The introduction of electronic health records (EHRs) has facilitated easy collection, analysis, access, and mass storage of patient data. The digital transformation has led to enhanced patient care, patient cooperation, and disease diagnosis. However, the presence of technology has brought forth cyber security healthcare risks (Dias et al., 2021). Therefore, access to patient health information through theft, unauthorized users, and voluntary disclosure has risen. Hospitals incur extra costs to undertake damage control measures after data breaches and contend with the loss of revenue before data retrieval.
Risk Management Elements and Patient Safety Strategies
Risk management involves several key elements; identify risk, quantify risk, report and investigate events, determine the impact, plan responses to risk, monitor responses, and manage residual risks (Dias et al., 2021). Risk identification involves determining the presence and nature of a potential risk issue. Risk measurement provides information on the quantum of risk exposure and the probability of loss occurrence. Risk mitigation involves eliminating or minimizing risks. Reporting the risk refers to updating the relevant authorities about the risks, measures taken to prevent them, and ongoing improvements. Risk governance involves the processes to ensure that every worker performs duties according to the framework established to prevent risks.
In safety, specific strategies are utilized, which relate to the elements of risk management. In brief, five main strategies for patient safety improvement have been identified. First, nurturing a patient safety-focused culture is a strategy that fosters an organizational culture that focuses on patients rather than other activities. Every employee is part of patient safety and quality care. Secondly, instead of only acknowledging mistakes that cause patient safety incidents, it is necessary to work towards their prevention and identifying issues before they can happen. Third, organizations adopt the strategy of reducing chances for human error by using technology and engineering designs to prevent their occurrence. Then, they develop an environment that is clean and safe for patients and care providers.
There exists a link between these risk management elements and patient safety strategies. The risk to the objective of a healthcare organization reflects the objectives of healing and patient safety, sustaining a safe environment, and achieving expected outcomes (Dias et al., 2021). Patient safety focuses on the mitigation of harm to patients, while risk management focuses on patient harm as a priority in developing safety strategies. Moreover, patient care is one of the elements of healthcare risk that organizations need to address. For example, certain adverse events risk patient safety and the organization, such as patient diagnostic errors and patient falls. Therefore, risk managers are a vital part of the top management in healthcare organizations as they have to use the elements of risk management to identify, quantify, mitigate, and government such risks.
Literature Review
Cyber security risks in the health sector have become a point of concern due to the rising cases of data breaches. According to Seh et al. (2019), an estimated 249 million patients were affected due to healthcare data breaches from 2005 to 2019. The large figure demonstrates the seriousness of the issue, given that most incidents are not reported. In addition, medical errors are the largest cause of patient safety issues. In addition, the report by She et al. (2019) further confirms that by the end of 2018, the global cumulative data breaches of 65 countries were 2216, with 536 of these breaches occurring in the health sector. This demonstrates that most healthcare systems worldwide are not perfect because patient safety is always compromised by medical errors. In 2019, 41.2 million healthcare records were stolen, illegally disclosed, or exposed (Seh et al., 2019). Nevertheless, this figure does not include the channels through which the records were lost or disclosed or the reason behind the issues. In another study, Kruse et al. (2017) established that at least 90 percent of healthcare personnel have encountered data breaches. Moreover, cyber attacks in the health sector have gone up to 125 percent since 2010. This demonstrates that cyber attacks are becoming a major issue in the healthcare sector. The National Health Service (NHS) and 603 primary healthcare organizations’ patient was compromised and lost, leading to the cancellation of more than 19,000 patient appointments (Coventry et al., 2020). Consequently, healthcare organizations are left to grapple with the aftermath of these data breaches.
Data breaches in the health sector create an economic burden on the industry. According to Seh et al. (2019), the cost of tackling a healthcare data breach is estimated at $6.45 million, with the US having the highest costs compared to other countries. From 2014 to 2019, the cost increased by 12 percent, making it expensive for healthcare organizations to manage the aftermath of cyber attacks (Jalali & Kaiser, 2018). Hospitals are some of the organizations likely to face financial problems due to cyber attacks. For instance, Jalali & Kaiser (2018) indicate that a hospital can incur $7 million after data breaches due to damaged reputation, litigation, and fines.
Risk Management Measures
In most cases, healthcare workers lack technical knowledge in identifying cyber security gaps, making hospitals vulnerable to cyber crime (Conventry et al., 2020). Moreover, healthcare workers fail to recognize that they can be sources of malware in hospital EHR systems and data breaches through activities such as sharing log-in passwords. All these can be categorized as a lack of understanding. Additionally, many hospitals have a wide array of tech gadgets integrated into medical devices, creating vulnerability for data breaches and cyber attacks (Jalali & Kaiser, 2018). Connected medical devices mostly utilize shared internal networks, which creates a loophole for malfunctioning of numerous devices should a cybercrime occur.
Applying Human Factors Engineering to Improve Patient Safety
Human factors and systems engineering involves designing and redesigning the healthcare environment. Applying these factors in the healthcare system involves such approaches as designing equipment, devices, environments, and process to prevent patient falls, errors by practitioners, errors by machines and devices, and other aspects. For instance, in a hospital setting, engineers and healthcare practitioners review the human factors that can cause such issues as medical errors or patient falls (Carayon et al., 2020). Upon realizing that nurses are likely to make the error of connecting enteral tubing to I.V. tubing, then the designers can develop a new tubing that is not compatible with the IV tubing, thus preventing the possibility of making such a mistake.
Applying Risk Theory to Patient Safety Issues
The normal risk theory is one of the most applicable safety models in healthcare settings. Developed by Charles Perror in 1984, the theory suggests that organizational factors are responsible for accidents, including catastrophic events (Straus & Brown, 2021). The theory distinguishes between normal and systems accidents. In this case, normal accidents are those events that occur due to a failure in a component within a given system that sets forth a chain reaction, which becomes impossible for the operators to control. The reaction is either invisible to the operators or because there is a deficiency in knowledge, capacity, or authority to intervene when the reaction occurs
Integrating QSEN Competencies Within the Plan to Mitigate the Risk-Related Issue
The safety competency focuses on identifying and eliminating processes and conditions within the healthcare environment that would directly or indirectly cause preventable harm. On the other hand, informatics is concerned with activities that require the application and design of technology and informatics to ensure data sharing, retrieval, and management (Sherwood, 2021). Improving safety requires a system through which data breach risks can be identified before their occurrence. It involves training healthcare workers on cyber security on such issues as avoidance of clicking on unverified links and using personal USBs on hospital computers. The informatics competency involves having infrastructure and technical personnel that have the know-how to analyze data for any data breaches. Informatics ensures that hospitals have catered to such as having patient data back-up and network firewalls.
References
Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1). Web.
Carayon, P., Wooldridge, A., Hoonakker, P., Hundt, A. S., & Kelly, M. M. (2020). SEIPS 3.0: Human-centered design of the patient journey for patient safety. Applied Ergonomics, 84, 103033. Web.
Coventry, L., Branley-Bell, D., Sillence, E., Magalini, S., Mari, P., Magkanaraki, A., & Anastasopoulou, K. (2020). Cyber-risk in healthcare: Exploring facilitators and barriers to secure behaviour. HCI for Cybersecurity, Privacy and Trust, 105-122. Web.
Dias, F. M., Martens, M. L., Monken, S. F., Silva, L. F., & Santibanez-Gonzalez, E. D. (2021). Risk management focusing on the best practices of data security systems for healthcare. International Journal of Innovation, 9(1), 45-78. Web.
Jalali, M., & Kaiser, J. (2018). Cybersecurity in hospitals: A systematic, organizational perspective. Journal of Medical Internet Research, 20(5), 1-18. Web.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10. Web.
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare data breaches: Insights and implications. National Library of Medicine, 8(2). Web.
Sherwood, G. (2021). Quality and Safety Education for Nurses: Making progress in patient safety, learning from COVID-19. International Journal of Nursing Sciences, 8(3), 249-251. Web.
Straus, E. J., & Brown, H. J. (2021). The potential contribution of critical theories in healthcare transition research and practice. Disability and Rehabilitation, 43(17), 2521-2529. Web.