Protected Health Information
This assignment aims to analyze the use of risk assessments and their influence within your current or previous organization.
Write a 750-1,000-word paper that includes the following criteria:
Describe the top three internal and top three external risks currently threatening PHI data within your selected organization.
Explain how risk assessments are conducted within the organization.
Discuss who conducts these assessments and with what frequency.
Evaluate the importance of professionalism, including ethical principles and lifelong learning in successful risk mitigation.
How do these assessments mitigate the risks you have identified?
Prepare this assignment according to the guidelines in the APA Style Guide, located in the Student Success Center.
This assignment uses a rubric. Review the rubric before beginning the assignment to familiarize yourself with the expectations for successful completion.
You are required to submit this assignment to LopesWrite. A link to the LopesWrite Technical Support Articles is located in Class Resources if you need assistance.
This assignment aligns with the following AMIA 2017 Core Competencies for Health Informatics Curricula at the master’s degree level:
F2: Information Science and Technology: Shows How
F8: Professionalism: Shows How
Protected Health Information
Health information data is critical information that should always be maintained with top tire security. Over the years, cyber security has been a valid concern for healthcare systems using electronic health information systems and records. Unfortunately, data and information breaches are common today. Protected health information includes very sensitive information containing patients’ personal information and medical records, and a leak of this information to unsafe hands may cause detrimental problems to the health organization and the patient themselves as their privacy is compromised(Cohen & Mello, 2018). Therefore, health organizations should invest in ensuring health information is safe from all risks. Furthermore, the sensitivity of health information and data makes it susceptible to cybercriminals, making it a vital need to secure electronic health records(Isola & Al Khalili, 2020). Risks threatening the health information safety, risk assessment, the need for professionalism, and curbing the risks through assessments in a former health institution I was in will be discussed in this essay.
Security risks to health information
In the health institution I worked with, they identified internal and external threats and risks that may compromise the safety of protected health information. One of the common internal threats was poor and inadequate staff training. Employees who are not well enlightened on the need for maintaining the privacy of such health information may risk losing the information as they may misuse their positions to disclose private information to others due to a lack of knowledge(Jiang & Bai, 2019). In addition, such employees pose a risk as they may use the information to benefit themselves in different ways, like criminal activities or financial benefits (Seh et al., 2020). Another internal risk is poor documentation and lack of privacy for electrical data(Jiang & Bai, 2019). Poor data encryption, either in files or computers, in a way that unauthorized people may access it, is a risk to protected health information. Thirdly, the internal risk is data loss, which may be due to delegation of responsibility to unreliable individuals or employee theft for personal reasons(Seh et al., 2020).
On external risks, cyber hacking and malware of information technology. First, with the current technological developments, protected health information is at risk of being breached by outsiders who are good at cyber-crime for different benefits like money, felony, or favors(Jiang & Bai, 2019). Secondly, protected healthcare information is at risk of terrorism, and visitors may access protected information on the organization’s premises (Jiang & Bai, 2019). Finally, theft is the typical risk of loss and breach of protected information, so people visiting the health institution should be assessed and evaluated.
Regular risk evaluation was one of the principal activities in my former health institution, as they were aware that electronic health information faces the risk of a security breach. Risk evaluation and assessments are conducted regularly so the organization can develop mitigation action strategies(Vanderpool, 2019). The evaluation involves a cascade of checked details, including identifying the threat, identifying the vulnerable areas, assessing the degree of access control, and identifying system structure loopholes that might create risk or threat to the health information.
The business associates and covered entities conduct the assessments as recommended by the health insurance portability Act security rules. The security risk assessment is done consistently and starts with identifying vulnerabilities(Vanderpool, 2019). Once the risk assessment is done, the organization should record the result for analysis and implementation(Isola & Al Khalili, 2020). Security risk assessment is vital for healthcare organizations, and authorized trusted individuals should conduct it to ensure integrity and safety.
Importance of professionalism
Risk mitigation requires utmost professionalism to maintain legal and ethical conduct. Knowing the magnitude of health information records insecurity, the health institution I was in developing strategies to help maintain ethical and legal standards for patient and health information(Skyvell Nilsson et al., 2018). Protected health information integrity does not only impact the health organization but the patients, medical practitioners, and society at large. Therefore, medical practitioners should maintain professionalism in respecting autonomy, beneficence, justice, and non-maleficence(Skyvell Nilsson et al., 2018). The safety of protected healthcare information is a practical application of ensuring patient confidentiality and respect. Additionally, once the information is breached, it may lead to harm for the patient as it may land in the wrong hands hence a risk of lack of ethical obligation.
Health professionals should strive to ensure that every action is in the patient’s best interest and benefit, including keeping their personal and private information safe. Legal action should be taken against professionals who breach patents to protect health information, a strategy to maintain professionalism, and ethical principles obligation(Skyvell Nilsson et al., 2018). for professionalism to be maintained regarding protected healthcare information, medics should maintain privacy, safety, accountability, and restricted access to their patient’s sensitive information.
Role of risk evaluations in mitigating the risks
Risk evaluation is vital in the control of threats that may be present for causing insecurity of health information. The healthcare organization can evaluate the threats and develop strategies to curb the risks(Vanderpool, 2019). Through evaluating the threats, the organization can develop a security system to enable only accredited individuals to access protected information, and this includes the use of passwords, safety locks, and security cameras and personnel to ensure that people accessing the information, whether on the software systems and the premises are authorized personnel.
Additionally, assessing the risks enables the organization to predict the likelihood of the b breach of the information and prepare earlier for it(Cohen & Mello, 2018). The risk assessment will enable them to identify a wave of cyber criminals to predict the event’s occurrence and set necessary measures to curb the breach. Evaluations and assessments also help to develop and maintain proper security systems for health information that minimize the breach occurrence (Cohen & Mello, 2018). it is through a risk assessment that a healthcare institution can identify, control, maintain and mitigate threats that may lead to a breach of protected healthcare information.
Cohen, G., & Mello, M. M. (2018). HIPAA and Protecting Health Information in the 21st Century. JAMA, 320(3), 231. https://doi.org/10.1001/jama.2018.5630
Isola, S., & Al Khalili, Y. (2020). Protected Health Information. PubMed; StatPearls Publishing. https://www.ncbi.nlm.nih.gov/books/NBK553131/
Jiang, J. (Xuefeng), & Bai, G. (2019). Evaluation of Causes of Protected Health Information Breaches. JAMA Internal Medicine, 179(2), 265. https://doi.org/10.1001/jamainternmed.2018.5295
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Khan, R. A. (2020). Healthcare Data Breaches: Insights and Implications. Healthcare, 8(2), 133. https://doi.org/10.3390/healthcare8020133
Skyvell Nilsson, M., Törner, M., & Pousette, A. (2018). Professional culture, information security, and healthcare quality—an interview study of physicians’ and nurses’ perspectives on value conflicts in electronic medical records. Safety in Health, 4(1). https://doi.org/10.1186/s40886-018-0078-9
Vanderpool, D. (2019). HIPAA COMPLIANCE: A Common Sense Approach. Innovations in Clinical Neuroscience, 16(1-2), 38–41. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6450678/
Tough Essay Due? Hire Tough Essay Writers!
We have subject matter experts ready 24/7 to tackle your specific tasks and deliver them ON TIME, ready to hand in. Our writers have advanced degrees, and they know exactly what’s required to get you the best possible grade.