Security and Privacy
As an information systems manager, you need to consider an important aspect of your operation--patient information, privacy, and security. Review the following case scenarios and select one to use for your management plan for security and privacy.
Case Scenario 1 (Security Breach)
The administration at St. John's Hospital takes pride in its sound policies and procedures for the protection of confidential client information. In fact, it serves as a model for other institutions in the area; however, printouts discarded in the restricted-access IS department are not shredded. On numerous occasions, personnel working late have observed the cleaning staff reading discarded printouts. What actions, if any, should these personnel take toward the actions of the cleaning staff? What actions, if any, should be taken by IS administration?
Case Scenario 2 (Natural Disaster)
Living on the Gulf Coast is a benefit that many residents of this small Southern town enjoy; however, natural disasters are a concern. The town has just been struck by a hurricane and the entire basement of your operation is flooded by the storm surge. Patient files were destroyed or washed away with the receding water. What actions do you take when patients ask for their health records? What processes did you have in place to protect your records in anticipation of such an event?
Choose one of the scenarios above and develop a process for maintaining patient privacy and security.
Include a detailed management plan in the case of a security breach (Case Scenario 1) or a natural disaster (Case Scenario 2).
In your plan, address the following questions:
How can you respond to these situations?
What training can you provide to your staff?
How can you implement your management plan?