Baycare uses two information systems for its administrative work and patient data which are; the BEACON (Electronic Medical Record System) and a Patient Security Identity System (BCHS, 2010). The data of the patients are dealt with by the electronic medical record system which is involved in compiling and managing the medical records electronically and the Patient security identity system that deals with the identification of the patient through a palm scanning process (Berg, 2004). Baycare’s health executives who are actively involved in selecting and implementing the systems are responsible for the performance of the systems (Baycare, 2010). This paper shall focus on the threats to patient information and confidentiality for Baycare Health System.
Threats to patient information and confidentiality
Electronic health records are meant to improve their accessibility and allow them to be shared among authorized personnel while maintaining the confidentiality, integrity, and privacy of the patient (Becker, 2001; Berner, 2007). However, Baycare does not provide guidelines that ensure that those authorized to access the data do not misuse it. Privacy and confidentiality of patient information are necessary because of the magnitude of impact it would have socially, economically, or psychologically on the patients upon disclosure (Barrows & 1996). The patient data of Baycare faces threats of internal attacks from the health executives who are likely to compromise the privacy for personal or financial gains and sheer gossip. There is the likelihood of coercion on health executives by managed care organizations, employers, and insurance companies among others through bribery or other means to receive confidential information of the patients and act upon it (Barrows & Clayton, 1996). The data is also threatened by hackers, mechanical problems, and natural disasters (Hewett, Longo & Schubert, 2007).
The reliance of Baycare on two systems for patient data poses the challenge of reliability since it is likely to obtain information from the system through social engineering means such as bribery, extortion, and personal misrepresentation (Wanzer, 2005). The lack of a backup mechanism is likely to lead to data and system redundancy (Becker, 2001). The principle of confidentiality is likely to be breached due to the organizational structures of managed care and health organizations, the culture and perceptions of professionals in the modern systems of health care, and schemes of third-party reimbursements (Barrows & Clayton, 1996).
The laws surrounding the privacy of electronic health records are minimal due to the relativity of the matter threatening the security of patient information and confidentiality (JCAHO, 2006). Additionally, Baycare does not provide legal accountability standards as mandated by the Health Insurance Portability and Accountability Act (JCAHO, 2006) for those authorized to access the data by involving other independent people to guarantee the confidentiality of the data (Barrows & Clayton, 1996). Baycare does not have user identification systems to limit access implying that data can be retrieved by any of the organization’s staff. There is a need to limit access using Clinical Information Systems that limit access to user role, data type as well as showing records as to the people that reviewed the data (JCAHO, 2006). Additional threats include the use of an identity system that poses the threat of identity theft and the use of scanners which presents a security risk. In addition, the ad-hoc system of Baycare which is based on peer-to-peer networking with no access point in between provides very little security (Alam, Ahmed, Alam & Chowdhury, 2007).
Alam, S., Ahmed, S., Alam, B., & Chowdhury, A. (2007). Wi-Fi Security: The general challenge. Dhaka: Daffodil International University.
Barrows, R., & Clayton, P. (1996). Privacy, Confidentiality and Electronic Medical Records. Journal of American Medical Informatics Association, 2(3), 139-149.
Baycare. (2010). BayCare Clinic. Web.
BCHS. (2010). BayCare Health System. Web.
Becker, S. (2001). Developing quality complex database systems: practices, techniques and technologies. Southfield, MI: Idea Group Inc.
Berg, M. (2004). Health information management: integrating information technology in health care work. New York: Routledge.
Berner, E. (2007). Clinical decision support systems: theory and practice. New York: Routledge.
Hewett, J., Longo, D., & Schubert, S. (2007). Hospital Patient Safety: Characteristics of Best-Performing Hospitals. Journal of Healthcare Management, 52(3), 188-204.
JCAHO. (2006). X-Plain Patient Education and Documentations System. Web.
Wanzer, L. (2005). Implementing National Patient Safety Goal 3: Association of Operating Room Nurses. AORN Journal, 82(3), 471-473.