NR 512 Week 7 Discussion: Safeguarding Health Information and Systems
A new concept for some organizations is to allow nurses to bring in their own
... [Show More] devices known as bring your own devices (BYOD) to use at work. What are some of the security issues you might encounter if this were allowed? How would you address these issues? How is this issue addressed in your practice setting?
Answer
Professor and Class,
In today’s world of rapid advancing technology, healthcare companies have multiple lines of risk with breaches in their organizational system. The first risk that is most prevalent is employees who access the system by using their cellphones to access network information. If the person does not have the proper spyware or a strong authentication process like Symantec VIP Access which helps protect online accounts as well as blocking hackers from gaining access to your passwords to steal your information. Sebescen & Vitak (2017) state that:
…. “hackers are using a number of techniques to exploit employee vulnerabilities, including social engineering techniques (Symantec, 2011), employees’ insecure password habits (Vaas, 2016), and employees’ use of personal devices in organizational settings (Olavsurd, 2014; Pescatore, 2014), (p. 2237).
Some of the complications that can occur if an employee lost their personal device that has access to the organizational network, would be risk to patient and employee personal information. Once a hacker has access into an organization’s network this could cause areas of risk to the financial framework and risk of money being stolen from the company, or fraudulent charges to patients and insurance payers.
One of the ways of addressing these issues is providing regular education to all employees about corporate integrity and security. It is necessary to educate employees on risk that can be prevented due to hackers or carelessness of the organization’s information. In my current position I have access to my company email. This is where I get regular updates to surgical scheduling or issue needed to fix errors to a patient’s surgical procedure. I also receive as well as provide personal information in reference to the employees I supervise. Therefore, all of this information is protected under the HIPPA laws. Through my device I had to sign a release which gives my security IT department access to the personal information on my device. If my device is stolen or lost, I must report this immediately to my IT department. I am not allowed to leave my device unsecured or unattended to prevent any breaches in privacy. Due to having access to my company email I have to change my password every 90 days to prevent memorization of my security code. These steps are necessary as new methods of hacking are created to breakthrough systems that keep same codes.
References
Sebescen, N., & Vitak, J. (2017, September). Securing the human: employee security vulnerability risk in organizational settings. Journal of the Association for Information Science & Technology, 68(9), 2237-2247. https://doi.org/10.1002/asi.23851 [Show Less]