Building a Better MIS-Trap
The law violated by the employees at the health services organization
Healthcare organization deals with a lot of information concerning its clients marital status, financial, physical, and even psychological (mental) status. Employees of health services organizations from support staff to the management should treat the clients information with privacy. It is an ethical obligation and legal responsibility to treat any kind of information in the organization with care. The law being violated when the employees posted the names of those who attended the clinic for HIV screening and counseling on media is a breach of privacy. The information that was supposed to be confidential and kept safely was rendered public thereby interfering with their dignity, respect and privacy.
Enacting the law
Read also: “Academic Book Review: How to Complete It”
Violation of the law occurs when personal information is shared without permission and it attracts stringent penalties. The law is enacted so as to protect privacy and security of the patients. They have the right of their information to be handled with confidentiality; therefore, there must be available laws that govern these acts and should be enforced appropriately. The breach of privacy is a serious matter, especially to the health service organizations because it makes patients lose trust and they may not participate on research activities like screening and data collection. It damages an organizations reputation and leads to the eventual loss of clients. Also, the patients lose their privacy, their dignity is interfered and respect in society is lost. Therefore, the law is enacted to prevent potential harm to the organizations and patients. Also, the law is enacted so as to inform employees of the consequences of breaching the privacy of clients. The law also promotes equal enforcement on the violators thus inconsistencies that may occur in terms of rank or level of employee is minimized.
Penalties for violating the law
Every organization has its own way of enforcing the law internally and therefore it has its own ways of dealing with those employees who violate the law. Healthcare organizations are at risk and may be sued under the law. For this reason an organization may have sanctions like suspension of the employees, termination and even charging them in court. Therefore, compliance is expected from all employees regardless of the level or role played in the organization. Failure to comply attracts heavy penalties.
Violation of the law of privacy attracts heavy penalties as per legislation. There are civil penalties for civil cases that cause harm to individuals and criminal penalties to criminal cases that harm the state. The failure to comply with the law attracts penalties ranging from $100 per violation to $25,000 per year on civil cases, as stated in the 1996 Act of Health Insurance Portability and Accountability. The criminal penalties include 10 years imprisonment and a fine of $250,000. Sometimes the violator may be asked to pay an individual, whose privacy is interfered, a certain amount for the harm caused like loss of dignity, respect, and any other loss experienced as a result of breach of privacy and security law.
Sharing confidential medical information about a celebrity
An employee of health service organization may access medical information of celebrities like actors and actresses, artists, comedians and others for personal benefit and it may be a breach of privacy. It may cause serious harm to the celebrities and therefore, it attracts heavy penalties. For violation of HIPAA, the civil penalty will be $100 per violation and its maximum is $25,000. For criminal case, an employee who discloses information will be fined $100,000 and one year imprisonment. Employee may use information personally to lower dignity of the person or information may be sold or leaked for publication in newspapers and internet thereby causing loss of respect to the celebrities. The internal consequences may be being fired or suspended from the organization and if criminal or civil charged may attract fine and imprisonment.
Updating the resume for job searching will not solve the problem. It is because challenges are everywhere and they are supposed to be faced so that the career is fully developed. The only thing to be done is to identify the problem, to plan how to solve it, to implement the appropriate policies and procedures, to monitor them and to maintain and improve the standards of information security. It can be done by appointing appropriate team for planning and implementing the policies and procedures in the organization.
New Policies and procedures to be implemented to better manage information security
Every healthcare organization has different access controls, policies to enforce the law, and employee sanctions given in the organization guidelines. They should appoint a specific team to access the information and control the devices used. After identifying the problem like access of information by everybody due to available passwords, lack of safety, where health records are kept, lack of programming and general information security mechanism, appropriate actions are to be taken. The policy and procedures that can be implemented to better manage information security may include setting rules and regulations to govern behavior of all employees to maintain high standards of information security. The organization may authorize security personnel to frequently monitor the information security and they should ensure that passwords, programs and other controls are secure. The organization should put in place sanctions and penalties that violators may face if they breach the law. Compliance of the law should be emphasized from time to time and employees made aware of the effects of breaching the law. Locking of rooms and offices, media control, and controlled office access will reduce physical access to the records. In doing it, the organization will have a better information security management system, which will benefit its operation.