Increasingly there are security breaches in U.S. Healthcare organizations that result in billions of dollars of damage to the healthcare system and a high personal cost to individuals whose identifiable and private information is unprotected. The Privacy Act of 1974, Health Insurance Portability and Accountability Act (HIPAA), and Health Information Technology for Economic and Clinical Health Act (HITECH) are three prominent Acts by the federal government that regulate and protect the confidentiality of personal information in the Healthcare system against breaches. This is a case study examining three organizations in the Healthcare Sector using document analysis to ascertain the problems that resulted in information breaches and the consequences of such breaches. It indicates the failures that occur with the inadequate compliance to the above federal Acts and provides recommendations to control future breaches from occurring. The organizations examined are: The Veterans Administration which lacked basic security controls, the Utah Department of Technology Service that failed to control their personally identifiable information, and private healthcare organizations which revealed shortcomings in HIPAA compliance after data breach disclosures or random audits. Each case results from a lack of proper protection on systems and equipment containing sensitive data. The study recommendations include the need for organizations to lead by example as well as the establishment of tighter regulations and enforcement measures relating to civil fines, and audits to review organizational compliance with federal laws.
[1]
N. Doherty,et al.
Aligning the information security policy with the strategic information systems plan
,
2006,
Comput. Secur..
[2]
M. Eric Johnson,et al.
Embedding Information Security into the Organization
,
2007,
IEEE Security & Privacy.
[3]
Christopher J. Novak,et al.
2009 Data Breach Investigations Report
,
2009
.
[4]
Constantine Gikas,et al.
A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards
,
2010,
Inf. Secur. J. A Glob. Perspect..
[5]
James W. Brady.
Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers
,
2011,
2011 44th Hawaii International Conference on System Sciences.
[6]
US and European Perspectives
,
2012
.
[7]
Juhee Kwon,et al.
Security Practices and Regulatory Compliance in the Healthcare Industry
,
2012,
AMCIS.
[8]
田中 俊典.
National Center for Biotechnology Information (NCBI)
,
2012
.
[9]
Sue E Bowman.
Impact of electronic health record systems on information integrity: quality and safety implications.
,
2013,
Perspectives in health information management.
[10]
Privacy in Cyberspace: U.S. and European Perspectives
,
2015
.