UOP Ethical and Regulatory Impact discussion

Ethical and Regulatory

I

mpact [WLO: 1, 2, 3, 4, 5] [CLO: 1, 2, 3, 4, 5, 6]

Read

Prior to beginning work on this discussion forum, read Chapters 1 through 5 from the course text,

Ethical Health Informatics: Challenges and Opportunities

(3rd ed.). Also, read the article Assessing Staff Awareness and Effectiveness of Educational Training on IT security and Privacy in a Large Healthcare Organization

  • Links to an external site.
  • to assist you with this discussion.

    I

    Topic

    Your topic for this discussion forum: The Impact that Ethics and Regulations have on Health Informatics

    This  discussion will introduce some of the ethical challenges and  opportunities that exist in the health informatics industry today.  We  will expand on this discussion through the remaining weeks in class.

    Instructions

    For  your initial post, ask one to two questions related to the chosen  topic. You will not be able to see your peer’s post until you complete  your initial post.

    Scenario—Create a scenario related to the topic and pose questions related to the scenario.

    Debate—Identify  an issue related to the topic that has two or more sides/arguments. Ask  your peers to select a side or argument and explain the reasons for  their choice.

    Roleplay—Identify a professional role(s) and  create a scenario (related to the topic) an individual(s) in the role(s)  would need to manage. Ask your peers questions related to the  individual(s)’ responsibilities and scenario.

    Helpful Resources

    For help with developing your question (s), check out the resources below:

    The Importance of Questioning in Developing Critical Thinking Skills

    Links to an external site.

    Examples of

    Critical Thinking Questions

    and Other Creative Ideas

    Download Examples of Critical Thinking Questions and Other Creative Ideas

    Critical Thinking Questions

    Links to an external site.

  • 5 Tips to Improve Your Critical Thinking
  • Assessing staff awareness and effectiveness of
    educational training on IT security and
    privacy in a large healthcare organization
    Mubashir Aslam Arain; Tarraf, Rima; Armghan Ahmad. Journal of Multidisciplinary
    Healthca
    Electronic health information systems and information technology (IT) are increasingly being
    used in healthcare.1–3 Although electronic information systems offer numerous benefits, health
    information stored in an electronic system poses unique risks to privacy and security.2,3 Risks to
    IT security and privacy can include things such as copying or sharing of username/password,
    accidental disclosure of patient information, abuse of permission or insider curiosity of an
    employee, or visible patient information on device screens.4,5 Personal health information thefts
    and data security breaches are a growing concern. In 2013, the office of Civil Rights in the US
    had more than 77,000 complaints of breaches related to health information privacy violating the
    Health Insurance Portability and Accountability Act (HIPAA).6
    In healthcare, these risks are especially pertinent, as personal health information contains
    sensitive and intimate details of patients’ life. The theft, loss, or unauthorized use and disclosure
    of personal health information can have dire consequences. Some of these consequences are
    discrimination, stigmatization, and psychological or economic harm to the individual.7–9
    Additionally, if patients are not confident that their information will be kept secure, they may
    refrain from disclosing critical information or from seeking treatment.3,10 Despite the risks to IT
    security of patient information, it is important for healthcare providers to have easy access to
    patient information for timely delivering and effective healthcare. In one report, 87% of 2,469
    Canadians agreed that timely and easy access to personal health information is crucial for quality
    healthcare.11
    In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) grants
    individuals the right to know the reasons for collection or use of personal information.
    Healthcare organizations are responsible for the security, privacy, and confidentiality of
    information in their custody, and should protect this information reasonably and securely.12 The
    healthcare organization included in this study was a large fully integrated health system
    consisting of five geographical zones with over 100,000 employees. The organization offers
    services at more than 650 facilities including hospitals, clinics, continuing care facilities, cancer
    centers, mental health facilities, and community health sites.13 The organization developed a
    number of online education and awareness modules that target key points staff need to be aware
    of to understand their requirements for compliance based on legislative policies and Acts. Elearning enables knowledge management by simplifying the collaborative process with ease of
    content capture, continuous learning, and reuse.14 E-learning has been widely adopted by many
    organizations to offer learning opportunities to employees as a cost-effective and time-saving
    method.15 Although e-learning interventions are more effective than no training programs,16
    healthcare professional’s attitude, satisfaction, and experience using computers and e-learning
    could be problematic, requiring further understanding and research.17 The objective of the study
    was to determine the effectiveness and staff awareness of the IT security and privacy educational
    modules in a large healthcare organization.
    Methods
    We conducted a cross-sectional survey from September 2016 to March 2017 in a Western
    Canadian healthcare organization. Proportionate stratified random sampling methodology was
    used to ensure representation from different types of healthcare facilities and staff from different
    occupations. Our sampling framework also aimed to collect the highest responses from nursing
    staff, followed by clerical staff, and other non-regulated healthcare professionals.
    The survey was developed by the authors; the questions were based on the exploratory
    qualitative study conducted prior to the survey.13 The authors aligned survey questions with the
    key learning objectives from the educational modules and consulted e-learning literature.18,19
    Prior to distributing the survey, the authors shared it with key stakeholders to ensure questions
    were adequate and representative and piloted the survey with four management staff.
    The survey was sent in two waves. As per our sampling framework, we randomly selected staff
    names from a master list using Excel’s random number generator function. Staff received a brief
    description of the project and a personalized link to the survey. The email also emphasized that
    participation was voluntary, and all information provided was anonymous and confidential. In
    the first wave, we sent invitations to 2,000 staff. Staff were given 2 weeks to complete the
    survey; two emails were sent out as reminders. The first reminder was sent a week prior to the
    deadline, and the second reminder 2 days before the deadline. We collected 333 responses from
    the first wave, thus necessitating the need for a second wave of data collection. The target
    minimum sample required was 400 for this survey. The second invitation was sent to 1,000 staff
    following the same procedure and sampling framework as the first wave. The second sample
    excluded the 2,000 staff who were invited during the first wave. Module compliance was not an
    inclusion criteria, as we were interested in noting whether or not there would be any significant
    difference between those who had completed the training and those who had not. Figure 1
    highlights the above-mentioned methodology and sampling framework visually.
    We analyzed data using IBM SPSS Statistics version 19 (IBM Corporation, Armonk, NY, USA).
    We tested the effectiveness of current educational material and whether there were any
    differences in IT security and privacy awareness among different professional groups and
    between those who had and had not completed the training using descriptive and inferential
    statistics. We used the chi-squared test for proportions/test for trends for categorical data and the
    Mann–Whitney U test for continuous data at 95% confidence level.
    Description of modules
    This study evaluates two specific IT training modules: Module I (Annual Continuing Education
    (ACE) Secure – Collect IT, Protect IT) and Module II (Information Privacy and IT Security
    Awareness).13
    Module I: This module fulfilled requirements for Information Privacy and IT security training
    for all employees. It was a short online course that provided an overview of the privacy
    legislation, the responsibilities of workers to protect the privacy of individuals, confidentiality of
    information, and the security of IT resources.
    Module II: This was a 60-minute training module that provided an overview of privacy
    legislation. It outlined staff responsibility to protect the privacy of individuals, confidentiality of
    information, and security of IT resources. Completion of the module was required within the first
    3 months of employment or as designated by the employees’ program.
    Protection of human and animal subjects
    This evaluation was considered a Quality Improvement project and did not require approval by
    an ethics review board. However, all data collection, management, and storing procedures
    complied with the Health Information Act and the Freedom of Information and Privacy Act. All
    participants were provided with information on the project and how the data would be used.
    Results
    In total, 586 staff participated in the study (20% response rate). Demographic information is
    presented in Table 1. There was an approximately equal distribution of clinical (51.5%) and nonclinical (47.6%) staff. A large proportion of participants were employed full-time (64.2%) and
    had worked in the organization for over 10 years (44.5%). Most of the participants were aware of
    (87.4%) and had completed the IT training modules (80.9%). To determine the
    representativeness of the sample, we compared the proportion of each professional group in the
    organization (Figure 2A) to their proportions in our sample (Figure 2B).
    Around 25% of staff were very satisfied with IT security at the organization and around half of
    the survey participants were satisfied with IT security at the organization; others were either
    neutral or not satisfied (Figure 3). Most of the participants perceived the two modules as
    effective (57.5%) in delivering the key messages around IT security and privacy (Figure 4). We
    found a significant positive correlation between staff perception about the effectiveness of IT
    security educational material and satisfaction with IT security in the organization (r=0.34,
    P0.05).
    Overall, there was little difference between clinical and non-clinical staff (Table 4). The majority
    of clinical and non-clinical staff were aware of the IT modules; of those, most participants had
    completed them. A few participants reported sharing their login information (6.6%). Clinical
    staff (32.9%) were slightly less likely to correctly identify how to deal with spam emails than
    non-clinical staff (39.9%). Moreover, only a small proportion of clinical (25.5%) and nonclinical staff (30.4%) reported knowing how to encrypt emails.
    Full-time staff members were more likely to have completed Module I than part-time staff
    members (Table 5). Also, full-time staff were more likely to correctly report the action required
    upon receiving spam emails. No other differences were found between the full-time and parttime staff.
    Table 6 shows that those who completed Module I were 4.2-times (CI =2.0–8.8) more likely to
    correctly report the action required upon receiving spam emails than those who had not
    completed Module I. Other variables in the model did not show any significant difference.
    Content improvement
    Many participants expressed the need for instructions on how to encrypt emails and for tips on
    how to recognize spam. Some participants identified the lack of information with regard to the
    risks and consequences of breaches. Another recurring “missing” feature from the module was
    information on breaches and how often they occur in the organization. Several participants also
    conveyed interest in learning about the risk of breach when using social media.
    Participants offered several suggestions on how to improve IT security modules:
    1. Updating module content with new examples/content (n=7);
    2. Incorporating a grading system as opposed to the pass/fail system currently in place (n=4);
    3. Include relevant and role-specific examples (n=5);
    4. Include more interactive components (n=14);
    5. Provide how-to documents and IT tips and cheat sheets (eg, how-to encrypt emails) (n=3);
    6. Provide more mediums for learning (eg, lunch and learns, in-classroom training) (n=3); and
    7. Provide staff the time to complete the modules (n=5).
    Similarly, participants suggested various ways to promote IT security and compliance with the
    modules:
    1. Hold poster campaigns (n=6);
    2. Send reminders to complete the annual modules (n=13);
    3. Have managers review IT security information in team meetings (n=6);
    4. Email a weekly or monthly bulletin highlighting recent security issues or breaches (n=4); and
    5. Ensure information is accessible and easy to find (n=7).
    The study examined the effectiveness of existing educational and awareness training in
    delivering the key messages around IT security and privacy. The results of the study indicated
    that a large majority of participants were aware of Module I and had completed them. Staff were
    mostly satisfied with the educational and awareness programs, and found the modules effective
    in delivering the key messages around IT security and privacy. Specifically, we found that
    Module I was effective in improving IT security knowledge. Participants who had completed the
    Module I training were significantly more likely to know how to correctly respond to potential
    security breaches (eg, how to react to spam emails or how to report IT security incidents).
    Although module completion was mandatory, not all staff had completed the training. This could
    be attributed to a number of reasons that might be associated with being a large healthcare
    organization. Participants cited several challenges to completing the modules, such as the
    unavailability of dedicated and uninterrupted time, outdated computers, lack of follow-up from
    managers, and difficulty in accessing the module. Also, it was found that the most common
    breaches reported were (1) walking away from a computer without logging off and (2) not
    knowing how to encrypt emails when sending emails outside the organization.
    A recent report by Cavoukian and Alvarex8 identified the importance of privacy and security
    training. The authors suggested that awareness regarding privacy and security is key to the
    reduction of human errors and carelessness, which is often the cause of many privacy breaches.
    In our study, Module I adopted by the health organization yielded the necessary outcome that led
    to the reduction of errors and enabled staff to encrypt their emails and took the necessary action
    against spam. Additionally, Cavoukian and Alvarex8 envisaged that training can help to ensure
    that employees and agents are aware of their obligations under privacy statutes and
    organizational privacy and security policies and procedures that are applicable to the authorized
    collection, use, and disclosure of personal health information and the safeguards that must be
    implemented to protect the personal health information.
    Additionally, it was found that the short duration (20 minutes) of Module I made it more
    effective than the 60-minute Module II. This was attributed to the higher level of knowledge,
    which was directly related to the information provided in the module. Also, the completion of the
    module prompted them to look at more IT security resources, such as dealing with spam and
    encrypting their emails. This is in line with other studies that also found that if training is divided
    into shorter sessions, staff are more likely to pay attention and retain the information.20,21 Shorter
    sessions help to reduce perceptions of information overload and help with developing successful
    e-learning training modules.16
    There are multiple benefits to using information systems in healthcare, such as improving quality
    and providing patient-centric services by linking access to patient information from various
    sources.22 However, the data are vulnerable to security threats and risks the privacy of patients.
    Privacy is a key element in the patient–physician relationship, facilitating a correct diagnosis,
    treatment, and medication.3 With growing security threats, there is an increased risk of
    inappropriate access to patient information when IT security measures are not practiced.22
    The increased risk of IT breaches results from staff walking away from their computer without
    logging off, especially in open-plan offices. The automatic logouts mechanism after a few
    minutes of inactivity provides an electronic safeguard.6 Also, sometimes staff share login
    information with other staff. In some cases, staff are forced to share their own information so that
    the new hires can perform their job; this undermines data protection and patient privacy.2,23
    Daglish and Archer20 recommend that as much as healthcare providers need to accumulate data
    about patients to be able to treat them effectively, it is the sole responsibility of the organizations
    to guard the data against unwanted breaches.
    Advances in technology have led to the deployment of automated and efficient healthcare
    information systems. Also, the use of the Internet enhances information communication of these
    systems, but increases risk due to multiple networks and heterogonous users involved.24 This
    contributes to the challenge of integrating secure and privacy-preserving systems.25 Hence, a
    system with high security and excellent protection strategies is required to protect against
    potential breaches, which benefits the patients and improves overall quality.24
    Various components need to be embedded for user access control to ensure the integrity of
    sensitive data.22 The access control features should include elements of robustness, flexibility,
    and conformity. First, the system has to be robust enough to prevent the exploitation of sensitive
    and private data by maintaining inappropriate and unauthorized access.25 Second, related to
    emergency cases, access to the control system has to be flexible to allow overriding and
    delegation access privileges.25 The coupling of two access control features allows for potential
    conflicting non-compliance situations. The third feature of conformity tries to address the issues
    by involving processes related to verifying, validating, and monitoring the compliance of access
    control policies.25 The paper by Jaïdi et al25 discusses the framework for deploying the proposed
    technique for reliable and efficient access control policies. Moreover, these methods propose
    optimal security techniques as a way to govern access control policy based on privileges and
    rights to patient information.26
    Other technologies used to ensure security and privacy of healthcare data involve encryption,
    data masking, security monitoring, and auditing.26 Encryption is a valuable technique to protect
    sensitive data and prevent misuse.22 The technique helps to safeguard data in case of breaches
    like packet sniffing and theft of storage devices. Abouelmehdi et al26 suggest that the encryption
    scheme should be efficient, with minimum key holds by each party, and should be extendible to
    include new data. Data masking fully removes personal identifiers and is different from
    encryption, as the original value cannot be returned.26 The monitoring technique involves
    surveillance, detection, and investigating network events against potential security breaches. The
    approaches discussed are important elements to consider for protection of healthcare data and
    computerized patient records.
    We identified a few limitations, such as (1) some occupation groups were not as well represented
    as others, despite our best recruitment efforts and proportionate stratified random sampling
    methods. Also, our target population included some non-computer users who might not have
    received the online survey. (2) Due to the nature of the questions, social desirable responding
    may have biased the results; we tried to minimize this by ensuring confidentiality of the
    participants and anonymizing the survey.
    Conclusions
    Information technology security and privacy training should be an integral part of healthcare
    staff continuing education to prevent potential breaches and protect patient information. The
    evaluation of the training program ensures that staff are aware of available resources and
    understand how to prevent IT security breaches. Staff’s lack of awareness related to
    organizational IT policy and compliance requirements could potentially create more risk for
    security breaches. Furthermore, more emphasis is required for part-time staff who may not fully
    understand and comply with IT security protocols and could increase the risk of breaches.
    Acknowledgments
    Special thanks to all the participants who voluntarily completed the surveys in their busy work
    schedules and to the stakeholders and senior leadership for their support and engagement for
    making this study a success.
    Disclosure
    The authors report no conflicts of interest in this work.
    © 2019. This work is licensed under https://creativecommons.org/licenses/by-nc/3.0/ (the
    “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in
    accordance with the terms of the License.
    Suggested sources

    Multiple Divergent Challenges of Healthcare Leaders: A Qualitative Descriptive Case
    Study
    Odoemena, Remi I. University of Phoenix ProQuest Dissertations Publishing,
    2018. 10841303.

    Is Your Healthcare Organization Set to Meet the Demands of Cybersecurity?
    Targeted News Service; Washington, D.C. [Washington, D.C]. 10 Aug 2017.

    Documentation integrity: Authorship functionalities of EHR in a Saudi Arabian hospital
    Bakheet Aldosari; Alanazi, Abdullah. Computers in Biology and Medicine;
    Oxford Vol. 93, (Feb 1, 2018): 184-188.

    Security Issues, Challenges and Success Factors of Hospital Information System
    Sarkar, Amal Krishna; Khan, R A; Pandey, C M. i-Manager’s Journal on Information
    Technology; Nagercoil Vol. 6, Iss. 3, (Jun/Aug 2017): 30-35.

    The Role of Privacy Protection in Healthcare Information Systems Adoption
    Hsu, Chien-lung; Lee, Ming-ren; Su, Chien-hui. Journal of Medical Systems; New
    York Vol. 37, Iss. 5, (Oct 2013): 9966.
    View all
    Search with indexing terms
    • Subject
    • Information systems
    • Electronic health records
    • Personal health
    • Security management
    • Privacy
    • Employees
    • Location
    • United States–US
    • Canada
    Back to top

    ProQuest, part of Clarivate







    About ProQuest
    Contact Us
    Terms and Conditions
    Privacy Policy
    Cookie Policy
    Manage cookie preferences
    Accessibility
    Copyright © 2023 ProQuest LLC.

    Calculate your order
    275 words
    Total price: $0.00

    Top-quality papers guaranteed

    54

    100% original papers

    We sell only unique pieces of writing completed according to your demands.

    54

    Confidential service

    We use security encryption to keep your personal data protected.

    54

    Money-back guarantee

    We can give your money back if something goes wrong with your order.

    Enjoy the free features we offer to everyone

    1. Title page

      Get a free title page formatted according to the specifics of your particular style.

    2. Custom formatting

      Request us to use APA, MLA, Harvard, Chicago, or any other style for your essay.

    3. Bibliography page

      Don’t pay extra for a list of references that perfectly fits your academic needs.

    4. 24/7 support assistance

      Ask us a question anytime you need to—we don’t charge extra for supporting you!

    Calculate how much your essay costs

    Type of paper
    Academic level
    Deadline
    550 words

    How to place an order

    • Choose the number of pages, your academic level, and deadline
    • Push the orange button
    • Give instructions for your paper
    • Pay with PayPal or a credit card
    • Track the progress of your order
    • Approve and enjoy your custom paper

    Ask experts to write you a cheap essay of excellent quality

    Place an order