Capella University
BHAFPX 4020: Health Care Administration Capstone Project
Dr.
November 27, 2024
Health Care Professional Feedback
Health Problem and Rationale
Healthcare data breaches reveal a troubling trend in the industry. The incidents have an impact on patients, organizations, and professionals at alarming rates despite efforts to adopt and upgrade data security solutions. According to Bohn and Schiereck (2022), the demand for data-driven clinical practices requires hospitals to keep pace with the influx of sophisticated threats. The healthcare sector reported 337 data breaches in the first half of 2022 (McKneon, 2022). Similarly, there were over 19 million records implicated in healthcare data breaches within the first six months of 2022. The average cost of a breach is about $10.1 million, which reveals the extent of the problem and its implications on the future of health care (McKneon, 2022).
The problem highlights the need for robust administrative, physical, and technical programs to identify and intercept risks. Boh and Schiereck (2022) indicated that current and former employees trigger increased breaches due to unauthorized access to databases and sharing of sensitive information with third parties. The targeted files contain details of patients’ identification, emails, appointment information, social security number, health insurance, billing information, and addresses (Lee & Choi, 2021). Failure to respond to incidents has serious implications on reputation, financial stability, and patient satisfaction. Enhancing security and monitoring capabilities is a strategic priority appropriate for the organization’s commitment to maintaining a superior competitive advantage.
Assessing and Measuring Issues for Quality Improvement
The measures of health data breaches include frequency of occurrence, the common types in terms of percentages, and cost to patients and the organization. The metrics guide organizations to complete a risk assessment to understand the type of data affected, the number of people affected, and the harm caused by the breach (Argaw et al., 2020). The benchmarks for measuring performance include hiring adequate skilled IT security professionals, enhanced employee responsibility and accountability when handling patient information, and significant investment in technologies such as firewalls to mitigate data breaches.
The goal is to ensure that the organization has enough resources to identify and resolve data breaches involving unauthorized access, loss, and theft of patient data (Lee & Choi, 2021). Assessment includes discovering processes necessary to prevent an incident from happening in the future. The team in charge also considers the risk to a firm’s reputation and financial losses. A high-risk incident provides insights into the adverse impacts of data breaches based on the magnitude of losses and business disruptions. Abouelmehdi et al. (2018) highlighted the need for organizations to assess and measure data breaches in terms of the number of incidents and the percentage of the most common breaches.
According to the authors, data-driven clinical practices improve patient care flow and reduce costs. However, organizations become vulnerable to ransomware and other attacks. Unauthorized access and disclosure is the most common type of breach with 40% of the reported incidents. Al-Muhtadi et al. (2019) assessed breaches based on the number of personal devices used in the clinical environment and the frequency of incidents. The authors also remind organizations to focus on the type of information such as medical records, diagnosis, and medical history that are more vulnerable to unauthorized access and disclosure.
The care team should acquire knowledge and skills to enable them to identify corporate impersonations, clickbait attacks, customer scams, phishing, and malware associated with the increased use of social devices and networks. Argaw et al. (2020) reminded healthcare facilities to address breaches based on the most targeted data types. The authors indicated that attackers target personal health information, diagnosis, insurance details, and billing. Organizations should also assess risks based on the detrimental effects on reputation and revenues. Seh et al. (2020) added to the discussion on assessing and measuring breaches by focusing on the frequency of data breaches, their magnitude, and financial losses. An accurate and complete assessment provides insights into evidence-based interventions for intercepting risks and reducing the costs associated with data theft, ransomware, and other lawsuits.
Industry Measure of Performance
A good benchmark is the percentage frequency of health data breaches in an organization. Almulihi et al. (2022) acknowledged the need for risk assessment and measurement based on the type of incident and magnitude in terms of costs and the affected population. Data breaches are a concern for various stakeholders, including patients, security experts, healthcare professionals, families, and businesses. A high frequency of attacks and other incidents raises questions about a firm’s preparedness and response to breaches. High rates of health data breaches also reveal risks of unauthorized internal disclosure, weaker networks, and pilferage of sensitive patient data. Thus, healthcare providers should strive to reduce the frequency of incidents to avoid reputational and financial losses.
Preliminary Action Plan Steps
- Conduct a library search for a comprehensive literature review on health data breaches, the extent of the problem, and feasible measures for reducing risks of data theft, ransomware, and manipulation.
- Formulate problem statement
- Identify risk factors associated with health data breaches
- Establish units of measure
- Collect data and perform analysis using a graphical representation of the situation.
Evidence-Based Solutions for Health Data Breaches
Staff Training and Education
The intervention makes everyone aware of cybersecurity measures and policies used in the organization (Abouelmehdi et al., 2018). The option also equips employees with knowledge of HIPAA’s data security, privacy, and confidentiality and their roles in securing patient and organizational data. Increased awareness helps prevent unintentional and intentional breaches due to knowledge of the consequences of a data breach on the workforce, organization, and patients (Boh & Schiereck, 2022). Comprehensive training and education programs make the organization committed to increasing vigilance in ensuring every employee protects patient and organization information. It becomes easier to identify cyber attackers and other malicious parties working to exploit weaknesses in an organization’s health information systems.
Updating Devices and Networks Regularly
Hackers constantly check for new ways to exploit the systems and access sensitive data. The vulnerability highlights the need for regular software updates to eliminate bugs and lower the risk of cyberattacks (Argaw et al., 2020). The move demonstrates the organization’s commitment to investing in technologies for mitigating data breaches (Lee & Choi, 2021). The IT team has the technical expertise to identify and resolve data breaches involving unauthorized access, loss, and theft of patient data.
Applying Leadership Competencies
| ACHE Domain | ACHE Competency Selected | How This Competency Relates to the Capstone Health Care Problem Analysis Proposal |
| Communication and Relationship Management | Communication Skills | I chose communication skills because the capstone project will require me to prepare and deliver business communications on health data breaches, organizational vulnerability, and consequences. In this case, I will develop meeting agendas, presentations, business reports, and communications plans to engage different stakeholders on the facility’s preparedness. |
| Leadership | Managing change | I chose managing change since this project would require me to promote continuous organizational learning and improvement on evidence-based solutions for health data breaches. |
| Professionalism | Personal and Professional Accountability | I chose personal and professional accountability since this project calls for increased awareness about the consequences of unethical actions such as unauthorized access and disclosure of sensitive patient and organizational information. |
| Knowledge of the Healthcare Environment | Healthcare Systems and Organizations | I chose healthcare systems and organizations since this capstone project involves evidence-based management practice focused on preventing the frequency and magnitude of health data breaches. |
| Business Skills and Knowledge | Organizational Dynamics and Governance | I chose organizational dynamics and governance since this capstone project requires me to document and implement policies and procedures on effective monitoring and response to health data breaches. |
Summary of the Feedback
A conversation with a health IT manager provided insights into the pathway for completing the project successfully. The professional supported the idea of using frequency of occurrence and the percentages of the common types of data breaches. Including the measures provides details of an organization’s vulnerability to breaches and the best appropriate for initiating evidence-based solutions. With the frequency and percentages, the contact agreed that it was easier to determine severity of breaches and specific interventions necessary to secure patient and organization data. The healthcare professional also suggested the need for clarity on the different technologies necessary for mitigating data threats. The professional also addressed the need for the report to mention specific skills required by the IT security team to monitor and respond to safety risks. Overall, I had an excellent opportunity to understand events in the healthcare environment associated with data breaches. The conversation provided insights into the need for individual and collective commitment to identifying gaps in the systems and responding through evidence-based interventions.
References
Abouelmehdi, K., Beni‑Hessane, A., & Khaloufi, H. (2018). Big healthcare data: Preserving security and privacy. Journal of Big Data, 5(1), 1-16. https://journalofbigdata.springeropen.com/articles/10.1186/s40537-017-0110-7
Almulihi, A., Alassery, F., Khan, A., Shukla, S., Gupta, B., & Kumar, R. (2022). Analyzing the implications of healthcare data breaches through computational technique. Intelligent Automation and Soft Computing 32(3), 1763-1779. https://www.researchgate.net/publication/357496148_Analyzing_the_Implications_of_Healthcare_Data_Breaches_through_Computational_Technique
Al-Muhtadi, J., Shahzad, B., Saleem, K., Jameel, W., & Orgun, M. (2019). Cybersecurity and privacy issues for socially integrated mobile healthcare applications operating in a multi-cloud environment. Health Informatics Journal, 25(2), 315-329. https://journals.sagepub.com/doi/pdf/10.1177/1460458217706184
Argaw, S., Troncoso-Pastoriza, J., Lacey, D., Florin, M., Anderson, D., Burleson, W., Vogel, J., O’Leary, C., Flahault, A. (2020). Cybersecurity of Hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(146), 1-9. https://bmcmedinformdecismak.biomedcentral.com/articles/10.1186/s12911-020-01161-7
Bohn, L., & Schiereck, D. (2022). Regulation of data breach publication: the case of US healthcare and the HITECH act. Journal of Economics and Finance, 1-12. https://link.springer.com/content/pdf/10.1007/s12197-022-09607-6.pdf
Lee, J., & Choi, S. (2021). Hospital productivity after data breaches: Difference-in-differences analysis. Journal of Medical Internet Research, 23(7), 1-7. https://www.jmir.org/2021/7/e26157/PDF
McKeon, J. (2022). Biggest healthcare data breaches reported this year, so far. TechTarget, Inc. https://healthitsecurity.com/features/biggest-healthcare-data-breaches-reported-this-year-so-far
Seh, A.H., Zarour, M., Alenezi, M., Sarkar, A.K., Agrawal, A., Kumar, R., & Khan, R. A. (2020). Healthcare data breaches: Insights and implications. Healthcare, 8(2), 1-16. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7349636/pdf/healthcare-08-00133.pdf