After having researched the Privacy Rights Clearinghouse database, I selected three different cases. The first incident of an insider breach type happened on May 25, 2017, at White Blossom Care Center, San Jose, California. One of the former employees improperly accessed residents’ data at the time of the employment. Inappropriately retrieved files included patients’ personal information, including social security numbers and date of birth, as well as medical information. The breach’s consequences are not clear, as it is not stated whether the employee aimed to obtain data on purpose. The ANA Code of Ethics for Nurses underscores that nurse leaders advocate and promote the rights and safety of patients (Page & Simpson, 2016). Hence, the strategy for dealing with similar situations is to educate nursing professionals by providing real-life cases. Guidelines on the latest legislation and breach prevention steps should be made available for all employees.
In 2018, Jemison Internal Medicine (JIM) in Alabama was attacked by a ransomware virus that encrypted its electronic medical records system. This ransomware demanded payment to bring back access to the system. Further investigation of the hacking incident revealed that unauthorized individuals had already connected to it in 2017. JIM was not able to confirm which type of personal or medical data was stolen. Hacking, especially malware, is the leading cause of the health data breach (Coventry & Branley, 2018). Hackers are motivated by the perspective of political and financial gains as healthcare data has more value than any other type of it. First of all, the nursing leader has to ensure sufficient funding for the development of software security. The fragmented cybersecurity investment is exacerbated by the lack of professional expertise in this domain. Furthermore, it is vital to implement standards for information management within the organization.
Healthcare provider Blue Shield of California admitted an intended disclosure of the Protected Health Information (PHI) that occurred in 2017. During the 2018 Medicare annual enrolment, an employee of the company shared a document containing PHI with an insurance broker. As a result, the broker might have contacted some of the individuals to offer a Medicare Advantage Plan provided by another insurer. The action of the employee violated the policy of Blue Shield, affecting its professional reputation. The company has reported to the Centers for Medicaid and Medicare Services and has taken action to re-train its employees. Nursing leaders must be aware of the possibilities of this kind of information misuse to warn their patients. Their prevention strategy should rely on HIPPA legislation and the HITECH Act, which makes businesses and vendors accountable for the PHI breach.
Healthcare technologies assist medical professionals at all levels and enhance the quality of services. Electronic health records improve patients’ care by making access to PHI easier. At the same time, these advanced tools have brought new challenges associated with inadequate cybersecurity and privacy loss. The cases mentioned above demonstrate that the prevention of hacking, unintended and intended disclosures has to be at the core of the information management strategy. The role of nursing leadership is to raise cybersecurity awareness among team members. The concept of “see something, say something” can be employed to train the staff to report suspicious activities (Lee, 2017). Nurse leaders need to develop skills to access, analyze, and transform highly sensitive data properly. Healthcare data breaches lead to harmful personal and social impacts on the personnel, patients, and their families. The rapid evolution of big data applications and artificial intelligence will make this problem even more complicated.
References
Coventry, L., & Branley, D. (2018). Cybersecurity in healthcare: A narrative review of trends, threats, and ways forward. Maturitas, 113, 48-52.
Lee, K. (2017). Cybersecurity awareness. Protection data and patients. Nursing Management, 48(4), 16-19.
Page, C. K., & Simpson, R. L. (2016). Nurse leader challenges in data transparency: Eyes to the future. Nurse Leader, 14(4), 271–274.