Capella University
BHA FPX 4020: Health Care Administration Capstone Project
Dr.
November 5, 2024
Health Care Problem Analysis Proposal
Health Problem and Rationale
Healthcare data breaches reveal a troubling trend in the industry. The incidents have an impact on patients, organizations, and professionals at alarming rates despite efforts to adopt and upgrade data security solutions. The demand for data-driven clinical practices requires hospitals to keep pace with the influx of sophisticated threats. The healthcare sector reported 337 data breaches in the first half of 2022 (McKneon, 2022). Similarly, there were over 19 million records implicated in healthcare data breaches within the first six months of 2022. The average cost of a breach is about $10.1 million, which reveals the extent of the problem and its implications on the future of health care (McKneon, 2022). The problem highlights the need for robust administrative, physical, and technical programs to identify and intercept risks.
Current and former employees may also trigger increased breaches due to unauthorized access to databases and sharing of sensitive information with third parties. The targeted files contain details of patients’ ID, emails, appointment information, social security number, health insurance, billing information, and addresses (McKneon, 2022). Failure to respond to incidents has serious implications on reputation, financial stability, and patient satisfaction. Enhancing security and monitoring capabilities is a strategic priority appropriate for organizations commitment to maintaining a superior competitive advantage.
Assessing and Measuring Issue for Quality Improvement
The measures of health data breaches include frequency of occurrence, the common types in terms of percentages, and cost to patients and the organization. The metrics guide organizations to complete a risk assessment to understand the type of data affected, the number of people affected, and the harm caused by the breach (Argaw et al., 2020). Assessment include discovering processes necessary to prevent an incident from happening in the future. The team in charge also considers risk to a firm’s reputation and financial losses. A high-risk incident provides insights into the adverse impacts of data breaches based on the magnitude of losses and business disruptions.
Authoritative Sources Applying to the Issue
Abouelmehdi et al. (2018) highlighted the need for organizations to assess and measure data breaches in terms of the number of incidents and the percentage of the most common breaches. According to the authors, data-driven clinical practices improve patient care flow and reduce costs. However, organizations become vulnerable to ransomware and other attacks. Unauthorized access and disclosure is the most common type of breach with 40% of the reported incidents. Al-Muhtadi et al. (2019) assessed breaches based on the number of personal devices used in the clinical environment and the frequency of incidents. The authors also remind organizations to focus on type of information such as medical records, diagnosis, and medical history that are more vulnerable to unauthorized access and disclosure. In this case, the care team should acquire knowledge and skills to enable them identify corporate impersonations, click bait attacks, customer scam, phishing, and malware associated with increased use of social devices and networks.
Argaw et al. (2020) reminded healthcare facilities to address breaches based on the most targeted data types. The authors indicated that attackers target personal health information, diagnosis, insurance details, and billing. Organizations should also assess risks based on the detrimental effects on reputation and revenues. Similar findings by McKeon (2022) indicate the need for hospitals to reputational and financial losses caused by data breaches. The author suggested that companies risk losing millions of dollars from data breaches. Robust measures are necessary to prevent cyberattacks targeting phone numbers, addresses, emails, driver’s license numbers, health insurance information, Social Security numbers, and other crucial information. Seh et al. (2020) added to the discussion on assessing and measuring breaches by focusing on the frequency of data breaches, the magnitude, and financial losses. Accurate and complete assessment provides insights into evidence-based interventions for intercepting risks and reducing the costs associated with data theft, ransomware, and other lawsuits. Almulihi et al. (2022) acknowledged the need for risk assessment and measurement based on the type of incident and magnitude in terms of costs and the affected population. In this case, the authors identified hacking and unauthorized internal disclosures as the most common incidents.
Industry Measure of Performance
A good benchmark is the percentage frequency of health data breaches in an organization. Data breaches are a concern for various stakeholders, including patients, security experts, healthcare professionals, families, and businesses. A high frequency of attacks and other incidents raises questions about a firm’s preparedness and response to breaches. High rates of health data breaches also reveal risks of unauthorized internal disclosure, weaker networks, and pilferage of sensitive patient data. Thus, healthcare providers should strive to reduce the frequency of incidents to avoid reputational and financial losses.
Preliminary Action Plan Steps
- Conduct library search for a comprehensive literature review on health data breaches, extent of the problem, and feasible measures for reducing risks of data theft, ransomware, and manipulation.
- Formulate problem statement
- Identify risk factors associated with health data breaches
- Establish units of measure
- Collect data and perform analysis using graphical representation of the situation.
- Identify evidence-based solutions for health data breaches.
- Staff training and education is among the viable interventions that makes everyone aware of cybersecurity measures and policies used in the organization (Abouelmehdi et al., 2018). The option also equips employees with knowledge of HIPAA’s data security, privacy, and confidentiality and their roles in securing patient and organizational data. Increased awareness helps prevent unintentional and intentional breaches due to knowledge of the consequences of a data breach on the workforce, organization, and patients. A second recommendation is updating devices and network regularly (Argaw et al., 2020). Hackers constantly check for new ways to exploit the systems and access sensitive data, hence the need for regular software updates to eliminate bugs and lower the risk of cyberattacks.
Applying Leadership Competencies
| ACHE Domain | ACHE Competency Selected | How This Competency Relates to the Capstone Health Care Problem Analysis Proposal |
| Communication and Relationship Management | Communication Skills | I chose communication skills because the capstone project will require me to prepare and deliver business communications on health data breaches, organizational vulnerability, and consequences. In this case, I will develop meeting agendas, presentations, business reports and communications plans to engage different stakeholders on the facility’s preparedness. |
| Leadership | Managing change | I chose managing change since this project would require me to promote continuous organizational learning and improvement on evidence-based solutions for health data breaches. |
| Professionalism | Personal and Professional Accountability | I chose personal and professional accountability since this project calls for increased awareness about the consequences of unethical actions such as unauthorized access and disclosure of sensitive patient and organizational information. |
| Knowledge of the Healthcare Environment | Healthcare Systems and Organizations | I chose healthcare systems and organizations since this capstone project involves evidence-based management practice focused on preventing the frequency and magnitude of health data breaches. |
| Business Skills and Knowledge | Organizational Dynamics and Governance | I chose organizational dynamics and governance since this capstone projects requires me to document and implement policies and procedures on effective monitoring and response to health data breaches. |
References
Abouelmehdi, K., Beni‑Hessane, A., & Khaloufi, H. (2018). Big healthcare data: Preserving security and privacy. Journal of Big Data, 5(1), 1-16. https://journalofbigdata.springeropen.com/articles/10.1186/s40537-017-0110-7
Almulihi, A., Alassery, F., Khan, A., Shukla, S., Gupta, B., & Kumar, R. (2022). Analyzing the implications of healthcare data breaches through computational technique. Intelligent Automation and Soft Computing 32(3), 1763-1779. https://www.researchgate.net/publication/357496148_Analyzing_the_Implications_of_Healthcare_Data_Breaches_through_Computational_Technique
Al-Muhtadi, J., Shahzad, B., Saleem, K., Jameel, W., & Orgun, M. (2019). Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment. Health Informatics Journal, 25(2), 315-329. https://journals.sagepub.com/doi/pdf/10.1177/1460458217706184
Argaw, S., Troncoso-Pastoriza, J., Lacey, D., Florin, M., Anderson, D., Burleson, W., Vogel, J., O’Leary, C., Flahault, A. (2020). Cybersecurity of Hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(146), 1-9. https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-020-01161-7
McKeon, J. (2022). Biggest healthcare data breaches reported this year, so far. TechTarget, Inc. https://healthitsecurity.com/features/biggest-healthcare-data-breaches-reported-this-year-so-far
Seh, A.H., Zarour, M., Alenezi, M., Sarkar, A.K., Agrawal, A., Kumar, R., & Khan, R. A. (2020). Healthcare data breaches: Insights and implications. Healthcare, 8(2), 1-16. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7349636/pdf/healthcare-08-00133.pdf