Security and Privacy of Patients Data


Many healthcare organizations have taken several steps to ensure the privacy and security of patients’ information. However, the best has not been achieved since some healthcare organizations are still experiencing the problem. Many healthcare organizations are experiencing both internal and external threats. The systems that are put in place are not very effective in ensuring the privacy and security of patient information. External threats include natural disasters such as earthquakes, floods, fire, terrorist attacks, etc. that make the patients or the healthcare organizations lose important information. The information disposed by the healthcare organizations may also fall in the hands of the wrong individuals thereby risking the privacy of patient information. This makes it quite hard to refer to the progress of the treatment that a patient has been going through especially in a case where the healthcare organization does not have some backup to a patient’s information stored in a way that cannot be destroyed by these disasters. More complexity comes in when the healthcare does not maintain patient data and the patient’s records are destroyed by the natural disasters. This causes a great loss to the healthcare organization because the equipment will have to be replaced and some clients are also likely shift to other healthcare organizations if their information cannot be retrieved. The information security manager together with his team should ensure that those calamities that can be avoided are protected against and all the patients information in the healthcare organization has some backup that will be used in case of a calamity. A flood may also lead to the access of patient information by some unauthorized individuals. The information security manager should come up with a way that can be used by the patients to access their information other than using the paper records. This paper will seek to analyze how the information security manager will respond to a case where a flood has swept away the medical documents as a result of a flood that attacked the patient’s residents. The training that the staff will be given to be able to respond effectively to such an event is also laid down together with a management plan that will be implemented to increase the security and privacy of patient data.

Response to a Flood Destroying Patient’s Documents

When patients lose their records, the only place where they expect to find their records is in the healthcare organization where they were treated. Hospitals that operate using the traditional method where information is maintained in physical files get it very hard. The records that the patients carry are very important in tracing the patient’s record in the file. The serial number of the record is used in tracing the record in the healthcare organization’s files. The number of files in the healthcare organization is so many that tracing the exact file where an individual’s records are stored is quite complex. This means that tracking an individual’s documents will take much time. Also, very few patients will be attended in a day. This is likely to frustrate the patients because they would expect to be served most effectively and conveniently. The workers in the information system department are also likely to get very tired for the long processes and may eventually be frustrated. Unfortunately, the patients cannot be blamed for the calamity since they didn’t lose the documents themselves. The information systems manager has a responsibility to play in the situation both to the employees in the healthcare organization and the patients (Laurinda, 2006, pg.314). The first thing that should be done is to inform the patients of the complexity that is involved in retrieving their information. This will help the patients to be patient as their records are being retrieved. Those individuals who have lost their names should be requested to bring their names in advance so that their documents can be traced in advance. This will help in saving sometime that could have been wasted in tracing the document when the patient has come for treatment.

The Electronic Method of Maintaining Records

The information system manager will also adopt an electronic method of maintaining records that can be used by the healthcare organization. This system will incorporate the medical practitioners, patients and other individuals who have the right to access patient’s information in the healthcare organization (Hossein, 2006, pg.400). This will ensure the safety and privacy of the patient’s information. The patients will be able to access their information in their mails and they therefore do not need the physical records. In case of a natural disaster, the information will remain safe and can be accessed at any place. The healthcare organization will also have some backup that will help it recover any information that may be lost if a calamity destroyed the system. The backup will be stored in a different place so that it is not destroyed together with the system in case of a natural calamity. This system will have some more advantages over the traditional method. Accessing the patient’s information will be easier and faster and large amounts of data can be stored in a very small gadget. Letting the patients be aware of such plans will give them confidence and they will be willing to bring their information for them to be incorporated in the system. Much effort will be pit so that an effective system is put in place.

Code of Conduct

Knowing that safety and privacy of patient’s information are very important, some means of ensuring that this safety and privacy is maintained are required. The management will develop a code of conduct that will help in ensuring that the employees maintain the safety and privacy that is required.

  • Any individual in the healthcare organization is held responsible for the safety and privacy of a patient’s information.
  • If any information is accessed through an individual’s computer and happens to be a threat to the safety and privacy of a patient’s information, the owner of the computer will be held responsible for the act.
  • The passwords provided are personal and should not be linked to other people.
  • The employees should report any individuals found accessing unauthorized information even if they are fellow employees.
  • The employees should never leave their accounts on when leaving the office as this is a risk to the privacy of patient’s information.

Training to the Staff

With the implementation of the electronic method of maintaining records and patient’s information, the members of the staff need effective training so that they can use it effectively. Training is required on all the individuals that have the right to access the patient’s data. Different individuals have different rights in accessing the patient’s information. Some data is quite sensitive and therefore should only be accessed by the patient and the doctors who treat them in the healthcare organization. The training that the employees in the records department should receive should help them to trace a patient’s document within the shortest time possible. The staff will be trained on the general use of the computer and in addition, the importance of the passwords provided. The passwords should not be given or let to be known by another individual even in the hospital. This way, accessing a patient’s documents by an unauthorized individual will be too hard because he or she cannot access the information without the passwords (Robert, 2007, prg.6). This is to ensure that the patient’s information remains safe in the whole process. Collaboration amongst the different departments is very important because it helps in improving the quality of services given to customers while maintaining the safety and privacy of patient’s information. The members of the staff will be trained in a way that they will remember to safe the patient’s information every time they attend to a patient. Saving first before opening a document belonging to another patient is also important because it will help the individual avoid confusion.

Implementation of the Management Plan

As stated earlier, the management will implement an electronic method of storing and retrieving information. The plan involves installing computer systems in the healthcare organization. To ensure safety and privacy of the patient’s information, the information system’s manager will implement the system in a way that will help the information to be accessed by only those individuals who are related to the treatment of the patient. The management will first identify the information that is private and store it in systems that have passwords and those that can only be accessed by those authorized to access the information. The information will also be attached in the electronic mails of the patients so that the patient can check the results of a diagnosis or a laboratory test in the electronic mail. This way, the customer cannot lose the document regardless of any calamities (Robert, 2007, prg.6). The doctors who treat these individuals will also be able to access the information.

To ensure safety of the information to a particular patient, the healthcare information will have a backup that stores all the important information that is related to the patients (Harold & Micki, 2004, pg.770). This backup will be stored in a different place from the healthcare organization to ensure that in case of a natural calamity such as a flood, information related to patients can be retrieved easily. The system will not only help in ensuring safety and privacy but will also make the process more efficient since the patient’s documents can be accessed very fast. Little time will be spent and the employees will be able to do more work in a day compared to the work that the individual could have done in the old system of physical files. The information will be managed from a central point and all the other individuals will be able to access the information from this point. An interface will be created that will help the management know a computer that is accessing data from the network. Technicians in the information system department will develop a system that will protect unauthorized access to information. Different individuals will be able to access information concurrently and therefore the issue of long queues will come to an end. The rooms where records are kept will also be closed securely to avoid entry by unauthorized individuals who might get access to patient’s information. With the implementation of the electronic system, the management is also aware of the presence of hackers who are ready to crash the systems. The internet developed will therefore ensure that crashing is quite complex and therefore the access to information by hackers is limited.


The privacy and safety of patient’s information are very important to the patient and the information should therefore be held with great care. The information system department led by the information systems manager is responsible for the maintenance of patients’ records and it should provide the patient’s information when it is needed. The traditional method of maintaining records where physical files were maintained is very cumbersome and cannot protect loss of information in case of natural calamities such as floods and earthquakes. If the patient also loses his or her documents, tracing his or her documents is very hard. An electronic method of storing information is the best solution. Installing some computers in the healthcare organization will be the first step where the patients’ data will be saved. All the data will also have some backup that can be used in case a calamity occurs. The backup will be stored in a different place probably a different building so that it is not destroyed together with the system. The staff will be trained in the use of the computer and the importance of keeping passwords secretly. The management plan will be implemented by ensuring that all the employees have some computers that have some passwords. The employees will be required to keep the passwords private prevent unauthorized access of patients’ information.

Reference List

Harold, F. T. & Micki, K. (2004). Information Security Management Handbook, Volume 1. oxford: CRC Press, 769-772.

Hossein, B. (2006). Handbook of Information Security, Volume 1. New Jersey: Wiley Publishers, 398-402.

Laurinda, B. H. (2006). Ethical Challenges in the Management of Healthcare Information. New York: Jones & Bartlett Publishers, 312-316.

Robert, K. (2007). Protecting Patient Privacy in Healthcare information systems. Web.

Find out your order's cost