Security and Privacy
A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteedOrder Now
Protecting patient’s privacy is of the most important when it comes to the health care field. There are many individuals who want to steal information which is not theirs, but allows them to this information to get what they want and this is, called identity theft. This paper will take a look at the incident at St. John’s Hospital and what should be done with patient information and what not to do with unwanted files. This paper will also take a look at the management plan and code of conduct. Security Breach
It has been brought to the attention of the administrative office that there has been a security breach of policies and procedures concerning the protection of confidential client information. On numerous occasions, personnel who are working late have observed the cleaning staff reading discarded printouts. This is a violation of the HIPAA Laws, which are put in place to protect patients. This has taken place in a restricted-access IS department, and a problem like this should never have happened. All patient information printouts that are to be discarded should be shredded before being disposed of. When a document is thrown into the trash like these printouts were then they are open to the public and therefore a breach of information. This is the same as discussing patient information in waiting areas, hallways, or elevators. There are other people around who can listen to the conversation and therefore the patient’s information has been breached (Hicks, Joy, 2014). What action should be taken toward cleaning personnel?
The cleaning staff was scene reading documents that were thrown in the trash while performing their cleaning duties. Technically the cleaning staff was not violating any laws because the printouts were tossed into the trash which makes them public information. With that being said the cleaning staff should be reminded that their job is to clean the offices and not to sit around reading items from the trash. What action should be taken by IS Administration?
The IS administration office needs to set up a meeting to discuss the incident that has happened it their department. The employees need to be reminded of their obligations to keep patient information secure and private. They should also be reminded that what they have done is a breach of the HIPAA laws and a breach of the patient’s confidential records. Each one of the people need to take a refresher course on the HIPAA laws and also remind them that this not happen again and if it does then there will be consequences to follow.
Detailed Management Plan
Over the years the administration at St. Johns Hospital has taken pride in keeping patient’s health information secure and private. This hospital will continue to do just that from here on out. There will be no more discarded printouts of any kind just thrown into the trash for anyone to read. The goal of this hospital will be to protect the patient’s information of those who have put their trust in us. This plan will take effect immediately and each employee will read and follow the plan, or management will be forced to take action on a disciplinary basis. What this organization is trying to accomplish is to keep our patient information private and secure. Every new employee hired at St. Johns Hospital will take training on the HIPAA laws along with their regular training for their position. All other existing employees will have training on the HIPAA laws every six months.
This will help to keep the privacy laws fresh in their memory of how to keep patient records secure and private. This training will consist of completing computer based HIPAA training modules, and reading Patient Privacy: A Guide for Providers, HIPAA and You: Building a Culture of Compliance, and Examining Compliance with the HIPAA Privacy Rule. A test will follow to make sure that what each employee read, they understood what is expected from them with HIPAA compliance and the security of patient information (U.S. Department of Health and Human Services, 2014).
All computer printouts or other papers that may contain patient information will not be thrown into the trash unless they have been shredded first. It is very important to this hospital that we take every opportunity to keep patient information private. All department heads will take responsibility for making sure that this is being done correctly, and if these rules are violated by anyone then a report of who, when, why, and how they violated the privacy rule will be turned into the department head and a meeting will be held with the one responsible for violating these rules of privacy.
Each week of the first month there will be a meeting with the department heads to discuss how things are going concerning the privacy of others. This is to make sure that everyone is following the rules as they should. After the first month if everything is going well then the meetings will become bi-weekly and then monthly. If everything continues to run smoothly then these meeting will happen every six months on a regular basis. The employees will be given the freedom to do their jobs and to do them well. At the same time they will also be keeping private information private and secure. Each and every office will have a shredding machine so that sensitive materials that is not needed can be shredded and disposed of correctly. This plan is important so that there will not be any more disposing of private information incorrectly (Community Tool Box, 2013).
A meeting will be held to let employees know about the change in the management plan. The reason why the change is needed and when it will take effect. The date of the meeting will be posted at least one week in advance so there will no excuse as to why employees cannot be there. This will be a mandatory meeting and everyone is expected to be present. At this meeting the employees will be given the chance to ask questions if they have any. Code of Conduct
The St. Johns Hospital is dedicated to providing the best possible care to our patients along with keeping their information private and secure. St. Johns Hospital also plays a huge role in researching illness and providing education. To help to support and maintain the culture of integrity this hospital has written this code of conduct (Code of Ethical Conduct, 2011). This code of conduct applies to Board members, executives, and employees of St. Johns Hospital including medical/professional staff, contract staff, volunteers, students, researchers, foundation and auxiliary staff, cleaning staff and all other staff members of this hospital. This code of conduct has been created in order to keep a positive work environment for all employees, and members (Code of Ethical Conduct, 2011).
All those who are working for this organization will be expected to conduct themselves in a professional manner and comply with these codes at all times. It is important that all unethical conduct, such as safety violation, illegal actions, or sexual misconduct. The values of this hospital must be up held. These values include being able to pursue excellence in the continuous improvements in quality and service. It is important to prioritize safety, quality, security, and to keep patient information private at all times. To consider the patient’s experience in everything that is done and to make their experience a happy and healthy one. To establish internal and external partnerships and to co-ordinate patient services. Also to value and respect the differences of all patients and their families and not to discriminate against anyone.
Finally to promote and develop the growth of leadership and to continue to be a good example to all around us (Code of Ethical Conduct, 2011). It is important to respect the rights and responsibility of all individuals and to treat every person fairly and equally. This hospital will remain free of discrimination and harassment and to report anyone who has violated any part of the Code of Conduct. Patients and their families have the right to be treated with dignity and respect by everyone in this hospital. If a patient feels that they have been treated unfairly, then they have the right to make a complaint on that individual who has treated them unfairly (Code of Ethical Conduct). For those who are responsible for doing janitorial duties, laundry, cleaning staff, or sanitation, it is your duty to do your jobs while respecting the rights of others. While working in this hospital you are also bound by the HIPAA laws and you will respect the rights of those patients being treated here.
If your job is to clean the offices then that is what should be taking place without feeling the need to rummage through the garbage. If for any reason a janitorial, laundry, cleaning, or sanitation person is seen reading or coping down patient information then their job will be terminated. Identity theft is a crime and will be treated as such. Inappropriate behavior will not be tolerated in this hospital. Examples of inappropriate behavior are comments that are insulting, hurtful, disrespectful, or rude to another person. Threatening, or abusive language which is directed at another person. Degrading, or demanding comments, profanity or similar offensive language, physical behavior which is directed to another person that is threatening, intimidating, or unwelcome. Discussing workplace conduct, concerns, and conflicts in front of others.
Behavior that is passive in expression, but aggressive or malicious in intent and may include non-verbal behavior or body language (Code of Ethical Conduct, 2011). If anyone working at the St. John’s Hospital is to witness or is the victim then the matter should be reported to the head management of your department. There should be no reason for an employee to feel that this should not be done. The reporting will be held in complete privacy of an office and will be sent to the head of the hospital for further investigation. Conclusion
In any business, especially health care there is a need to keep certain things confidential. In health care it is important to keep the patient’s health information private and secure. When someone breaks a rule in a job setting then that means that they have to be held accountable for what they have done. Even though it could mean the loss of their job, or being written up on report. We all have a responsibility to act in a professional and responsible manner especially when it comes to our workplace and our livelihood.
Code of Ethical Conduct (2011) Mount Sinai Hospital, Joseph and Wolf Lebovic Health Complex, Retrieved on 1/8/14 from www.mountsinai.on.ca/for-physicians/code-of-conduct2011.pdf Community Tool Box (2013) Developing a Management Plan, Retrieved on 1/8/14 from ctb.ku.edu/en/table-of-content/leadership/effective-manager/management-plan/main Hicks, Joy (2014) About.com Medical Office, Avoid Violation of HIPAA Laws, Retrieved on 1/9/14 from medicaloffice.about.com/od/compliance/a/5-Ways-To-Break-Hipaa-Compliance.htm U. S. Department of Health and Human Services (2014) Health Information