Information Technology Breaches at a Healthcare Company:
UCLA Health and Implications for the Future
As our organization knows all too well, healthcare data breaches are occurring with alarming frequency. But just as hackers have more and more tools at their disposal to cope with such breaches, we too as healthcare IT experts, managers, and providers have more tools to guard against them. Online records have significantly improved patient care through comprehensive, sharable records. In wrong or inexpert hands, sharing of data can harm rather than heal. The frequency of healthcare data breaches, magnitude of exposed records, and financial losses due to breached records are increasing rapidly (Seh, 2020, par.1) Understanding how and why they have occurred in the past is important to ensure that they do not occur at our institution in the future.
Summary Statement
A good example of a recent data breach which ultimately resulted in legal action is the 2015 breach which occurred at one of the major university health systems in the United States. UCLA Health Systems failure to undertake appropriate data encryption measures resulted in the exposure of user information including Social Security numbers, health plan identification numbers, and personal medical and other identifying information of millions of patients in the UCLA system (Adler, 2020). Patients were not made aware of this until months after the data breach, further compounding the scandal.
Background
The reasons for the Health Insurance Management Systems (HIMS) breach are familiar ones. Firstly, UCLA did not perform due diligence and encrypt its patient data (Firestone, 2020). Although this has been a factor in other major data breaches of retail organizations, such as Target, UCLA Healths was also a breach of the Health Insurance Portability and Accountability Act (HIPAA) (Firestone, 2020). Secondly, the organization was unwilling to admit failures. As always, the coverup is often worse than the crime. When evidence of how its carelessness was revealed, instead of being honest and transparent, UCLA Health waited months before revealing it was well aware the breach had occurred, thus magnifying the challenges of the victims taking steps they might wish to embark upon to secure their identities, such as credit monitoring (Adler, 2020). But this circle the wagons mentality itself may be one of the causes of the breach, or the simple fact that the organization is unwilling to be upfront with users about its weaknesses.
Thirdly, there is also evidence that healthcare institutions, such as UCLA and, of course, ours, are particularly...
The degree to which internal misuse rather than outside incursions are responsible for the majority of breaches in healthcare is relatively unique. And fourth, while the reasons insiders are mainly responsible vary, one reason may be a lack of technological familiarity with many healthcare workers, who may be better versed in technology specific to healthcare provision, versus data recording. In the case of UCLA, inadequate precautions taken by healthcare personnel in regards to IT may have been manifest because priority was given to healthcare system operations from a patient treatment perspective, rather than a data perspective.Of course, another reason healthcare breaches are so significant are that such significant patient data is stored within its files. In the case of this particular breach, patient privacy and information security were significantly compromised. Social Security numbers, along with dates of birth, addresses, names, and Medicaid IDs can enable individuals identities and credit information to be impacted, and all were stolen in the breach (Adler, 2019). They can also be used to apply for loans such as mortgages and new credit cards. As well as obtaining money, Social Security and other forms of identifying information can be sold to individuals wishing to conceal their identity, such as persons who are in the country illegally or criminals.
In addition to the risk to victims financial data, victims were also forced to suffer the additional difficulty of having to cancel credit cards, monitor their credit, and even though they were offered free credit monitoring, this still is a significant time and psychological burden that cannot be easily relieved. As patients of a healthcare institution, they had invested the organization with a significant degree of trust. The idea of their privacy…
Reference
Adler, St. (2019). UCLA settles class action data breach lawsuit for 7.5 million. HIPAA Journal. Retrieved from: https://www.hipaajournal.com/ucla-health-settles-class-action-data-breach-lawsuit-for-7-5-million/
Firestone, J. (2020). UCLA class action develops after data breach. Expert Institute. Retrieved from: https://www.expertinstitute.com/resources/insights/ucla-health-system-class-action-develops-after-data-breach/
Hossain, M. M., & Hong, Y. A. (2020). Trends and characteristics of protected health information breaches in the United States. AMIA ... Annual Symposium proceedings. AMIA Symposium, 2019, 1081–1090. Retrieved from: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7153056/
Jiang, J. X., & Bai, G. (2019). Evaluation of causes of protected health information breaches. JAMA Internal Medicine, 179(2), 265–267. Retrieved from: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6439649/
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Khan, R. A. (2020). Healthcare data breaches: Insights and implications. Healthcare (Basel, Switzerland), 8(2), 133. Retrieved from: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7349636/
Periodically I would want to make sure the data was audited to make sure the underlying processes and systems used for capturing it were working correctly. In conjunction with these measures of ensuring patient data is being correctly captured processes for data reliability assessment would be used (Alhaqbani, Josang, Fidge, 2009). While these two areas of capturing patient data accurately, auditing it to make sure the underlying processes are
Health Care Informatics Expert Systems Expert systems are always computer applications that tend to combine computer equipment, special information and software so that they imitate reasoning and advice of expert human. Being a part of artificial intelligence they offer discipline-specific advice as well as explanation to their users. Artificial intelligence covers a broad field of several aspects of computer generated thought, on the other hand, expert systems focuses narrowly. The area where
Healthcare Informatics & Technology 1. What were the goals of the Cure4Kids program in 2003? How have they evolved? Cure4Kids was developed with the overall intention of treating and hence improving the wellbeing of children suffering from pediatric cancer and AIDA (Quintana, Nambayan, Ribeiro, Bowers, Shuler and O’Brein, 2003). Towards this end, in addition to education, the other stated objective of Cure4Kids was the provision of “tools for communications and collaborations among
Triple Constraints Health care informatics and how that field interacts and is affected by triple constraints is the subject of this brief report. Further complicating this paradigm is thre passage and enforcement of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Specifically, the meaningful use objectives that are mandated by that act have simply added more hoops for informatics project personnel to jump through. While the HITECH act
Al., 2012). The existing reporting systems lack the level of usability inherent in social media applications as well. Social media applications have created and continue to fuel the expectation of usability that is the new standard for tablet-based applications and systems (Boicey, 2013). The proposed new analytics application will also enable the entire healthcare provider staff to have greater agility and flexibility in defining process workflows and quickly redefining dashboards and key
Healthcare Informatics: Tele-health technologies 1) Tele-health technologies represent a sub-division of healthcare information technology which aid in delivering long-distance health education, public health, clinical care, health administration and relevant information. They encompass hardware as well as software and enhance general system efficacy through the maximization of individual practitioner productivity and elimination of geographical care obstacles. Perhaps the most ideal use of tele-health technology is real-time interactions, where patients and practitioners located
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now