From the Capstone Project I have attached, please answer the following questions:
Reflect: This week we begin the revision process. Revising is a multi-step process. The word REVISE, literally means to REVISION or see in a different light. What is your revision process? How has it grown or changed during your studies? Share your best practices and tips for revising and improving your papers.
Progress: This week we also focus on research. Share a brief overview of your research methods. What are the biggest challenges you faced finding sources? What search terms (key words) did you use? Share a statement about your proficiency in the following areas: Navigating library databases, integrating sources into your essay, APA format and citations.
Page 9 of 15
March 1st, 2020
Privacy- What medical information should be confidential? Who, if anybody, should have access to medical records?
In healthcare centers and overall privacy is the right of every US citizen that should be protected in all its forms by the healthcare organisation.
Rough Draft Ideas
Identity theft in healthcare industry become a common practice and leads to information leakage that may destroy someone’s life. We can eliminate this human right violation by enforcing effective and practical laws. Healthcare organisations should understand their responsibilities and tighten security to protect information of patients.
Table of Contents Introduction 3 Overview of Privacy Protections with Respect to Medical Records 4 Data Breaches in the Healthcare Industry 5 Healthcare is the biggest Target for Cyber Attack 7 Penalties and Punishments for Hacking Personal Information 9 Penalties 9 Devastating Consequences of Healthcare Data Breaches 10 Conclusion 10 Recommendations 11 Bibliography 12
While operating in healthcare organisations need to gather patient’s information that is mostly personal information. It is the moral and legal responsibility of health care organisations to protect the information of their patients and do not share it with people outside of the organisation without the patient’s consent.
Protecting patient’s information is a crucial element of respect and essential for patients’ autonomy and trust in the organisation — the US healthcare industry currently facing patient mistrust that is caused because of a lack of trust. When patients experience a lack of confidence, they do not share their information with a healthcare professional that causes ineffective treatment.
In a 2018 study, Levy, Scherer, Zikmund-Fisher, Larkin, Barnes, & Fagerlin concluded that approximately 81.1% of people withheld medically relevant information from their health-care providers. Patients fail to disclose medically relevant information in front of their clinicians undermine their health and cause patient harm (Levy, 2018).
There are numerous components of patient privacy in healthcare that are personal space, religious and cultural affiliations, physical privacy, decisional privacy, associational privacy that includes patient’s personal relationships and informational privacy that provides for the protection of patient’s personal data.
Healthcare organisations and physicians should protect the patient’s information and kept strict privacy measures in all its forms;
Medical records contain personal information of patients and sometimes sensitive information like physical records that is disclosed in front of the public by any means, cause embarrassment and uneasiness in front of others. These things could affect the patient’s personal and professional life.
Although records at healthcare organisations are promised to be protected but still, we need effective and long-term legal implications that bring satisfaction among patients. The protection of medical records through privacy policies is still in its infancy. Over time medical records are started to save in computers instead of written documents.
Although this transition is taken to keep records more efficiently but unfortunately still information from healthcare organisations moves out, which needs to be settled.
Overview of Privacy Protections with Respect to Medical Records
The word privacy was not a bounded definition but it changed along with legal changes. Civil law, common law, and criminal define privacy differently for example, common and constitutional law define privacy as “it is a right to be let alone” and to be free from any external interpretation like government institutions.
During that period, the question for abortion privacy rights has been raised, that states government involvement in abortion decisions disturbs women’s independent decision-making authority and also violate their privacy (Cleaver, 1985).
Data Breaches in the Healthcare Industry
From current sources, it is clear that in the current world data breaches are a regular practice. Every day, news channels reveal a hospital or healthcare organisation breaching their personal records.
According to a report from, Ponemon Institute and Verizon Data Breach Investigations healthcare industry are facing more data breaches than any other industry across the world, and mainly in the United States.
The healthcare sector faces more breaches because of numerous incidents that include stealing malware for professional or personal gain, purposeful harm to a patient or through lost devices of healthcare professionals.
Data breaches in the healthcare sector through cyber-criminals is a controversial topic these days. According to the health and service report, more than 15 million health records have been breached and shared for different purposes.
The black market behind the healthcare organisation is working for long, and many patients are not aware of the thing that their personal information has been sold out to third parties. 2019, proved as the worst year regarding healthcare breaches and lack of security measures.
Sean Curran, West Monroe Partners’ senior director states that based on the previous year attacks and data breaches healthcare professionals need to reset their infrastructure and adjust their security measures to limit the activities of hackers. According to this report, healthcare organisations need to understand that they need to understand, recover, minimise and get backup of lost data of patient’s healthcare (CIS, 2020).
Twenty-five million patients’ health record has been lost or shared according to ongoing investigations. Investigations are still in process that makes it clear that patients are still impacted but the accurate number of impacted patients is still unclear.
12 million people from Quest Diagnostics have been affected and the lost data includes social and medical information. The information was leaked through lab reports and tests performed outside of the hospital organisation.
According to the AMCA data breach report, about 7.7 million patients from LabCorp were impacted with data breach and almost 422,000 patients from Bio Reference are impacted with the data breach.
These patient’s medical and personal information has been lost by people within the organisation such as by employees. 1.5 million Patients from immediate health groups are impacted by the mis-configured database.
The examination decided patient segment subtleties, therapeutic case information, and other individual data were conceivably broken. In any case, when Immediate sent the warnings to patients about the security occurrence, a few patients announced that they were getting various letters, some routed to different patients (Davis, 2019).
By 2009-2018 healthcare data breaches evolve 500 health records. During these year data breaches, records are almost 189,945,874 healthcare records. Almost 59% of the US population is affected by healthcare record theft and the irony is half of the impacted population do not have understanding nor they are informed by healthcare organisations for the leakage of their personal and medical history (HIPAA, 2019).
Healthcare Breached Records during 2009-18
Healthcare is the biggest Target for Cyber Attack
The healthcare industry is at risk because organisations are becoming technologically advanced. Although organisations are becoming technologically advanced still professionals in organisations do not have the training to manage online risks.
From a few past years, cyber-crimes are happening every second day, and healthcare data is revealed and hacked through these activities. There are many reasons hack patient’s medical information because of its worth thousands of dollars for hackers.
Employees within the healthcare organisation get trapped by hackers and for their personal gain share patient’s information outside dealers. Organisations need to keep a sharp eye on such employees and introduce hard policies that restrict behaviours within and outside of the organisation.
IT professionals are thinking to introduce effective security measures to prevent data breaches from healthcare organisations but they understand that this is a high-cost process.
Another big reason for being the big target for attackers is the low security of medical devices. The healthcare providers in the United States are becoming totally technologically innovative and depend on advanced machinery. But the drawback of the devices that these are not security optimised nor protect data of patients.
These devices are manufactured on one way working principle without thinking for protection as a need. And this is the reason hackers can easily access information available in these devices like X-rays, insulin pumps and many other devices.
Remote assessment of healthcare data is another point to ponder. Accessibility of healthcare data of the patient can be accessed from any desktop or multiple devices from different places.
These availability are also risky for healthcare organisations. Remotely connections should be more secure than it can identify the actual user and prevent loss of data. Risk-based authentication is a way to improve security for risk authentication in the healthcare department (risk, 2018).
Penalties and Punishments for Hacking Personal Information
The term hacking was first introduced in the 1950’s in the Massachusetts Institute of Technology. The word hacking means feeling pleasure in itself. But over time, the concept has been changed into a negative meaning because of its association with negative or criminal activities for a long time.
Hackers pulled out information for someone’s computer and use this information for personal gain, like earn money by selling this information to a third party. In 2011, Aaron Swartz the founder of Reddit hacked JSTOR and penalise to pay $1 million and 35 years of imprisonment and all his property was forfeiture, at last, he committed suicide.
Another important act that protects the privacy and personal information of people in the United States is The Computer Fraud and Abuse Act. This act experiences some amendments that are known as “exceeds authorised access” which means access to someone’s computer without authorisation.
The punishment for the one who accesses someone’s information without authorisation, like in the healthcare sector will be punished based on the sensitivity of information hacked.
In the US a hacker who accesses and uses someone’s personal information will be imprisoned for ten years at first but if he again attempts to commit hacking will be kept in prison for more than 20 years. Punishments to the offender also varied based on the problem or damaged the victim bears (Lee, 2014).
Because of unusual attempts of a data breach during 2019, regulators are becoming focused and attempting to enforce strict measures for those organisations who are not taking any product decisions. Data breach in different countries brings many conflicts in various institutions.
For example, during 2017, the US paid a minimum of $575 million for protection against a data breach. During 2018, the country fined a substantial amount as a result of weak protection of the health industry (Swinhoe, 2020).
Apart from hacking attempts, those who sell healthcare information to others are also termed as fraudulent. Because they commit fraud with the organisation with which they are working. Thus, penalties for fraud attempts could be termed as criminal penalties, civil penalties or in some cases both.
Punishment for fraud activities or involvement in these activities includes imprisonment, fine and probation or both imprisonment and fine. These conditions are varied based on the sensitivity of the case. Laws for theft from 2004, decide the punishment for these cases that minimum is three years that might be extended to five years (http://criminal.findlaw.com, 2016).
Devastating Consequences of Healthcare Data Breaches
According to studies of 2000, US citizens have faced personal data breaches and as a result of data breach patients have to pay for their medical information up to $2500 that is out of pocket cost for them. Studies have found that the healthcare sector ranks first when it comes to data breach results.
The healthcare organisation notifies only one-third of data breach victims and only 15% are alerted by the government agencies. Because of the ineffective management of healthcare organisations patients face financial loss and if the information revealed by hackers, it also causes domestic rejection for victims mostly for women (Security, 2017).
Privacy is paramount and to personalise it vital whether it is me or you. Not just in the healthcare sector but everywhere like insurance companies and banks are also impacted by these evil attacks. After reviewing the data of healthcare breaches and its impact on the lives of victims, I would say that healthcare officials should stay vigilant and careful about the protection of patients, healthcare information. Personal information and medical history are two important things to be protected under strong security.
Healthcare protection laws should be improved with the aim to protect electronically saved patient’s information. Training should be arranged for healthcare officials and employees so they can get an insight into technical risks and enable them to manage if occurs.
Employees should be hired on a loyalty basis in healthcare organisations, and strict punishments are needed to impose to regulate their activities. Strong security should be maintained to monitor the activities of healthcare workers. Enhanced and advanced network security and application security are required to avoid data breaches and further complications for the organisation as well as for the patient.
Encryption methods should be implemented because this is a good thing to protect the patient’s personal and medical information from any unauthorised access. Punishments stated in constitutional and universal laws are short term that is not enough to probate a criminal. Healthcare hacking laws need to be improved with extended imprisonment and fined that will be paid to the patient according to the beard loss.
Government involvement in the healthcare sector needs to eliminate or should be on a small level, to protect data breach by undefined ways. These recommendations help deal with privacy problems in the United States as well as across the world.