solved. Question
Answered step-by-step
Asked by MinisterRiver21
Please How do I respond to my classmate post below? Brief response with a reference?
Â
The ability to combine healthcare ad technology is a great tool in the 21st century. Healthcare information systems (HIS) are cost-effective, improve accessibility of patients’ information for healthcare providers, and can help to decrease medication/prescribing errors (Hebda, 2019). In the same breath, it also opens the door for hackers to gain access to electronic protected health information (ePHI). There are five types of HIPAA breaches. They include hacking, improper disposal, loss, theft, and unauthorized access/disclosure (Heath, et al., 2022).
In my organization, there are many policies and strategies in place to protect ePHI. My institution has multiple policies dedicated to this topic. There are two main examples I use frequently. First, when sending email that may contain patient-sensitive information, the email subject line must contain the word “ZIX.” This encrypts emails going externally, protecting the data. If an email gets sent without ZIX and contains ePHI, it will get rejected and I will receive a high-alert email, warning me of the missing ZIX. Another example of a security standard is the use of a VPN, or virtual private network, when remotely accessing our organization’s network. It prevents unauthorized access by a third party of our system’s network. On the rare occasions where I work from home, I must access the network by typing in an RSA code from an app on my phone. This code is uniquely tied to me and changes every 60 seconds.
Recently, Oklahoma State University-Center for Health Services (OSU-CHS) settled their data breach case with the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS). OSU-CHS had to map out a corrective action plan, which had to be approved by the OCR. In their plan, they laid out what education would be provided to staff in the aftermath of the breach, the consequences if staff failed to follow policy, and how they would ensure ePHI is secured (U.S. Department of Health and Human Services, 2022). The healthcare facility stated in the filed breach report that an unauthorized third party gained access to a web server were ePHI was stored. According to the U.S. Department of Health and Human Services, 279,865 individuals ePHI was disclosed (2022). This example highlights the importance of having a secure VPN with frequent audits to check for compliance and look for possible avenues for a breach. In recent years, the skill level of hackers has become exponentially better, as they are able to be more evasive and difficult to detect (Basil, et al. 2022). If they can go undetected for some time before the breach is noticed, this increases the amount of ePHI that could be disclosed. Furthermore, Basil et al. states that the increase in cloud-based services used by vendors increases the likelihood for cyberattacks (2022).
Â
References
Basil, N.N., Ambe, S., Ekhator, C., & Fonkem, E. (2022). Health records database and inherent security concerns: A review of the literature. Cureus, 14 (10). https://doi.org/10.7759/cureus.30168
Heath, M., Porter, T.H., & Silver, G. (2022). Hospital characteristics associated with HIPAA breaches. International Journal of Healthcare Management, 15 (2), 171-180. https://doi.org/10.1080/20479700.2020.1870349
Hebda, T., Hunter, K., & Czar, P. (2019). Handbook of Informatics for Nurses and Healthcare Professionals (6th ed.). Pearson.
U.S. Department of Health and Human Services. (2022, July 14). Oklahoma State University – Center for Health Services pays $875,000 to settle hacking breach. HHS.gov. Retrieved January 23, 2023, from https://www.hhs.gov/about/news/2022/07/14/oklahoma-state-university-center-health-services-pays-875000-settle-hacking-breach.html
Â
SCIENCE
HEALTH SCIENCE
NURSING
NR 512 512
