that is meant to protect the privacy of patients all across the nation. People will have to pay more for insurance, lose out on jobs, suffer personal embarrassment and poorly perform in custody battles. Stockholders/Stakeholders will also lose their investments since no one will be interested in receiving care from hospitals which do not mind about their privacy (Raths, 2008).
Why it happened
The certification of EMR does not guarantee the EMR will work as planned or as per its implementation purpose. The usability principles, best practices and policies for EMR system proper use have not been consistently and widely been adopted by Unitypoint Health. The hospital lacks a sense of shared accountability between the product users and system developers in the functioning of the system. The reason for this incident is as a result of improper system use and system usability. Usability errors happen due to the complexity of using a system or lack of functionality that is user-friendly. Therefore, an employee can consult with other employees outside the organization to assist them in clarifying the interface. The incident can also be as a result of the user limitation. The error also relates to clinical decision support applications that cause errors from system performance issues, software design flaws, inadequate user training, and poor rules for decision support and system disruption from colleagues. The use of the system was also not intended to be for use by outside parties (Hauptman, 2013).
Financial, reputational/trust, inconvenience impact
The hospital will also have to suffer financial impact for inconveniences and lots of trust from patients. Revenue generation will be at its lowest level in addition to paying cash for court complaints sets forth by the patients. They will sue the hospital for the distress they have the cause, unnecessary suffering, and pain, inconveniences caused as well as damage to their reputation. A company can be expected to pay over USD 2 million for expenses related to identity theft and violations of the information security practices. The healthcare providers get exposure to reputational risks from the public perception of privacy, and this may further compromise the generation of revenue (Kellermann, and Spencer 2013).
Organizational maturity issues
In response to the incident, it is essential for the hospital investors if the company has a security and data privacy program and policy that ensure the respect for all subjects’ rights to data privacy. The company should also implement an external certification body of EMR system to ensure that their practices are in line with standards that have are international recognition. Officials should also have to know if the company has recently been with other cyber incident issues from people, failure, technology or process failure that contributed to compromising the customer’s confidentiality. Also, what corrective actions has the company done to prevent and optimize security and privacy attacks? Also, they should know if the company has been subject to other regulatory and legal judgments due to poor implementation of EMR (Hauptman, 2013).
The general Privacy Rule requirements of HIPAA are as follows;
The privacy rules have to be applied by all healthcare providers. The providers have to set a federal floor for protecting each of the health information individually that come across in all forms (Oral, paper, and electronic). Providers should set limits on the coverage of entities to use data and discloses the identifiable health information that they create or receive. Healthcare organizations should also provide individual rights of patients as per the PHI such as the right to copy examine and obtain their medical records and hear their right to amend any aspect in their medical record that is incomplete or inaccurate. Hospitals should also establish civil penalties for its workers for breaches of the EMR system and impose administrative requirements to prevent sharing of passwords (Sullivan, 2012).
The establishment of the HER provides a mix of security expected in securing the patient’s health information and provides new safeguarding responsibilities of patient’s information in the electronic form. The hospital has to adopt the national standards set up by the HIPAA Security Rule to protect the electronic health information of patients. The security rule expects appropriate technical and physical safeguards as well as administrative safeguards to ensure the integrity, confidentially and security of the EMR system (Renner, 2009).
When these safeguards have a good application, it becomes possible for healthcare organizations to avoid the commonly occurring security gaps that jeopardize the privacy of patients, data loss or cyber attack. The safeguards will also ensure the protection of information, people, facilities and technology that depend on in fulfilling the main mission of the hospital of assisting patients. The security rule by HIPAA requires all covered providers to implement the measures of security for protecting the privacy of patients. The measures involve the establishment of conditions for the availability of patient health information but at the same time ensure that they are not improperly disclosed and used (Hauptman, 2013).
American Health Information Management Association (AHIMA) is among the groups eliminating to ensure that patients data does not get into the right hands and the security of patients data. AHIMA provides expertise and leadership to health-focused policy makers and community in the improvement of health care worldwide. IMIA states specific needs in information technology and science applications in biomedical, healthcare and medicine research fields. One of the AHIMA groups specifically addresses matters concerning data protection and was among the first in establishing policies for securing the information systems of hospitals (AHIMA, 2012).
American Health Information Management Association (AHIMA). Data Quality Management Model. Chicago, IL: AHIMA, 2012.
Hauptman, R. (2013). Electronic medical records revisited. Journal of Information Ethics,
22(1), 2-I, II. Retrieved from http://search.proquest.com/docview/1661653686?accountid=458http://en.wikipedia.org/wiki/Electronic
Kellermann, L, and Spencer S (2013). “What It Will Take To Achieve The As-Yet-Unfulfilled Promises of Health Information Technology.” Health Affairs 32 (2013): 64.
Raths, D. (2008). Stay out of my EMR. Healthcare Informatics,
Rauhofer, J. (2008). Privacy is dead, get over it! Information privacy and the dream of a
risk-free society. Information and Communications Technology Law, 17(3), 185-
Renner, P. (2009). Why Most EMR Implementations Fail: How to Protect Your Practice
and Enjoy Successful Implementation [White paper]. Retrieved from
Sullivan, J (2012)“Recent Developments and Future Trends in Electronic Medical and Personal Health Records.”
Sherry Roberts is the author of this paper. A senior editor at Melda Research in research paper essay writing service if you need a similar paper you can place your order for a custom research paper from college research paper services.
Author is associated with MeldaResearch.Com which is a global Custom Essay Writing and Term Paper Writing Company. If you would like help in Research Papers and Term Paper Help you can visit Custom Writing Service
Education Articles1. 8 Reasons Coding For Kids Is Not Just Another Fad
Author: Jasmine Gordon
2. B.tech Cse At Avantika University
Author: Avantika University
3. How Virtual Accounting Can Help Your Business?
Author: Ledger Bench
4. How To Complete Any Online Course Successfully
Author: Online Class Cheat Reviews
5. Dgca Cpl Ground Classes
Author: HM Aviation
6. Shape Your Career The Way You Want With Hotel Management Courses
Author: BAPPA DEY
7. 7 Majestic Books To Read For 4th And 5th Grade Kids
Author: My schoolr
8. Analysis Instrument Ideas To Persuade Your Professor
Author: Matthew Ward
9. Look Up Itm For A Wide Selection Of Pg Diploma Course
Author: Krutika Sharma
10. Know More About Inductive Test
Author: Jason Rodnay
11. Blockchain In Agriculture: Explain 5 Potential Use Cases
Author: Block chain council
12. Data Science Training In Mumbai
Author: Dipanwita Sarkar
13. Digital Marketing Course In Hyderabad: Why Did You Choose This Career?
14. What Are The Ways By Which The Tutoring Services App Has Been Beneficial?
15. Discover The Top Reasons Behind Raising Demand Of Overseas Education Consultants In India