Preview

Breaching the Security of an Internet Patient Portal

Powerful Essays
Open Document
Open Document
1186 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Breaching the Security of an Internet Patient Portal
NI Topic:

Breaching The Security of An Internet Patient Portal

Nur-531

May 18, 2013

Introduction

Kaiser Permanente is a health system which serves over eight million members in nine states and the District of Columbia. In the 1990’s the KP Northern California region created an Internet Patient Portal known as “Kaiser Permanente Online” (KP Online)(Wager, 2009). KP Online provides members access to request appointments and prescription refills, obtain health information, and receive medical advice from staff. In August 2000, a breach occurred when an Operations technician applied patches to servers in support of a new KP Online pharmacy refill application. Subsequently, the outgoing e-mail function of KP Online failed and created a dead letter file of outbound messages with replies to patient inquiries that contained individually identifiable patient information (Collmann & Cooper, 2007). In trying to clear the e-mail file, a flawed computer script was created that concatenated over 800 individual e-mail messages, which contained personal identifiable. At least nineteen of the e-mails reached their intended destination (Collmann & Cooper, 2007). Two members who received the email messages reported the incident to KP. Kaiser considered the breach was a significant incident due to the number of messages sent. As a result, the company created a crisis team to find the cause of the breach. The Kaiser crisis team notified its members and issued a press release three days after the breach.
Major Issues This case study protected sensitive patient information was comprised during the e-mail security breach. The Kaiser Permanente leadership reacted quickly to mitigate the damage of the breach because the company was non-compliant with good information security practice and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) which established standards for the



References: American Nurses Association. (2012). ANA Ethics Position Statement Privacy and Confidentiality. Silver Springs, MD: Author. Retrieved May 18, 2013 from ANA website. Collmann, J., & Cooper, T. (2007). Breaching The Security Of The Kaiser Permanente Internet Patient Portal: The Organizational Foundations Of Information Security. Journal of the American Medical Informatics Association, 14(2), 239-243. Harrison J., & Booth N. (2003). Applying new thinking from the linked and emerging fields of digital identity and privacy to information governance in health informatics. Informatics in Primary Care Journal, 11(4), 223-8. Retrieved from CINAHL database. HIPAA FAQs. (2002, August 1). Corporate Responsibility Resources For Businesses And Marketers. Retrieved May 18, 2013, from http://www.dmaresponsibility.org/HIPPA/. Rossel, C. L. (2003). HIPAA: An informatics system perspective, Chart, 100(1). Retrieved May 18, 2013 from CINANL database. Saba, V., & McCormick, K. A. (5th Ed.). (2011). Essentials of Nursing Informatics. Trustworthy Systems for Safe and Private Healthcare (pp. 271-277). New York: McGraw-Hill Companies. Wager, K. A., Lee, F. W., & Glaser, J. (2009). Health care information systems: a practical approach for health care management (2nd ed.). San Francisco, CA: Jossey-Bass.

You May Also Find These Documents Helpful

  • Good Essays

    The medical group could face significant penalties due to security breaches of medical information. Physical safeguards should have been implemented to assure that equipment with electronic information systems that contained patient data are safe from unauthorized intrusion. Technical safeguards cover the electronic protected health information and control access to it. Advocate Medical Group has failed to ensure proper HIPAA policies and procedures were implemented in the…

    • 808 Words
    • 4 Pages
    Good Essays
  • Better Essays

    Wager, K. A., Wickham Lee, F., & Glaser, J. P. (2009). Health Care Information Systems: A Practical Approach for Health Care Management (2nd ed.). Retrieved from The University of Phoenix eBook Collection database.…

    • 850 Words
    • 4 Pages
    Better Essays
  • Satisfactory Essays

    In this week’s assignment, you are asked to research HIPAA and how it has provided…

    • 351 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    References: Sayles, N. (2013). Health Information Management Technology: An Applied Approach. (4th ed., p. 230)…

    • 444 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Administrators at the University of Colorado found a way to comply HIPAA to protect the integrity of electronic patient records. In addition to meeting the Privacy requirement of HIPAA, they needed a system to deal with their staff of medical professionals who move from computer to computer throughout their shifts. To be better equipped to achieve compliance, the hospital chose to use technology via a…

    • 783 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    How do HIPAA Privacy and Security Rules apply to Health IT and EHRs? ... December 12, 2011, 10:24 am / Leon Rodriguez / Former Director, HHS, Health IT Buzz > Privacy and Security of EHRs > Privacy, Security, and Electronic Health…

    • 391 Words
    • 3 Pages
    Satisfactory Essays
  • Better Essays

    Wager, K.A., Lee, F.W., & Glaser, J.P. (2009). Health Care Information Systems. A Practical Approach for Health Care Management (2nd ed.). Retrieved from https://ecampus.phoenix.edu/content/eBookLibrary2/content/eReader.aspx.…

    • 873 Words
    • 4 Pages
    Better Essays
  • Satisfactory Essays

    Over the years since the inception of HIPAA, it is hard not to notice the influence it brought on to the patients, the healthcare industry, the health information management and technology, and other entities in securing the confidentiality, security, and privacy of PHI. In addition, the HITECH Act and its HIPAA modification released in January 2013 greatly invigorated the HIPAA of 1996 (Solove, 2013). Definitely, the most important health care changes over the past couple of decades is the growing interest in health information privacy and security (Solove, 2013).…

    • 90 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Identifying different forms of security breaches and instituting measures to implement and safeguard specific standards, policies, and procedures against leaking e-PHIs to attackers and hackers, will maintain patients’ integrity and promote growth of the organization. To maintain the confidentiality of e-PHIs, HIPAA created privacy rule, security rule, and HITECH. These rules help to safeguard patient’s privacy, prevent, detect, and correct security violation. Furthermore, viruses, which are introduced by hackers, can attack the computer systems. Another way to protect…

    • 447 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Patient privacy has been a major issue within the healthcare field for many years. With the increasing use of medical information technology more and more people are being authorized to view patient health information. Not only do physicians and nurses have access; but this has broadened to include allied health professionals, billing specialists, quality assurance employees, social workers, medical records technicians etc... (Pendrak & Ericon, 1998). All of these healthcare professionals have a duty to take any steps necessary to protect the patient 's right to privacy when it comes to their health information.…

    • 1410 Words
    • 6 Pages
    Powerful Essays
  • Better Essays

    Wager, K. A., Lee, F. W., & Glaser, J. P. (2009). Health care information systems: A…

    • 1106 Words
    • 4 Pages
    Better Essays
  • Good Essays

    Green, M.A., & Bowie, M.J. (2005). Essentials of health information management: Principles and practices. Clifton Park, NJ: Thomson…

    • 1028 Words
    • 5 Pages
    Good Essays
  • Good Essays

    Health Informatics is the use of information systems and technology to develop, improve, and restructure old processes in the practice of medicine. (Balgrosky, 2015) The purpose of health informatics is optimize storage, retrieval, and use of information in health and biomedicine. There are many ways that health informatics impacts health care which is to help a physician diagnose a patient better, reduce medical errors, increase patient participation, allow easier access to medical information, and improve public health. Today most all organizations that provide health care services use some type of health informatics such as an electronic health record (EHR), whether it is fully electronic or a hybrid system to achieve the ultimate goal which…

    • 779 Words
    • 4 Pages
    Good Essays
  • Best Essays

    References: Author Unknown. Breach Report 2010, Redspin Inc. Dec. 2010. Retrieved from http://www.redspin.com/resources/whitepapers-datasheets/index.php on April 19, 2012. Badzek, L., Gross, G. Confidentiality and Privacy: At the Forefront for Nurses. The American Journal of Nursing, Vol. 99, No. 6 (June, 1999), pp.52-54. Lippincott Williams & Wilkins. Retrieved April 18, 2012 from http://www.jstor.org/stable/3472150. Byfield, E. 315,000 Patients ' Information Disappears From Emory Healthcare. WSBTV. Retrieved April 18, 2012 from file:///F:/Ethics%20information%20age/315,000%20patients%27%20information%20disappears%20from%20Emory%20Healthcare%20_%20www.wsbtv.com.htm Dixon, P. MEDICAL IDENTITY THEFT: The Information Crime that Can Kill You, March 3, 2006. World Privacy Forum. Retrieved from http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf on April 24, 2012. Foreman, Judy (26 June 2006). "At Risk of Exposure”. Los Angeles Times. Retrieved April 23 , 2012. Gellman, R. Fact Sheet 8a: HIPAA Basics: Medical Privacy in the Electronic Age. Privacy Clearing House. March, 2012. Retrieved April 19, 2012 from http://www.privacyrights.org/fs/fs8a-hipaa.htm. Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. § 1320d-9 (2010).…

    • 1982 Words
    • 57 Pages
    Best Essays
  • Good Essays

    The Electronic Privacy Information Center (EPIC) was ‘…established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, freedom of expression and constitutional values in the information age.” (EPIC 2003 annual report). EPIC represents the civil liberties of electronic and internet users, individuals whose personal and “Automated health care records” (EPIC 2003 annual report) that are stored and transmitted electronically, and all persons that are affected by the vast electronic information society. The electronic and internet resources that are represented include “data protection, telephone tapping, genetic databases, ID systems and freedom of information laws.” (EPIC 2003 annual report). The primary demographic that EPIC targets are users of the internet and…

    • 1093 Words
    • 5 Pages
    Good Essays