Objective:
(2) Enhance the patient care experience (including quality, access, and reliability)
Problem:
Healthcare data can include a variety of extremely personal information. Confidential patient information regarding diagnoses, procedures, medication, and medical history is kept electronically by various healthcare institutions and providers. HIPAA was put in place to protect the patient data and to maintain confidentiality. We are interested in researching how detailed patient information is kept secure and what measures are in place to ensure the health information is not inappropriately shared. If the security measures fail and a breach occurs, we want to research how the error is managed and what consequences occur. Since a security breach could be a potential HIPAA violation, we want to know how that is handled and what implicit and explicit costs are included.
Data Collection:
In order to complete our research, we will use case studies of previous security breaches to see how the situation was controlled. We can also search for statistics on how often breaches occur and what type of healthcare data was released. Research and news articles can also be used to provide information about specific security breach incidents. By becoming more familiar with HIPAA regulations, we will be able to identify the associated breach consequences and what data security standards exist that must be met to comply with HIPAA.
Hardware/Software:
Unfortunately, there is no simple hardware or software recommendation that can be made to address the problem proposed above. Let’s get one thing straight, everything is hackable. With enough time and resources, every security system can be breached. The only thing that can be done is to make it as difficult as possible for hackers to break in. Depending on the amount of money a company is willing to spend on their security systems places a wide variety on the types of solutions available. Multiple third party services are available such as anti-virus and anti-malware software like Sophos or Windows Defender. Attacks can come in a variety of forms ranging anywhere from system breaches to denials of service. The problem above is multifaceted. As such there are numerous hardware or software steps that can be taken to address this problem. One facet of this problem can be addressed through DDoS protection services.
Controversy:
The main controversy in regards to healthcare data security is, are companies doing “enough” to protect customer’s data? At the end of the day, there are always more or better things that can be done to protect a customer’s data. However, everything has a trade off. This is where the companies must make a cost-benefit analysis of the potential options available to them and consider the social, ethical, financial, and legal implications of their choices.
Very good proposal. I like the approach and learning from case studies. However, there are data and research available. For example, the Ponemon Institute (that I linked to our class blog) conducts independent research on privacy, data protection and information security policy. Their research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise. Here is a link to their library, but look around and see what else they offer. Propublica continues to investigate "policing patient privacy."
ReplyDelete