Security Breach Case Scenario 1: Security Breach

Hospitals have the opportunity and responsibility to integrate sound policies and procedures in relation to the protection of the confidential client information (Rodwin, 2010). St. John's Hospital in no different to this notion has the organization seeks to enhance the security and confidentiality of the information of its clients. The organization is a role model to other institutions within the geographical area on the essential need to integrate valuable security issues with reference to patient data privacy and security. Currently, the organization faces critical security breaches as printouts in the restricted-access IS department are not shredded. It has come to the attention of the personnel who serve late into their routine that most cleaning staff read the printouts.

This is a reflection of invasion into private information of the patients thus affecting their confidentiality. It is essential for the organization to adopt and integrate an appropriate method of curbing these issues thus enhancing the security and confidentiality of the patients' information or data. This research exercise will focus on the most effective ways to respond to the problem, evaluation of quality training for the staff, and implementation of management plan for the organization in association with the development of the code of conduct.

How can you respond to these situations?

The security breach in this context requires an extensive response with the aim of enhancing confidentiality of the information or data pertaining to the consumers. One of the essential responses to the situation is provision of critical warning to the cleaning staff on invading confidential information or data of the patients. This is a spontaneous move to limit access of the data by the cleaning staff. The personnel should also raise this issues with the IS department on the need to shred printouts. Shredding of the printouts will limit accessibility of the patients' confidential information or data. This is a reflection of temporary purpose as the main objective of the organization should be adoption and implementation of Electronic Health Record (EHR). This will limit or eliminate accessibility of the patients' confidential information to the cleaners. Electronic Health Record will be essential in the realization of goals and objectives in enhancement confidentiality of the patients' information or data.

What training can you provide to your staff?

Electronic Health Record implementation plan requires critical training strategies in order to improve or maximize protection and security opportunities. Training of the staff is one of the greater investments in the achievement of electronic health record implementation. This aspect is essential in the realization of the full potential of the HER and employees with the aim of enhancing confidentiality of the patients' information or data. In the implementation of the electronic health record, it is essential to offer three critical training strategies to the staff. These include super user training, role-based training, and process-based training (Rothstein, 2007).

Super User Training

It is essential for the organization to maximize the opportunity of vendor training with the aim of creating group of 'super users'. Super users refer to health employees trained on the ability to move through the electronic health record quickly. These employees have the capacity to share quality hints and techniques to other users for the purposes of enhancing the security and confidentiality of the patients' information or data. The core group of the super users in relation to electronic health record will be effective in the provision of internal training to the clinicians and office staff. This is an essential component of an electronic health record (EHR) implementation plan. This is because of quality combination of the specialized EHR training and application of the EHR training within the organization to facilitate effective workflow and patient population interaction. Super users training is the foundation of adoption and implementation of the electronic health record.

Role-Based Training

It is also critical to focus on training the staff on their roles, expectations, and responsibilities while enhancing the security and confidentiality of the patients' data or information. This training should focus on how each group or staff members will adopt and integrate electronic health record in the execution of their duties within the organization. The training should focus on the role of the IT support staff, office staff, and clinical providers in relation to implementation of the electronic health record. The organization should consider tailoring the role-based training program to suit the needs of the staff groups within the health entity.

Process-Based Training

It is essential to note that integration of the electronic health record into the culture, practices, or hospital center will have great influence on the workflow. It is critical for the organization to train...

Practice-based training is vital and critical in enhancing the understanding of the employees in relation to the new cases of workflows. For instance, the staff members should understand how to implement the new plan into provision of clinical summaries in relation to the patients' information or data. Training should also focus on sharing information across the relevant departments. This will also limit accessibility of vital information on the concept of authority.
How can you implement your management plan?

In implementation of the electronic health record, it is essential to adhere to the following five steps or stages with the aim of achieving full potential of the strategy.

Step 1: Conduct a Risk Analysis

In the implementation of the management plan, the first aspect should focus on the execution of effective and efficient risk analysis. This entails reviewing current protected health information safeguards with the aim of evaluating vulnerabilities. It is also essential to implement HITECH's for grid reporting on the risk analysis. In this first step, it is also critical for the organization to evaluate firewalls and virus protection with the aim of enhancing integrity and availability of patients' information or data. This is an attempt to review security measures in order to provide secure e-communications for the organization in protecting confidentiality of the patients' data or information. The organization should also consider reviewing its responsibilities in relation to the HIPAA security rule. This is essential to ensure that the organization is in accordance with the legal and health requirements (Prehe, 2008).

Step 2: Establishment of Administrative Safeguards

The second step should focus on the integration and establishment of the administrative safeguards. This would entail assigning an internal security leader to enhance implementation of the plan to provide adequate opportunity for the achievement of full potential. During this stage, the organization should also focus on the development of data security policies, objectives, and procedures to guide implementation of the plan by the staff members. The organization should also consider development of an effective plan aiming to update electronic systems with the aim of curbing potential web threats. This is vital for the enhancement of security, integrity, and availability of the patients' data or information by the organization through its staff members.

Step 3: Building of Technical Safeguards

The third step of the management plan should focus on the creation and development of the technical safeguards. This is through determination of the role-based access and implementation of the audit trails. This is vital towards the promotion of integrity and accountability of the electronic system in enhancing security and confidentiality of the patients' data. The organization should also focus on audit applications to enhance transparency and accountability of the systems in handling confidential information of the patients. During this stage, the organization should also focus on testing and reviewing vulnerabilities in relation to the networking systems. This is essential to enhance transmission of information or data on a secure networking systems thus prevention of invasion into confidential patients' information or data. The review of vulnerabilities will provide an accurate opportunity for the organization to address any security breach through implementation of extensive and quality solution to the problem.

Step 4: Creation of Physical Safeguards

The fourth step of the management implementation plan should focus on the development or establishment of physical safeguards towards the achievement of full potential. During this stage, the organization should focus on the creation of policies and procedures with the aim of protecting inventory. The policies should also control access to the communication systems such as desktops, servers, and information systems in order to enhance secure e-communication. During this stage, the organization should also focus on the development of accurate process for handling lost or stolen laptops and handheld communication devices. This is essential in the determination of integrity of the information and communication within the organization. It is also critical for the organization to adopt and integrate system backup and data recovery processes, policies, and procedures. This should focus on three critical aspects: environmental, natural, and unauthorized intrusions. Under natural aspects, the organization should adopt and implement policies to address issues such as flood, tornado, and earthquake. Unauthorized issues such as hackers, and burglary should follow critical procedures for data recovery and backup strategies. It is also essential to implement contingency plans in relation to diverse situations affecting the patients' data or information (Barakat, 2001).

Step 5: Determination of Online Backup Measures

The organization should focus on the determination of…