CASE 14: BREACHING THE SECURITY OF AN INTERNET PATIENT PORTAL
Major theme: IT security Background Information Kaiser Permanente
is an integrated health delivery system that serves over eight
million members in nine states and the District of Columbia. 1 In
the late 1990s, Kaiser Permanente introduced an Internet patient
portal, Kaiser Permanente Online (also known as KP Online). Members
can use KP Online to request appointments, request prescription
refills, obtain health care service information, seek clinical
advice, and participate in patient forums. Information Systems
Challenge In August 2000, there was a serious breach in the
security of the KP Online pharmacy refill application. Programmers
wrote a flawed script that actually concatenated over eight hundred
individual e-mail messages containing individually identifiable
patient information, instead of separating them as intended. As a
result, nineteen members received e-mail messages with private
information about multiple other members. Kaiser became aware of
the problem when two members notified the organization that they
had received the concatenated e-mail messages. Kaiser leadership
considered this incident a significant breachof confidentiality and
security. The organization immediately took steps to investigate
and to offer apologies to those affected. On the same day the first
member notified Kaiser about receiving the problem e-mail, a crisis
team was formed. The crisis team began a root cause analysis and a
mitigation assessment process. Three days later Kaiser began
notifying its members and issued a press release. The investigation
of the cause of the breach uncovered issues at the technical,
individual, group, and organizational levels. At the technical
level, Kaiser was using new web-based tools, applications, and
processes. The pharmacy module had been evaluated in a test
environment that was not equivalent to the production environment.
At the individual level, two programmers, one from the e-mail group
and one from the development group, working together for the first
time in a new environment and working under intense pressure to
quickly fix a serious problem, failed to adequately test code they
produced as a patch for the pharmacy application. Three groups
within Kaiser had responsibilities for KP Online: operations,
e-mail, and development. Traditionally these groups worked
independently and had distinct missions and organizational
cultures. The breach revealed the differences in the way groups
approached priorities. For example, the development group often let
meeting deadlines dictate priorities. At the organizational level,
Kaiser IT had a very complex organizational structure, leading to
what Collmann and Cooper (2007, p. 239) call “compartmentalized
sensemaking.” Each IT group “developed highly localized definitions
of a situation, which created the possibility for failure when
integrated in a common infrastructure.” Discussion Questions 1. How
serious was this e-mail security breach? Why did the Kaiser
Permanente leadership react so quickly to mitigate the possible
damage done by the breach? 2. Assume that you were appointed as the
administrative member of the crisis team created the day the breach
was uncovered. After the initial apologies, what recommendations
would you make for investigating the root cause(s) of the breach?
Outline your suggested investigative steps. 3. How likely do you
think future security breaches would be if Kaiser Permanente did
not take steps to resolve underlying group and organizational
issues? Why? 4. What role should the administrative leadership of
Kaiser Permanente take in ensuring that KP Online is secure? Apart
from security and HIPAA training for all personnel, what steps can
be taken at the organizational level to improve the security of KP
Online?
Answer:-
1. participate in normal hazard examination that incorporate readiation as required.
2. Contract a devoted boss data security officer.
3. Scramble private social insurance information.
4.guarantee against infection programming is continiously refreshed.
5.Train all employees that have access to confidential information on how to handel it at the level of their day to day workforce.
6. Enact and enforce policies regarding security of information and if there are mistakes or error , make sure they are communicated so everyone can learn from them.
Please do rate answer.....
CASE 14: BREACHING THE SECURITY OF AN INTERNET PATIENT PORTAL Major theme: IT security Background Information...
CASE 17: WATSON’S AMBULATORY EHR TRANSITION Major theme: System acquisition Primary care physicians play a key role in the U.S. health care delivery system. These providers integrate internal and external information with their clinical knowledge to determine the patient’s treatment options. An effective ambulatory electronic health record (EHR) is critical to supply physicians with the information they need to provide quality care and maximize their efficiency. This case involves the decision-making process to replace an inadequate EHR system in a...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
Below is the information: It is important to understand the different leadership styles employed by nursing leaders in healthcare organizations and to understand their significance on nursing practice and patient outcomes, for better or for worse. Objective: Read the articles from Nursing Standard (PDF) and Bradley University (PDF). In -250 words, formulate an opinion on the following: 1. Reflect on an occasion where you experienced ineffective leadership (doesn't have to be in the hospital). What behaviors did they display? What...
IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...
Read the articles provided (Riggio, 2008) and Javidan & Walker (2012). Perform a self-assessment of the global mindset competencies. What competencies do you feel are your strengths? Your areas for improvement? What next learning steps could you take to address your areas for improvement? LEADERSHIP DEVELOPMENT: THE CURRENT STATE AND FUTURE EXPECTATIONS Ronald E. Riggio Claremont McKenna College This article discusses the common themes in this special issue of Consulting Psychology Journal on "Leadership Development" and summarizes some of the...
How can we assess whether a project is a success or a failure? This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...
I have this case study to solve. i want to ask which type of case study in this like problem, evaluation or decision? if its decision then what are the criterias and all? Stardust Petroleum Sendirian Berhad: how to inculcate the pro-active safety culture? Farzana Quoquab, Nomahaza Mahadi, Taram Satiraksa Wan Abdullah and Jihad Mohammad Coming together is a beginning; keeping together is progress; working together is success. - Henry Ford The beginning Stardust was established in 2013 as a...
14. Select the number of participants in the Beck & Watson study Group of answer choices 8 13 22 35 15. Beck & Watson determined their final sample size via Group of answer choices coding saturation triangulation ethnography 16.Through their study, Beck & Watson determined Group of answer choices after a traumatic birth, subsequent births have no troubling effects after a traumatic birth, subsequent births brought fear, terror, anxiety, and dread Subsequent Childbirth After a Previous Traumatic Birth Beck, Cheryl...
1) analyze the following case 2) give a summary and suggest ways for the company —————— Salesforce.com, one of the most disruptive technology companies of the past few years, has single-handedly shaken up the software industry with its innovative business model and resounding success. Salesforce provides customer relationship management (CRM) and other application software solutions in the form of software as a service leased over the Internet, as opposed to software bought and installed on machines locally. The company was...
Using the book, write another paragraph or two: write 170 words: Q: Compare the assumptions of physician-centered and collaborative communication. How is the caregiver’s role different in each model? How is the patient’s role different? Answer: Physical-centered communication involves the specialists taking control of the conversation. They decide on the topics of discussion and when to end the process. The patient responds to the issues raised by the caregiver and acts accordingly. On the other hand, Collaborative communication involves a...