Case 1.1 Email Security Breach

Words: 1036
Pages: 5

Vidhi Patel
Ohio Dominican University
Course (MHA 540 17FA02)
Case 1
11/21/2017

1. How serious was this e-mail security breach? Why did the Kaiser Permanente leadership react so quickly to mitigate the possible damage done by the breach?
As small as the breach seems, any exposure of private health information is a serious concern. However, this breach occurred in 2000 before Title II of the Health Insurance Portability and Accountability Act (HIPAA). Even though HIPAA had been in the works since 1996, the first rule concerning identifiable health information, Privacy, was not in effect until April 14, 2003. The Security rule which specifically covers electronic protected health information, rolled out in 2005 and the Enforcement Rule and Breach Notification Rules which set civil money penalties for violations and established procedures for investigating violations became effective in 2006.

2. Assume that you were appointed as the administrative member of the crisis team created the day breach was uncovered. After the initial apologies, what recommendations would you make for investigating the root cause(s) of the breach? Outline your suggested investigative steps.
The first step is to determine the full impact of the breach to decide what path to take. In this case study, over 800 individual email messages
…show more content…
Shortcuts were taken because of intense pressure to roll out fixes, rather than giving the IT group time and the proper resources for testing. Overall, the company as whole did not have an enterprise-wide focus on security which led to bad decision making to be allowed at the department and individual level. Upper management needs to emphasize the importance of security of health information over meeting a deadline and making sure that all departments make it a