Healthcare Information Security
The legal aspect of information security in healthcare is a problem of public concern for personal data and its confidentiality in the World Wide Web. Electronic healthcare provides patient-centered medical care as opposed to facility-centered, therefore allowing patients to access multiple locations to receive treatment. While this solution contributes to lowering costs and increasing quality of patient-doctor relationships, these benefits can be overshadowed by various breaches in information security that endanger the safety of patients’ personal privacy.
Legal Ramifications of Security Breach
Electronic healthcare is a hot topic of discussion in many countries because of the recently increasing breaches in information security that expose various types of personal data and violate individual privacy. Public concerns about patients’ confidentiality have led to an alarming situation, when it is absolutely necessary to provide people with laws intended for protection of health information and its confidentiality (Armitage et al, 2008).
It has become a common knowledge among healthcare providers that supporting the global initiative towards development of the legal aspect of personal data protection is an essential goal. In the past two years the numbers have been increasing, with nearly 90% of medical organizations suffering a data breach. Moreover, these incidents do not come cheap, with an average cost of $2.2 million per occurrence (Higgins, 2016) and an average cost for a stolen record varying from $158 to $355 (Monegain, 2016).
An essential human right of privacy, which has been acknowledged throughout the centuries, civilizations and religions, is a public interest and an essential part of electronic healthcare solution. Nevertheless, the right to privacy is endangered by the threats posed on the Internet because of the fundamental part that the World Wide Web plays in establishing the connection between healthcare providers. Providing the protection for this basic human right is a matter of uttermost urgency and it needs to be addressed in order for e-Health solution to remain relevant.
The US Congress passed the Health Insurance Portability and Accountability Act (HIPAA) in 1996, which allowed lowering the costs of treatment, while increasing its quality and accessibility. HIPAA was the first modern e-Health data protection legislation that has been put into use and supported by enforcement measures and sanctions. However, there is a certain degree of difficulty in understanding and interpreting the law, which has been deemed to be the hardest aspect of implementing its measures.
In spite of a widespread concern over ransomware attacks and different insider mistakes that can lead to exposing the private data of patients, healthcare budgets for security have been only dropping (Higgins, 2016). Therefore, trying to implement the HIPAA measures is deemed impossible by most, leading only to the declining tendencies in electronic healthcare capability to protect the individual privacy. Moreover, these worrying occurrences tend to drive away the patients and make a bad reputation for the e-Health solution in general.
Despite of the legal ramifications and the money loss, which are inevitable in case of an information security breach …