Health Care Data Trends, Research Paper Example

The top five most significant security risks that need to be consideredin governing United States health care compliance laws include the misuse of cellphones, social media, tablets and other portable devices, inadequate privacy and security training, and an increase in health care fraud (Dark Reading, 2012). Cellphones and other mobile devices, such as tablets, have an increased likelihood of being stolen due to their size. Meanwhile, inadequate privacy and security training results in the ease with which criminals can steal sensitive information; the recent trend in health care fraud supports the need for better training programs. Lastly, many employees unknowingly discuss sensitive information both in person and on social media, which creates a need to reinforce the knowledge that employees have concerning the protection of sensitive patient data.

It is important to ensure that cellphones and other mobile devices are never left unsupervised and are password protected in case an unauthorized individual attempts to access the sensitive information contained within it. Although a lot of information security officials focus on laptop and computer safety, it is essential to apply the same safety standards used to protect these devices on their smaller, portable counterparts. One of the U.S. compliance laws that governs this risk is the HITECH Act, which allocates funds in order to increase the use of Electronic Health Record (EHR) systems. Tablets are typically used by HITECH funds in order to serve as a portable means for physicians to access and update health records. By failing to ensure that they are properly kept, physicians and other health care professionals are in violation of HIPAA. Health care institutions could be fined significantly for these violations. To alleviate these problems, it is essential to require physicians to keep their portable devices in their laboratory jacket pocket at all times when they are not being used. Furthermore, an effective password system should be implemented. Users should be required to use an alphanumeric password that is updated every four months. They will be asked to sign an agreement stating that they will not share this password or their mobile device with anyone. An additional precautionary measure that could be taken is to require these items be handed in and locked up at the end of each shift.

Inadequate security and privacy training and an increase in health care fraud are related issues. An effective security and privacy training program should reduce the amount of health care fraud that occurs. Therefore, it is the responsibility of the information technology and security teams to collaborate to develop an effective training program and to determine how to ensure that this information is occasionally reinforced. It is important for each employee to know how to verify the identity of each patient on the basis of the health care insurance information that is being provided. Furthermore, they must ensure that no information that they use in their work is being leaked, because criminals can use this information to their advantage. It is important to stress the necessity of HIPAA compliance from the moment that health care professionals and clerks are hired. They should be provided with an orientation week in which they review the U.S. compliance laws in addition to institutional policies to ensure that they are obeyed. This will include a PowerPoint presentation to summarize the information in addition to a workshop in which the staff is faced with relevant scenarios and asked to determine which workplace behaviors are acceptable and which are not. Training will be followed up by a 10 question quiz; if less than 80% of questions are answered correctly, employees will be expected to repeat training. This session will be required every two years and will adjust according to changing laws and institutional policies.

Lastly, it is essential that employees are aware that patient protection extends to spoken information as well as transmitted written information. It is important for them to remember not to post case information online, which extends to their social media profiles. There have been several cases in which health care workers have boasted that they had the opportunity to admit or treat a celebrity, but it is essential to keep this and all related information off of the internet. This is a severe breach of HIPAA and can result in fines or termination. Therefore, aside from specifically informing employees that this type of behavior is unacceptable, it would be beneficial to block all social media and related recreational sites from computers at health care institutions. Furthermore, employees will only be able to access their work e-mail on these systems, which can be subject to random checks. While it is difficult to ensure that these employees will not publicize the information after they leave work, these procedures will help reduce the frequency with which this type of action occurs.

Although it is difficult to address each specific type of security breach that is possible in the health care setting, progress can be made by working to protect patients against the most common security threats. Requiring health care workers to use strong passwords that are changed frequently, preventing their ability to post private patient information on social media, and enacting effective privacy and security training programs are effective ways to build awareness about patient information protection. It is essential to continue assessing the most stringent problems and alleviating them as they occur.

References

Dark Reading. (2012). Top 11 Trends For 2012 In Healthcare Data, According To Industry Experts. Retrieved from http://www.darkreading.com/risk/top-11-trends-for-2012-in-healthcare-data-according-to-industry-experts/d/d-id/1136887

HHS. (2013). New rule protects patient privacy, secures health information. Retrieved from http://www.hhs.gov/news/press/2013pres/01/20130117b.html

HITECH Answers. (n.d.). About the HITECH Act. Retrieved from http://www.hitechanswers.net/about/about-the-hitech-act-of-2009/