Free Essay on Information Security and Confidentiality in Healthcare

Passwords are secret phrases or words that are typed into a computer after an entry of user name or access code. It is an inexpensive mode of authentication that proves the identity of an individual before accessing automated records. Appropriate password selection involves choosing a long password that is 8-12 characters and combines symbols, punctuation marks, letters, and numbers. Use of house numbers and dictionary words should be avoided as these are evident passwords that can be easily guessed. Passwords should be an individual's secret hence should not be shared to minimize jeopardizing the system with information in it. It is recommended that one uses a different password when visiting various sites to increase security.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Inappropriate password selection and processing minimize the systems security. They are various ways in which passwords are compromised as a result of inappropriate selection. These include writing or posting passwords down, failure to log out after using computers, re-using a similar password for various systems and using the browser save feature, storing, automating passwords is also inappropriate. During selection, it is inappropriate to use telephone number license plates or words that can be spelled backward so as to minimize security breach.

Confidentiality is the ethical principle that no health care professional will disclose any patients information unless given consent by the patient. It is necessary for proper assessment and treatment of the patients. The forms of confidentiality are the following:

Computer Printouts

This was the primary source of disclosure of information in the past. Papers with personal health information must be destroyed. This can be done via shredding or using locked receptacles. Shredding on-site saves on cost and makes it easier to control. Nurses can also be given the responsibility to erase files containing patients information from the hard drive.

Faxes

Institutional policies dictate the type of information that is sent, the recipients allowed and the location that receives the transmission. The fax numbers should be confirmed before sending information to ensure fax security. Cover sheets are used to eliminate the necessity of reading the fax information in an attempt to determine the recipient. Encryption can also be done to ensure that confidential information is not accessed without the encryption key. Additionally, if information gets to the wrong number, a request is made to return documents via mail. This will limit any further disclosure.

Electronic Files.

Initially, all documents are in an electronic format thus confidential information no longer needed but still stored in computers, or hard drives should be disposed of in a proper manner. This can be done by destroying the storage media, overwriting files electronically to prevent any information from being retrieved.

E-Mail and Instant Messages

They are often used to disseminate information to many people faster. When used to send confidential information they should be encrypted. Unauthorized and dormant mail must be destroyed and for additional protection, firewalls are used. Email security software can be used to filter out spam to maintain security and confidentiality of information.

Internet technology has proven helpful by providing adequate security, but it also introduces new threats to health care information in various ways. Health information carried via Email, and instant messages can be intercepted unless the message is encrypted. Non-encrypted information can be accessed, and email password protection can also be cracked. Use of unapproved websites and messages can introduce malicious programs such as viruses, worms, spyware, rootkits, and bacteria. Web sites that have been used for individual health information can be accessed inappropriately.

The essential focus of HIPAA is to ensure that health care information is available and portable by administering the use of uniform electronic exchanges and other authoritative measures. The privacy rule incorporates medical privacy, security necessities, and health care transactions, and identifiers for providers, employees, and health plans. It is intended to offer protection for the confidentiality of patients health information. Organizations that access can obtain health information should implement specific consent procedures and safeguards. The patients can also access their information for validation purpose. According to the rule, health care providers should seek consent before dispersing any information for treatment or health care operations. For non-routine disclosure, a separate authorization can be obtained, but the patient still has the right to restrict it.

Reference

Edel, E. (2009). Handbook of Informatics for Nurses & Healthcare Professionals. AORN Journal, 90(1), 139-140. http://dx.doi.org/10.1016/j.aorn.2009.06.016