100%(67)67 out of 67 people found this document helpful
This preview shows page 13 - 16 out of 21 pages.
addresses privacy and security concerns associated with electronic health records and HIPAA” (Rivas, 2016). Electronic Medical Records (EMR) are now being used across the U.S. for all major healthcare organizations such as hospitals and clinics.The original intentions of the HIPAA leglislation were twofold: “standardization and simplification of information transmissions, and cost savings” (Harman, 2015). This shift from paper records to electronic records escalated costs. Patients not only must be informed about the practices for
disclosure of their information as well as the use of said information, but they must also give written consent. Meaning they must give the 'ok' for their information to both be disclosed as well as used for healthcare operations, treatment, and payment. HIPAA has created an incredible amount of awareness of both patient privacy as well as data security. “HIPAA is firm when it comes to certain non-negotiable requirements, like the need to encryptpatient data on mobile devices that could be stolen, but is flexible when it comes to the method of achieving the goal, which make it more likely to adapt to changes with medical and technology innovation” (Mellen, 2016).Areas of ImprovementJust because HIPAA has now helped to better shape the medical field, does not mean that all organizations would necessarily comply and implement those additional controls. With how often systems are hacked, “HIPAA does not currently specify that an organization must use data encryption, only that the issue should be addressed. Data encryption is therefore voluntary and according to a Forrester Research report released in September 2014, only 59% of healthcare organizations had implemented full-disk encryption or partial encryption of healthcare data” (HIPAA Journal, 2015).Those who are compliant, both providers and insurers, now have a number of security controls. A few of those controls include physical, administrative, and technical, all to help prevent unauthorizedaccess to data and to safeguard personal information and ePHI. One improvement that could be made isto have data encryption be mandatory because it could have a major impact on data security and prevent many breaches. I say this because of how often we hear that a hospital, clinic, or such is hackedand personal information is stolen. For example, the recent cyber attack affected 61 National Health Service hospitals, possibly even more. Following these recent WannaCry ransomware attacks, “Department of Health and Human Services has been issuing cybersecurity alerts and warnings to healthcare organizations on the threat of
attack and steps that can be taken to reduce risk” (HIPAA Journal 2, 2017).Possibly having a security chip with an encryption on insurance cards would help to keep such hacking at bay. Also being photo enforced so that each patient is identified correctly to make sure they are who they say they are. Whether they are together on the same card or two separate cards as insurance cards and our id's currently are, could be negotiated.