HIPAA VIOLATION AND PREVENTION 9
HIPAAViolations / a Clinic`s Server that Contains Patients Records washacked
HIPAAViolation and Prevention
Thesis:The paper evaluates HIPAA violation through a clinic’s servercontaining patients’ records that was hacked. It also providespossible strategies to prevent the violation.
Electronic storing and access of information largely facilitates violation of HIPAA.
The clinic’s server hacking is a HIPAA violation because the clinic fails to ensure confidentiality and security of its patients’ health information.
Hacking is a HIPAA violation because it results in the illegal access of sick persons’ contact details.
Regardless of if deliberate or by accident, unauthorized disclosure and access of patient information is regarded as a violation of HIPAA.
Employing of secure technology
Assigning a privacy officer in their clinic
Training clinic staff on how to conform to HIPAA rules
Thepaper begins by introducing HIPAA. It is an act guaranteeing privacyand discretion of particular health information. There are manypractices by healthcare providers, which result in the unintentionalor intentional violation of HIPAA. Violation becomes apparent whenthe actions of healthcare providers result in disclosure of patients’health information to unauthorized persons. Thus, the paper evaluatesHIPAA violation through a clinic’s server containing patients’records that was hacked. It also provides possible strategies toprevent the violation.
Hackingof a clinic’s server is a HIPAA violation. There are a number ofreasons discussed to explain why hacking is a violation. Asorganization progress towards electronic storage of information, thehealthcare sector has also adopted the new technology. However, forthe healthcare sector electronic data storage is a major challenge asit facilitates HIPAA violations. It is a violation because the clinicfails to provide confidentiality and security of healthcareinformation. It results in the illegal access of sick persons’contact details, which can be used to blackmail patients, foridentity theft and fraud billing. Although hacking of the clinic’sserver is not deliberate, it is still regarded as HIPAA violation.This is because HIPAA stipulates that, it is the responsibility ofhealthcare providers to take measures necessary in ensuring patientinformation is only accessible to authorized personnel.
HIPAArefers to a 1996 act, which guarantees privacy and discretion ofparticular health information. Healthcare is altering, which involvesthe tools applied to organize enhanced patient care. One commonchange is electronic health recording. Electronic recording ofpatient information eases organization of patient care through easyaccess to health information by healthcare providers. However,electronic recording of patient’s information raises seriousconcerns on the confidentiality and security of the data. It alsoraises questions over who can access the information and how.Increased storage of information online and adoption of more adventtechnologies like mobile computing, make it easy for stored healthinformation to be improperly accessed and made public. Such improperaccess and disclosure is achieved through hacking into the electronicstorage systems. The paper evaluates HIPAA violation through aclinic’s server containing patients’ records that was hacked. Italso provides possible strategies to prevent the violation.
Electronicstoring and access of information largely facilitates violation ofHIPAA. In a clinic, healthcare providers’ record a lot ofinformation about patients, this is stored in electronic devices,like computers (Schultz, 2012). Other technological advancements thathave been noted include mobile computing, where patients can receiveand provide their healthcare data using their mobile phones. Serversare the most suitable manner to manage and organize all theinformation in the clinic that is stored electronically (Schultz,2012). A clinic’s server containing patients’ records was hacked.Hacking is a HIPAA violation, which results in unauthorized accessand disclosure of patient information to unauthorized persons.Hacking regards to technical efforts that result in malevolentprogramming attacks over the internet and different networks(Schultz, 2012).
Theclinic’s server hacking is a HIPAA violation because the clinicfails to ensure confidentiality and security of its patients’health information. HIPAA’s privacy and security laws guaranteesthat healthcare providers covered under the act are responsible forthe confidentiality and security of sick persons’ healthinformation (Gina, 2013). This means that unauthorized disclosure andaccess to patient information results in serious consequences for theclinic. When patients’ information has been hacked from a clinic’sserver, depending on the extreme of disclosure of the information orharm to the patient, the clinic faces serious fines (Gina, 2013). Amajority of these fines are expensive. Bearing in mind that theaftermaths arising from hacking are irreversible and by the time theyare detected, they probable have already caused harm to the partiesaffected.
Hackingis a HIPAA violation because it results in the illegal access of sickpersons’ contact details. These include names, Medicare numbers,social security numbers, email, addresses, mobile contacts, date ofbirth and medical history (Schultz, 2013). It could also result inthe unauthorized downloading of patient files from the clinic serverto personal laptops. The risk enhances with the possibility of thelaptop being stolen, which implies that more people accessinformation that they could sell (Gina, 2013). When a clinic’sserver is hacked, it implies that the hackers have access toinformation they can employ in identity theft, fraud billing andblackmail (Gina, 2013). The hackers are unknown persons, and mayprogress with their malicious acts without the clinic’srealization. For instance, medical history can be sold to anotherclinic, which may decide to contact the patient and offer betterhealthcare needs. As the techniques employed by hackers advance,healthcare providers that did not previously consider themselves atperil are currently high-value targets (Schultz, 2013).
Regardlessof if deliberate or by accident, unauthorized disclosure and accessof patient information is regarded as a violation of HIPAA (Sullivan,2004). Organizations, which access sick person’s information, areregarded as covered units under the act. Thus, mandated through lawto abide by HIPAA stipulations, or face unlawful penalties. Accordingto HIPAA, it is the responsibility of healthcare providers to takemeasures necessary in ensuring patient information is only accessibleto authorized personnel (Sullivan, 2004). The act’s confidentialityand security obligations are extensive, acting as a mirror of ourcommunity’s heightened worry regarding to individual privacymatters (Sullivan, 2004). The clinic’s server containing patients’records should not be easy to hack. There are many reasons whyhacking is possible. A clinic’s server can be hacked even when theyuse passwords. It becomes easy for hackers to access personal patientinformation when it is not encrypted. Hacking is regarded as aviolation especially when not all possible strategies to protectpatient information are employed by the clinic.
Manyhealthcare practitioners are aware of HIPAA and the aftermaths ofviolation of patient privacy rules. Despite being aware of the laws,it is necessary to put in place preventive measures intended atavoiding violation (Rossenfeld, 2013). Various strategies can beemployed to avoid hacking of a clinic’s server.
Anotherstrategy is employing of secure technology. There are severalavailable technologies formulated for securing patient information.The clinic should be discerning on software, which protect datathrough a wireless connection. This includes anti-spyware, creatingfirewalls, anti-virus and technology that detect any serverintrusions (Rossenfeld, 2013). It is advisable to employ cautionduring access to information over remote connection. Clinicians mayuse two-factor authentication structure comprising security tokens,as well as passwords (Rossenfeld, 2013). Access regulations like PINnumber and password requests assist in restricting access topersonal data. All stored data in the clinic’s server needs to beencrypted. Encryption guarantees that the health information isunreadable or cannot be comprehended except by individuals authorizedto decrypt (Warner, 2013). Audit trailing is also necessary. Itrecords access to personal information, noting changes made and atwhat instances. This means that incase of any attempts to hack theserver, the clinic is aware and takes the necessary securityprecautions (Moeller, 2010).
Healthcareproviders should ensure that they assign a privacy officer in theirclinics. HIPAA rules necessitate the assigning of a privacy officerto be accountable for the advancement and discharge of HIPAAconformity guidelines and processes (Rose, 2013). The officer is alsoaccountable for forming, publicizing and dispersing notice onpractices aimed at ensuring information privacy. The officer recordsand stores sick person’s consent of getting notice regardingpatient privacy endeavors (Rose, 2013). Other roles include handlinghealth record alterations or rectification submissions, availingresponse to sick persons and employees in reference to HIPAA ordiffering privacy safeguards. Importantly, the officer manages anyissues raised by patients and personnel about privacy infringements(Rose, 2013).
Clinicstaff needs to be trained on how to conform to HIPAA rules. Thisensures that all employees practice security precautions. It reducesthe possibility and ability for hackers to hack a clinic’s server(Rose, 2013). Healthcare providers are accountable for ensuring thattheir employees are trained and aware of HIPAA conformity. Trainingshould concentrate on frequent discussion on how to desist fromdisclosure of information via habitual conversation. It alsoconcentrates on the negativity of marketing private information(Rose, 2013). Marketing entails selling sick person’s informationto third parties intended at marketing reasons. Personnel also needto be informed on proper manner of discarding information. Theinformation should be discarded or deleted in manners making itimpossible to retrieve the information (Rose, 2013).
Hackingof a clinic’s server is considered HIPAA violation because itresults in the disclosure of patient information to unauthorizedpersons. HIPAA mandates that all healthcare providers ensureconfidentiality and security of patient data. Technology has made itpossible to store, organize and exchange information electronically.Such technological progresses, despite being helpful, enhance thepossibility of unlawful acts like hacking. Regardless of whetherunauthorized information access happens deliberately orunintentionally, it results in fines to the responsible clinic. Thus,healthcare providers need to adopt preventive strategies, which prevent HIPAA violations.
Gina,S. (2013). Cover Story: HIPAA Compliance Holds Keys to KeepingPatient Data Safe. HearingJournal,66(3), 28-32.
Mace,S. (2013). Preparing for Tougher Privacy Rules. HealthLeaders,16(7), 48-51.
Moeller,R. R. (2010). ITaudit, control, and security.Hoboken, N.J: Wiley.
Rose,V. R. (2013). Five ways to Reduce Risk Related to Personal HealthInformation. HealthcareFinancial Management,67(1), 34.
Rossenfeld,C. (2013). How to Avoid the Most Common HIPAA Violations. MedicalOffice Today.Retrieved fromhttp://medicalofficetoday.com/Content_free/Common-HIPAA- Violations.aspx
Schultz,D. (2012). As Patients’ Records Go Digital, Theft and HackingProblems Grow. Kaiser Health News.Retrieved from http://www.kaiserhealthnews.org/Stories/2012/June/04/electronic-health-records-theft- hacking.aspx
Sullivan,J. M. (2004). HIPAA:A practical guide to the privacy and security of health data. Chicago, Ill: American Bar Association, Health Law Section.
Warner,D. (2013). Safe de-identification of big data is critical tohealthcare. Journalof Healthcare Compliance,15(4), 63-72.