The use of computerized system in health care has rapidly increase within the last few years. Most health care organizations now electronically transmit, store, share and maintain patient information (Wager, Lee, & Glaser, 2009). As the use of electronic medical record increases, there are equal concerns for protecting the privacy and security of patient medical and personal information (Tan & Payton, 2010). Thus health care organizations or any organization that use an electronic system to transmit or communicate sensitive information electronic must have stringent processes to protect and prevent breaches (Collmann & Cooper, 2007).
There are many organizations that set guidelines on how to protect personal information. One of the strongest factor for information system enhancement in health care is the health insurance portability and accountability act (HIPAA) of 1996 (Tan & Payton, 2010). HIPAA was introduced to assure and protect the privacy of medical information (Wager, Lee, & Glaser, 2009). HIPAA law set rules on how health care organizations should develop systems not only protect the information system infrastructure and patient-specific information from potential threats (Wager, Lee, & Glaser, 2009).
Many organizations do not take the necessary steps to prepare or protect against security breach. Kaiser Permanente (KP) complex information system had many discontinuity that led to security breach of their pharmacy online application (Collmann & Cooper, 2007). As a member of the crisis team, I would recommend that KP establish and enforce clear policies and procedures that is routinely tested to ensure that IT personnel follow and understand how to properly configure, prioritize work, and test security devices such as firewalls and authentication systems (Wager, Lee, & Glaser, 2009). For example, without clear guidelines and processes to follow both employees made an error in decision that resulted in the...