Security Breach Action Plan
University of Phoenix
February 2, 2015
Dr. Chong Daleiden
Security Breach Action Plan
Guarding patient’s confidentiality is most vital when working in any health care arena. There are individuals who are looking to take information which does not belong to them for their gain. When individuals are able to obtain this information for personal gain it is known as identity theft. This paper will look at the occurrence at St. John’s Hospital and discuss what should have been done with the patient documents, what actions, if any, should these personnel take toward the actions of the cleaning staff. Also this paper will discuss ...view middle of the document...
Theoretically the house keeping employee was reading trash which is considered public information. With that being said, the house keeping employee should be reminded that their job is to clean the offices and not to sit around reading items from the trash.
Actions taken by IS Administration
The IS administrative office needs to set up a meeting to discuss the incident that has happened it their department. The employees need to be reminded of their obligations to keep patient information secure and private. They should also be reminded that what they have done is a breach of the HIPAA laws and a breach of the patient’s confidential records. Each one of the people need to take a refresher course on the HIPAA laws and also remind them that this not happen again and if it does then there will be consequences to follow.
Detailed Management Plan
Over the years the administration at St. Johns Hospital has taken pride in keeping patient’s health information secure and private. This hospital will continue to do just that from here on out. There will be no more discarded printouts of any kind just thrown into the trash for anyone to read. The goal of this hospital will be to protect the patient’s information of those who have put their trust in us. This plan will take effect immediately and each employee will read and follow the plan, or management will be forced to take action on a disciplinary basis. What this organization is trying to accomplish is to keep our patient information private and secure. Every new employee hired at St. Johns Hospital will take training on the HIPAA laws along with their regular training for their position. All other existing employees will have training on the HIPAA laws every six months. This will help to keep the privacy laws fresh in their memory of how to keep patient records secure and private. This training will consist of completing computer based HIPAA training modules, and reading Patient Privacy: A Guide for Providers, HIPAA and You: Building a Culture of Compliance, and Examining Compliance with the HIPAA Privacy Rule. A test will follow to make sure that what each employee read, they understood what is expected from them with HIPAA compliance and the security of patient information (U.S. Department of Health and Human Services, 2014). All computer printouts or other papers that may contain patient information will not be thrown into the trash unless they have been shredded first. It is very important to this hospital that we take every opportunity to keep patient information private. All department heads will take responsibility for making sure that this is being done correctly, and if these rules are violated by anyone then a report of who, when, why, and how they violated the privacy rule will be turned into the department head and a meeting will be held with the one responsible for violating these rules of privacy. Weekly for the first month there will be a meeting with the department...