Health Insurance Portability and Accountability Act Compliance in Medical Information Security - Term Paper Example

First, as a health facility, we are obligated to be Health Insurance Portability and Accountability Act (HIPAA) compliant. Therefore, we have undertaken and continue to conduct periodic HIPAA health security analyses and undertaking the necessary steps to patch the detected vulnerabilities. Secondly, we constantly inoculate our systems by encrypting all the devices and data relayed within our networks and databases. We continue to invest in secure technology, data security training for our personnel, and offering continuous system analysis and updates to assess the system weaknesses and penetration testing and providing prompt remedies.

Thirdly, our facility continues to invest in security awareness and training for our personnel especially on situational training to equip them with the necessary tools to combat security situations such as phishing and other forms of data hacks.   With the security systems already implemented, it would be difficult for third parties to access our networks and database. However, in the instance that our data security has been breached, we have undertaken the following preventive measures to ensure minimum impact on patient confidentiality.

We have implemented multi-layered breach detection, encryption, and recovery systems to ensure that sensitive information is not easily accessed as advised by the department of health and human services (HRSA, 2019). Slight detection of breach triggers an automatic back-up and shut down followed by a prompt notification to our database administrators for assessment and containment. Our data encryption policies also ensure that in the instance that medical data has been stolen, accessing the records would prompt a request for decryption keys which can only be provided by approved and authorized personnel.

This would render that stolen data useless to the hackers thus protecting the privacy of our patients and other medical records. As an institution, we acknowledge the existence of ethical risks. Some of the ethical concerns that we face as an institution include unauthorized sharing of access keys, internally and externally, data inaccuracies, data theft, negligence, and failure or poor system implementation (Ozair et al. 2015). To manage and prevent the occurrence of these risks the HIM Professionals can undertake thorough vetting and background inspection of all medical personnel before being granted authorization, disciplinary measures such as suspension and recommendation for the prosecution to authorized agencies, training and facilitation to ensure that each person understands the consequence of any the named risks and the implementation of policies that ensure that medical records fed into the systems are proofread, validated and checked against various inconsistencies by different personnel at every access level.

This can be achieved by frequent and random system audits to ensure HIPAA and hospital policy and procedure compliance (HMT mag, 2012). There are various risks involved in the instance of medical identity breach and fraud. The institution takes data security seriously due to the sensitivity and severity of any data breach. Some of the impact of the potential damage both the patients or consumers and the healthcare institution. To the patients, the inherent risks include loss of privacy, financial losses, for example, sums of money paid to the insurer to recover and restore the identity, and the cost of resolving the fraud.

Additionally, patients suffer mental trauma caused by the breaches due to the possible embarrassment such leakages might cause. Institutions risk losing public confidence and trust. Once sensitive information is leaked, the public would be reluctant to deal with such an institution in the future thus loss of confidence which leads to business losses, financial loss on the recovery process especially ransom paid to the hackers in an attempt to prevent leakage to the public. Financial resources that would otherwise be used to improve the facility may also be redirected to settling legal suits.

Thus, medical record security is a priority to Mercy Vale Hospital. To protect the institution against potential identity breaches and fraud, I have identified some of the potential causes of security breaches which include the use of outdated medical information systems due to the cost of change, poor auditing and testing procedures, poor vetting of personnel, and the assumption of the inexistence of the risk. To protect the institution, as an HIM professional I have developed an incident response policy and plans to help identify, mitigate and manage instances of the breach, implemented data encryption that is in compliance with the national institute of standards and technology, and instituted a permission-based data and information sharing and the testing of the system infrastructure.

To effectively manage and reduce the risk of data exposure, I would recommend that the institution implement additional security measures such as the use of modern technology like cloud-based information storage and management to help in information storage and recovery in the instance of a breach. With the constantly changing and improving technological landscape, I recommend that the institution continues to offer training to its personnel to equip and keep them updated on use, secure access, and patient information protection policies, procedures, and techniques.

  I would also recommend frequent HIPAA audits and maximum compliance.