Security of Medical Information
Management Information Systems MAN562
December 3, 2012
Much of the knowledge stolen in an organization takes the form of tacit knowledge that is used regularly but not necessarily in a conscious fashion. This paper covers what is in the medical records, what is not covered by HIPPA, what constitutes fraud and abuse, who has access, how to protect records, how patients get access to records, what rules and laws apply, and how to protect/secure electronic health records. Identity theft is discussed and what patients need to do to prevent it from happening. There are penalties and fines for computer fraud and abuse. Employee internet usage is monitored to protect patient records and company records. Records are accessed through intranets and extranets. This paper will determine if security measures are efficient and suggest a plan for information systems to address potential identity theft issues.
Much of the knowledge stolen in an organization is information that is used regularly but not necessarily in a conscious fashion. Health Insurance Portability and Accountability Act (HIPPA) only protects medical information that is kept by health care providers, health plans, and health clearinghouses, and those entities must conduct specific electronic transactions to be covered under HIPPA. This paper covers what is in the medical records, portability of records, identity theft, fraud and abuse, access points, employee monitoring, security measures, and how to avoid identity theft. This knowledge will help people protect the privacy of their medical records. Medical Records
There is a need to make people aware of their medical record privacy. The need to inform them which information is covered under HIPPA, information that is not covered under HIPPA, and how to protect that information. Patients need to know what is in the medical records, who have access, how to get their own records, what rules and laws apply, and electronic health records. Medical records begin when a patient sees a health care provider of any type. The charts can contain medical history, lifestyle, family history, results and findings, medications, and genetic results. Privacy Rights Clearinghouse (2012) states, “In addition, your medical records contain laboratory test results, medications prescribed, and reports that indicate the results of operations and other medical procedures”(para. 6). Not all medical information is protected by HIPPA. In addition, employers may be self insured and that information is not protected. Privacy Rights Clearinghouse (2012), “Medical information that is not covered by the federal privacy rule might be found in your financial records, your child's school records, and/or your employment files” (para. 8). Financial statements can include medical transaction information in their descriptions that are not protected by the privacy act. This medical information could be stolen. There are many people that can access medical records due to the patient signing a form when they visit the doctor’s office that allows affiliated personnel to access records as needed. Therefore, patients should discuss confidentiality of their records with their health care provider. HIPPA requires all health care providers to give patients access to their medical records. Providers are allowed to charge a fee for the records but not for searching and retrieving the records. Patients have the right to look at the HIPPA regulations to see how they apply to them and their medical records. Individual states also have laws in place regarding medical records, although they do not supersede HIPPA. Electronic health records (EHR) were enacted by President Bush in 2005 and must be in effect by the year 2015. The EHR system will enable non-primary physician and emergency health care...
References: AHIMA e-HIM Work Group on Security of Personal Health Information. (2008, September). Ensuring Security of High-Risk Information in EHRs. Retrieved from http://library.ahima.org: http://library.ahima.org/xpedio/groups/public/documents/ahima/bok1_039956.hcsp?dDocName=bok1_039956
Mancilla, D., & Moczygemba, J. (2009). Exploring Medical Identity Theft. Retrieved from perspectives.ahima.org: http://perspectives.ahima.org/PDF/Fall_2009/Exploring_Medical_Identity_Theft/Exploring_Medical_Identity_Theft_final.pdf
MIB Group, Inc., (2012). New Breed of Identity Crime: Medical Identity Theft. Retrieved from MIB: http://www.mib.com/medical_identity.html
Privacy Rights Clearinghouse. (2012, September). Fact Sheet 7: Workplace Privacy and Employee Monitoring. Retrieved from Privacy Rights Clearinghouse: https://www.privacyrights.org/fs/fs7-work.htm
Privacy Rights Clearinghouse. (2012, August). Fact Sheet 8: Medical Records Privacy. Retrieved from Privacy Rights Clearinghouse: https://www.privacyrights.org/fs/fs8-med.htm
Radiological Society of North America, Inc. (RSNA). (2012). Patient Privacy and Security of Electronic Medical Information. Retrieved from RadiologyInfo.org: http://www.radiologyinfo.org/en/news/newdetarget.cfm?ID=19
Rainer, R. K., & Watson, H. (2012). Management Information Systems Moving Business Forward. Hoboken, NJ: John Wiley & Sons, Inc.
Strohmeyer, R. (2011, March 23). How to monitor employee computer use the right way. Retrieved from Computer World: http://www.computerworlduk.com/how-to/infrastructure/3266702/how-to-monitor-employee-computer-use-the-right-way/
WebFinance, Inc. (2012). Tacit Knowledge. Retrieved from BusinessDictionary.com: http://www.businessdictionary.com/definition/tacit-knowledge.html
WGBH educational foundation. (2012). computer crime laws. Retrieved from PBS.org: http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html
Please join StudyMode to read the full document