From the Capstone Project I have attached, please answer the following questions:
Reflect: This week we begin the revision process. Revising is a multi-step process. The word REVISE, literally means to REVISION or see in a different light. What is your revision process? How has it grown or changed during your studies? Share your best practices and tips for revising and improving your papers.
Don't use plagiarized sources. Get Your Custom Essay on
Research and Revision
Just from $13/Page
Progress: This week we also focus on research. Share a brief overview of your research methods. What are the biggest challenges you faced finding sources? What search terms (key words) did you use? Share a statement about your proficiency in the following areas: Navigating library databases, integrating sources into your essay, APA format and citations.
Page 9 of 15
Capstone Project
Yaima Ortiz
IDS-4934
March 1st, 2020
Abstract
Topic:
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
Thesis Statement
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organization.
Rationale
1. The purpose of this paper is to identify why security measures are necessary to protect one’s privacy in the medical industry.
2. There are numerous laws, policies and healthcare organizational rules and regulations and statistics that would be helpful for conducting this research.
3. Privacy of a person whether this is me or you, is important then everything. I want to talk on this topic because I think most of us do not know what is happening to us.
4. I have selected textual analysis of books and available internet sources. The reason of this limited research methodology is that I cannot perform field study because of shortage of time.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organizations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents
Introduction
3
Overview of Privacy Protections with Respect to Medical Records
4
Data Breaches in the Healthcare Industry 5
Healthcare is the biggest Target for Cyber Attack
7
Penalties and Punishments for Hacking Personal Information 9
Penalties 9
Devastating Consequences of Healthcare Data Breaches
10
Conclusion 10
Recommendations 11
Bibliography 12
Introduction
While operating in healthcare organizations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organizations to protect the information of their patients and do not share it with people outside of the organization without the patient’s consent. Protecting patient’s information is a crucial element of respect and essential for patients’ autonomy and trust in the organization — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence they do not share their information with a healthcare professional that causes ineffective treatment. In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy, decisional privacy, associational privacy that includes patient’s personal relationships and informational privacy that provides for the protection of patient’s personal data. Healthcare organizations and physicians should protect the patient’s information and kept strict privacy measures in all its forms;
1. Minimize interpretation of external members with patients personal information
2. Inform patients about every single happening and use of their information wherever physician it is needed
3. Patients information must be protected in all of the above-mentioned areas whether informational or associational (AMA, 2019)
Medical records contain personal information of patients and sometimes sensitive information like physical records that is disclosed in front of the public by any means, cause embarrassment and uneasiness in front of others. These things could affect the patient’s personal and professional life. Although records at healthcare organizations are promised to be protected but still we need effective and long-term legal implications that bring satisfaction among patients. The protection of medical records through privacy policies is still in its infancy. Over time medical records are started to save in computers instead of written documents. Although this transition is taken to keep records more efficiently but unfortunately still information from healthcare organizations moves out, which needs to be settled.
Overview of Privacy Protections with Respect to Medical Records
The word privacy was not a bounded definition but it changed along with legal changes. Civil law, common law, and criminal define privacy differently for example, common and constitutional law define privacy as “it is a right to be let alone” and to be free from any external interpretation like government institutions. With respect to medical records constitutional and common law privacy of patients in different contexts while statutory laws see and deal with patients privacy policy in a different ways. In 1888, the right to privacy was first introduced by Thomas Cooley. Roots of this right can be found in the Warren and Brandeis law review article that is known as the creation of tort right to privacy.
During the 1970s, Supreme court raise a decision for privacy issues in medical records and after reviewing the case two implications were introduced in the privacy policy of healthcare organizations;
1. Avoid disclosure or sharing of patients’ information with anyone for personal gain
2. Make independent decisions
During that period, the question for abortion privacy rights has been raised, that states government involvement in abortion decisions disturbs women’s independent decision-making authority and also violate their privacy (Cleaver, 1985).
Data Breaches in the Healthcare Industry
From current sources, it is clear that in the current world data breaches are a regular practice. Every day, news channels reveal a hospital or healthcare organization breaching their personal records. According to a report from, Ponemon Institute and Verizon Data Breach Investigations healthcare industry are facing more data breaches than any other industry across the world, and mainly in the United States. The healthcare sector faces more breaches because of numerous incidents that include stealing malware for professional or personal gain, purposeful harm to a patient or through lost devices of healthcare professionals. Data breaches in the healthcare sector through cybercriminals is a controversial topic these days. According to the health and service report, more than 15 million health records have been breached and shared for different purposes.
The black market behind the healthcare organization is working for long, and many patients are not aware of the thing that their personal information has been sold out to third parties. 2019, proved as the worst year regarding healthcare breaches and lack of security measures. Sean Curran, West Monroe Partners’ senior director states that based on the previous year attacks and data breaches healthcare professionals need to reset their infrastructure and adjust their security measures to limit the activities of hackers. According to this report, healthcare organizations need to understand that they need to understand, recover, minimize and get backup of lost data of patient’s healthcare (CIS, 2020).
Twenty-five million patients’ health record has been lost or shared according to ongoing investigations. Investigations are still in process that makes it clear that patients are still impacted but the accurate number of impacted patients is still unclear. 12 million people from Quest Diagnostics have been affected and the lost data includes social and medical information. The information was leaked through lab reports and tests performed outside of the hospital organization.
According to the AMCA data breach report, about 7.7 million patients from LabCorp were impacted with data breach and almost 422,000 patients from BioReference are impacted with the data breach. These patient’s medical and personal information has been lost by people within the organization such as by employees. 1.5 million Patients from immediate health groups are impacted by the misconfigured database. The examination decided patient segment subtleties, therapeutic case information, and other individual data were conceivably broken. In any case, when Immediate sent the warnings to patients about the security occurrence, a few patients announced that they were getting various letters, some routed to different patients (Davis, 2019).
By 2009-2018 healthcare data breaches evolve 500 health records. During these year data breaches, records are almost 189,945,874 healthcare records. Almost 59% of the US population is affected by healthcare record theft and the irony is half of the impacted population do not have understanding nor they are informed by healthcare organizations for the leakage of their personal and medical history (HIPAA, 2019).
Healthcare Breached Records during 2009-18
Healthcare is the biggest Target for Cyber Attack
The healthcare industry is at risk because organizations are becoming technologically advanced. Although organizations are becoming technologically advanced still professionals in organizations do not have the training to manage online risks. From a few past years, cybercrimes are happening every second day, and healthcare data is revealed and hacked through these activities. There are many reasons hack patient’s medical information because of its worth thousands of dollars for hackers. Employees within the healthcare organization get trapped by hackers and for their personal gain share patient’s information outside dealers. Organizations need to keep a sharp eye on such employees and introduce hard policies that restrict behaviors within and outside of the organization. IT professionals are thinking to introduce effective security measures to prevent data breaches from healthcare organizations but they understand that this is a high-cost process.
Another big reason for being the big target for attackers is the low security of medical devices. The healthcare providers in the United States is becoming totally technologically innovative and depend on advanced machinery. But the drawback of the devices that these are not security optimized nor protect data of patients. These devices are manufactured on one way working principle without thinking for protection as a need. And this is the reason hackers can easily access information available in these devices like X-rays, insulin pumps and many other devices.
Remote assessment of healthcare data is another point to ponder. Accessibility of healthcare data of the patient can be accessed from any desktop or multiple devices from different places. These availabilities are also risky for healthcare organizations. Remotely connections should be more secure than it can identify the actual user and prevent loss of data. Risk-based authentication is a way to improve security for risk authentication in the healthcare department (risk, 2018).
Penalties and Punishments for Hacking Personal Information
The term hacking was first introduced in the 1950s in the Massachusetts Institute of Technology. The word hacking means feeling pleasure in itself. But over time, the concept has been changed into a negative meaning because of its association with negative or criminal activities for a long time. Hackers pulled out information for someone’s computer and use this information for personal gain, like earn money by selling this information to a third party. In 2011, Aaron Swartz the founder of Reddit hacked JSTOR and penalize to pay $1 million and 35 years of imprisonment and all his property was forfeiture, at last, he committed suicide.
Another important act that protects the privacy and personal information of people in the United States is The Computer Fraud and Abuse Act. This act experiences some amendments that are known as “exceeds authorized access” which means access to someone’s computer without authorization. The punishment for the one who accesses someone’s information without authorization, like in the healthcare sector will be punished based on the sensitivity of information hacked.
Penalties
In the US a hacker who accesses and uses someone’s personal information will be imprisoned for ten years at first but if he again attempts to commit hacking will be kept in prison for more than 20 years. Punishments to the offender also varied based on the problem or damaged the victim bears (Lee, 2014). Because of unusual attempts of a data breach during 2019, regulators are becoming focused and attempting to enforce strict measures for those organizations who are not taking any product decisions. Data breach in different countries brings many conflicts in various institutions. For example, during 2017, the US paid a minimum of $575 million for protection against a data breach. During 2018, the country fined a substantial amount as a result of weak protection of the health industry (Swinhoe, 2020).
Apart from hacking attempts, those who sell healthcare information to others are also termed as fraudulent. Because they commit fraud with the organization with which they are working. Thus, penalties for fraud attempts could be termed as criminal penalties, civil penalties or in some cases both. Punishment for fraud activities or involvement in these activities includes imprisonment, fine and probation or both imprisonment and fine. These conditions are varied based on the sensitivity of the case. Laws for theft from 2004, decide the punishment for these cases that minimum is three years that might be extended to five years (http://criminal.findlaw.com, 2016).
Devastating Consequences of Healthcare Data Breaches
According to studies of 2000, US citizens have faced personal data breaches and as a result of data breach patients have to pay for their medical information up to $2500 that is out of pocket cost for them. Studies have found that the healthcare sector ranks first when it comes to data breach results. The healthcare organization notifies only one-third of data breach victims and only 15% are alerted by the government agencies. Because of the ineffective management of healthcare organizations patients face financial loss and if the information revealed by hackers, it also causes domestic rejection for victims mostly for women (Security, 2017).
Conclusion
Privacy is paramount and to personalize it vital whether it is me or you. Not just in the healthcare sector but everywhere like insurance companies and banks are also impacted by these evil attacks. After reviewing the data of healthcare breaches and its impact on the lives of victims, I would say that healthcare officials should stay vigilant and careful about the protection of patients, healthcare information. Personal information and medical history are two important things to be protected under strong security.
Recommendations
Healthcare protection laws should be improved with the aim to protect electronically saved patient’s information. Training should be arranged for healthcare officials and employees so they can get an insight into technical risks and enable them to manage if occurs. Employees should be hired on a loyalty basis in healthcare organizations, and strict punishments are needed to impose to regulate their activities. Strong security should be maintained to monitor the activities of healthcare workers. Enhanced and advanced network security and application security are required to avoid data breaches and further complications for the organization as well as for the patient. Encryption methods should be implemented because this is a good thing to protect the patient’s personal and medical information from any unauthorized access. Punishments stated in constitutional and universal laws are short term that is not enough to probate a criminal. Healthcare hacking laws need to be improved with extended imprisonment and fined that will be paid to the patient according to the beard loss. Government involvement in the healthcare sector needs to eliminate or should be on a small level, to protect data breach by ways. These recommendations help deal with privacy problems in the United States as well as across the world.
Bibliography
AMA. (2019). Privacy in Health Care. AMA, https://www.ama-assn.org/delivering-care/ethics/privacy-health-care.
CIS. (2020). Data Breaches: In the Healthcare Sector. CIS, https://www.cisecurity.org/blog/data-breaches-in-the-healthcare-sector/.
Cleaver, C. M. (1985). Privacy Rights In Medical Records. Privacy Rights In Medical Records, 13 Fordham, https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=1252&context=ulj.
Davis, J. (2019). Health IT Security. https://healthitsecurity.com/news/the-10-biggest-healthcare-data-breaches-of-2019-so-far.
HIPAA. (2019). Healthcare Data Breach Statistics. HIPAA Journal, https://www.hipaajournal.com/healthcare-data-breach-statistics/.
http://criminal.findlaw.com. (2016, October 7). Retrieved from http://criminal.findlaw.com: http://criminal.findlaw.com/criminal-charges/fraud.html
Lee, S. O. (2014). The Need for Specific Penalties for Hacking in Criminal Law. The Scientific World Journal, 6.
Levy, A. G.-F. (2018). Prevalence of and factors associated with patient nondisclosure of medically relevant information to clinicians. JAMA Network Open, 1(7):e185293. doi:10.1001/jamanetworkopen.2018.5293.
risk, T. h. (2018). The healthcare industry is at risk. Swivel Secure, https://swivelsecure.com/solutions/healthcare/healthcare-is-the-biggest-target-for-cyberattacks/.
Security, H. N. (2017). The devastating impact of healthcare data breaches. HELPNETSECURITY, https://www.helpnetsecurity.com/2017/02/23/healthcare-data-breaches/.
Swinhoe, D. (2020). The biggest data breach fines, penalties, and settlements so far. CSO, https://www.csoonline.com/article/3410278/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html.
CAPSTONE PROJECT
CAPSTONE PROJECT
