How Kaiser Does Privacy and Security, Term Paper Example

Kaiser Permanente has established a comprehensive information systems security strategy in which the primary objective is to ensure that the organization emphasizes employee compliance and is able to support the desired information security framework (McCann, 2014). The organization is largely focused on its efforts to manage its vast information security network that encompasses a wide range of activities that support 38 hospitals, approximately 273,000 desktop computers, 21,700 smartphones, 65,000 laptops, and 21,000 servers, all of which require ongoing technical support and assistance (McCann, 2014). Furthermore, the organization must support its 9 million members and protect their health information at all costs (McCann, 2014).

The organization has developed a comprehensive information systems framework that includes an auditing program to adhere to specific federally mandated requirements regarding compliance under the Health Insurance Portability and Accountability Act (Morgan & Masatani, 2010). Kaiser’s strategy encompasses the need to ensure that protected health information (PHI) remains protected, as only those authorized to view this information should have the required level of access (Morgan & Masatani, 2010).  The program continuously evaluates risk assessment to identify and source of vulnerabilities, in addition to a strategy to minimize these risks through successful and attentive leadership at the helm (Morgan & Masatani, 2010). The organization also utilizes metrics to address its level of compliance with all required standards so that the organization is effectively prepared to manage existing and new regulations as they emerge (Morgan & Masatani, 2010). These factors support an approach that enables accurate and timely reporting of any breaches of HIPPA or other regulations as necessary (Morgan & Masatani, 2010). These methods regulate the organization’s information security and auditing operations so that patient health information and other resources are protected through a comprehensive strategy to ensure that the organization is successful in its efforts to achieve a secure framework (Morgan & Masatani, 2010).

Throughout the organization, information risks are evaluated on a continuous basis and enable these risks to be mitigated whenever possible. In addition, Kaiser Permanente operates under the following strategy: “We have a comprehensive risk and security strategy that includes policies; mandatory annual training of all staff and physicians; ongoing education via communication channels such as websites; as well as advanced surveillance and security monitoring mechanisms” (McCann, 2014). This approach is important because it requires an ongoing effort to address the challenges of protecting information security so that breaches are minimized, and other factors are evaluated regularly to make improvements in information security as necessary (McCann, 2014).

The organization is required to address is clinical device safety and security on a regular basis, as this is a critical path towards the development of other factors that support an ongoing strategic method to ensure effectiveness and success in the development of new factors to ensure that the organization is able to protect its information and interests in an effective manner (McCann, 2014). The process of risk assessment is essential to the development of new strategies to ensure that the organization is successful in its efforts to maintain high levels of security and related standards (McCann, 2014). With a significant number of patients to protect and privacy to address, it is more important than ever to address these concerns to prevent breaches in security as best as possible (McCann, 2014). The business must also pursue any external threats that might persist so that information throughout the network is not compromised in any way that could impact operations in a negative manner and pose a threat to the information that is shared throughout the organization (McCann, 2014).

Kaiser Permanente has its own Business Continuity Plan and Disaster Recovery Plan, and each strategy encompasses a number of aspects in order to ensure that the business is successful in its efforts to achieve greater than expected outcomes in mitigating risk and achieving rewards (Epstein, 2013). From this perspective, the organization focuses on Application Impact Analysis (AIA) to determine the level of importance of the risk that is assumed, the financial impact, customer service and satisfaction rates, regulatory risks and fines, brand image and reputation, and operational inefficiencies that may impact department backlog throughout the organization (Epstein, 2013). These factors require an analysis of factors such as resource optimization, standardization, and quality control, all of which contribute to the organization’s level of preparedness in the event of a disaster that impacts operations at a significant level (Epstein, 2013). The organization operates under a flexible approach to disaster management because every event is different in scope and significance; therefore, each requires its own level of attention to detail in order to accomplish the desired objectives (Epstein, 2013).

A program to address business continuity and disaster recovery within an organization must be flexible, similar to the program in place at Kaiser Permanente. This is an important characteristic because an organization cannot operate under a rigid structure when a disaster takes place, particularly if there are widespread impacts to information security and access that continue for unknown periods of time. The chosen strategy must demonstrate a high level of organization; however, each step must also be flexible to ensure that the entire program is able to perform its role in disaster management in an effective manner. There are considerable requirements associated with the development of a disaster recovery program that will have a positive impact on an organization to minimize disruptions to operations and to the information system that is in place.

References

Epstein, B. (2013). Application Impact Analysis: a risk based approach to business continuity and disaster recovery. Retrieved from https://www.continuityinsights.com/sites/continuityinsights.com/files/legacyimages/E7_Beth%20Epstein.pdf

McCann, E. (2014). How Kaiser does privacy and security. Retrieved from http://www.healthcareitnews.com/news/how-kaiser-does-privacy-security

Morgan, S., & Masatani, R. (2010). G21: HIPAA, HITECH, and latest trends. Retrieved from http://www.sfisaca.org/images/FC2010_Presentations/G21%20-%20HIPAA,%20HITECH,%20and%20Latest%20Trends.pdf