Case Scenario 1 (Security Breach):
The administration at St. John's Hospital takes pride in its sound policies and procedures for the protection of confidential client information. In fact, it serves as a model for other institutions in the area, however, printouts discarded in the restricted-access IS department are not shredded. On numerous occasions, personnel working late have observed the cleaning staff reading discarded printouts. What actions, if any, should these personnel take toward the actions of the cleaning staff? What actions, if any, should be taken by IS administration?
Develop a process for maintaining patient privacy and security.
Include a detailed management plan in the case of a security breach (Case Scenario 1). In your plan, address the following questions:
• How can you respond to these situations?
• What training can you provide to your staff?
• How can you implement your management plan?
Include a code of conduct with your plan.
Write a 1,750- to 2,100-word description of your facility's patient data privacy and security plan.
Use a minimum of four references that directly support your analysis.
In a situation of this nature the personnel who have observed the cleaning staff reading discarded printouts should report this activity to their immediate supervisors, so that these individuals can effectively handle the situation. The best action for the supervisors or management in this situation will be to inform all cleaning staff that printouts of any nature within the organization off limits, and are not to be read by claiming staff at any time, and that a violation of this rule will result in the termination of the guilty parties. IS administration should make it mandatory that all discarded printouts are shredded, and that's personnel who do not comply with this mandate will be reprimanded, which can include termination for the most serious circumstances.
One of the first steps in the process for maintaining patient privacy and security, is to assure that the IS department is secured. This means that this department should be locked in a manner which access is not allowed to unauthorized individuals at any time. Only authorized individuals should be provided with keys to the IS department, which will greatly reduce the probability of unauthorized individuals being able to gain access to the sensitive information that is contained within this unit. In addition to this, it must be made mandatory that all discarded printouts are immediately shredded by IS departmental staff, and that these shredded documents are placed into locked trash cans. This will be an additional precaution for maintaining patient privacy and security, largely due to the fact that place and these shreds into locked trash containers will provide an extra measure of security that would prevent individuals from gaining access to the shredded material. This is due to the fact that although this information is shredded, it can still be pieced together and read by very determined individuals. In addition to placing this material into locked trash containers within the IS department, one individual would be designated to empty this trash container into a locked dumpster on the company premises, at 4 PM each day. This measure would prevent claiming staff from having any access to shredded materials within this department, in a designated individual from the highest apartment will unlock this dumpster when trash trucks arrived to remove the waste materials from this dumpster. In essence, this will be a specialized dumpster for secure materials within this organization, which will also exponentially reduce the probability of unscrupulous individuals in unauthorized individuals being able to gain access to confidential patient information. Another measure that will be included in the process for maintaining patient privacy and security, is for a member of the 24-hour security staff within this organization to ...