Breaching the Security of an Internet Patient Portal
IntroductionSynopsis: Due to a programming error, 19 members of Kaiser Permanente received email messages containing private health care information about multiple other members. A root cause analysis showed that organizational issues played a significant role in this security breach. (Pages 623 through 624, Wager, Lee, and Glaser text)
This case study will stress the importance of having a plan in place to address a breach of privacy or security when it comes to a client’s private health information.
Applicable laws and regulations need to be carefully considered and adhered to when implementing and utilizing information technology and systems to safeguard protected data from falling into the hands of unauthorized third parties.
Students will critique Kaiser Permanente’s the actions taken by their leadership team to address the email security breach, and then recommend corrective actions to prevent such an episode from reoccurring in the future.
DirectionsThe students are expected to carefully read the assigned case study, then thoroughly and explicitly address each component of the corresponding case study questions, which are located on located on pages 624 and 625 of the Wager, Lee, and Glaser text.
The responses should reflect higher level cognitive processing (analysis, synthesis, and evaluation), which is essential for someone being prepared to serve in an operational capacity within the healthcare and related industry.
There is no minimum number of references that need to be utilized to support the completion of this assignment; however, it is generally understood that any good case analysis will incorporate the appropriate quality and quantity of outside sources to support any suppositions and recommendations.
The submission will not exceed four (4) pages in length, excluding the title and references page.
The document must adhere to the APA writing style
Below is the case:
CASE 14: BREACHING THE SECURITY OF AN INTERNET PATIENT PORTAL Major theme: IT security
Background Information Kaiser Permanente is an integrated health delivery system that serves over eight million members in nine states and the District of Columbia. In the late 1990s, Kaiser Permanente introduced an Internet patient portal, Kaiser Permanente Online (also known as KP Online). Members can use KP Online to request appointments, request prescription refills, obtain health care service information, seek clinical advice, and participate in patient forums.
Information Systems ChallengeIn August 2000, there was a serious breach in the security of the KP Online pharmacy refill application. Programmers wrote a flawed script that actually concatenated over eight hundred individual e-mail messages containing individually identifiable patient information, instead of separating them as intended. As a result, nineteen members received e-mail messages with private information about multiple other members. Kaiser became aware of the problem when two members notified the organization that they had received the concatenated e-mail messages. Kaiser leadership considered this incident a significant breach of confidentiality and security. The organization immediately took steps to investigate and to offer apologies to those affected.
On the same day the first member notified Kaiser about receiving the problem e-mail, a crisis team was formed. The crisis team began a root cause analysis and a mitigation assessment process. Three days later Kaiser began notifying its members and issued a press release.
The investigation of the cause of the breach uncovered issues at the technical, individual, group, and organizational levels. At the technical level, Kaiser was using new web-based tools, applications, and processes. The pharmacy module had been evaluated in a test environment that was not equivalent to the production environment. At the individual level, two programmers, one from the e-mail group and one from the development group, working together for the first time in a new environment and working under intense pressure to quickly fix a serious problem, failed to adequately test code they produced as a patch for th