Today’s focus on health information security is built on a long history of concern with the privacy of information obtained during a caregiver-patient encounter. Naughton, Callanan, Guerandel, and Malone (2012) stated that while privacy and confidentiality are the goals, they are not the main issues when dealing with health information technology in electronic health records (EHRs). The primary issue is information security. Moreover, Hayhurst (2014) stated that privacy is assured through adequate security measures and health care providers can earn a patient’s trust by guaranteeing the privacy of the patient’s health information. Patients entrust their most intimate information to health care providers and they do not …show more content…
In this writer’s organization, it is mandatory for each employee to do an annual review of the hospital’s policy and sign the confidentiality and data security agreement stating ones understanding of the policy. BHMC (2016) policy basically states that the protection of confidential business information and trade secrets is vital to the interest and success of the organization. Confidential information should not be conveyed to individuals outside the organization, including family or associates, or even other facility employees who do not need the information in performing their job duties. Employees should not seek out sensitive information. Additionally, computer systems should be used in a manner that protects the confidentiality, integrity, and availability of electronic data. Individuals are responsible for all computer activity that occurs under their login and should not share with others. Individuals should log out or secure their workstation whenever they leave it so others cannot use their login (BHMC, 2016). As observed, not all employees are compliant with logging out or securing the workstation before leaving. This is a major weakness for the organization since this type of behavior can result in breaches to data security and may compromise patient confidentiality or impact business …show more content…
Thus, business associates will also be directly subject to the administrative, physical, and technical safeguard requirements of HIPAA Security Rule and Meaningful Use. The goal is to improve overall security for the protection of health care information and the privacy of the patient. Therefore, business associates must use appropriate safeguards, such as encryptions, to prevent the use or disclosure of patients’ information (McMillan, 2011).
Liu et al. (2012) stated that one of the first lines of defense for protecting against unauthorized access is a firewall. A firewall, the authors stated, operates in one of two ways. Either it examines all messages entering and leaving a system and blocks those that do not meet specific criteria or it allows or denies messages based on whether the destination port is acceptable. Firewalls require constant maintenance and a security audits can help to identify potential system security vulnerabilities (Liu et al.,