HIM 422 SNHU Law The Impact of A Data Breach This 3-4 page paper will detail the impact of a data breach based on the attached information. This should inc

HIM 422 SNHU Law The Impact of A Data Breach This 3-4 page paper will detail the impact of a data breach based on the attached information. This should include the laws that are in place to prevent such data breaches, the potential financial penalties and any other non-financial impacts. I have attached the previous paper on the particular data breach as well as the guidelines for this particular assignment. HIM 422 Milestone Two Guidelines and Rubric
After successfully briefing your executive team—the “C-Suite” (CEO, CIO, CFO, CMO, and CNO)—on the nature of your imagined breach and the key stakeholders
to be notified, you have been asked to present another report detailing the impact the breach has on your organization. The “C-Suite” is interested in knowing
the legal and financial impact this breach has had on the organization and what federally sponsored initiatives can be put in place to ensure that the institution is
providing high-quality healthcare, patient and staff safety, and data protection.
Specifically, the following critical elements must be addressed:
III.
Impacts
A. Identify laws that are in place specifically for trying to prevent such data breaches, and assess the extent to which these laws were violated
during this data breach. Be sure to use specific examples from your research to support your position.
B. Determine the applicability of the laws you identified above to your organization. Be sure to use specific research to substantiate your claims.
C. Assess the impact of the data breach on financial decision making within your organization. In other words, what effect(s) will potential financial
penalties have on your organization? Be sure to cite specific examples from your research.
D. Analyze any non-financial impacts (e.g., bad publicity, etc.) that could result from this breach. Be sure to cite specific examples from your
research. If you feel there are none, be sure to justify your rationale.
E. Evaluate your organization’s use of the appropriate federally sponsored initiatives in ensuring the provision of the highest level of healthcare
quality and safety, and efficiency in keeping data secure. Be sure to cite specific examples from your research.
Guidelines for Submission: This paper should be 3 to 4 pages in length (not including the cover page or reference page). Use APA format for the reference list and
all internal citations.
Critical Elements
Impacts: Laws to
Prevent
Exemplary (100%)
Meets “Proficient” criteria and
examples cited demonstrate keen
insight into legal aspects of
healthcare data breaches
Proficient (85%)
Accurately identifies laws that
are in place for trying to prevent
such data breaches and assesses
the extent to which they were
violated, using specific examples
from research to support
position
Impacts:
Applicability
Meets “Proficient” criteria and
examples cited demonstrate keen
insight into legal aspects of
healthcare data breaches
Accurately determines
applicability of laws to
organization, using specific
research to substantiate claims
Needs Improvement (55%)
Identifies laws that are in place
for trying to prevent such data
breaches and assesses the extent
to which they were violated, but
with gaps in accuracy or detail,
or the provided examples are
not specific or do not support
position
Determines applicability of laws
to organization, but with gaps in
accuracy, or provided research is
not specific or does not
substantiate claims
Not Evident (0%)
Does not identify laws that are in
place for trying to prevent such
data breaches
Value
15
Does not determine applicability
of laws to organization
15
Impacts:
Financial
Penalties
Meets “Proficient” criteria and
assessment is exceptionally clear
and well-informed
Assesses the impact of the data
breach on financial decision
making in the organization, citing
specific examples from research
Impacts: Nonfinancial
Meets “Proficient” criteria and
expands on the impact beyond
immediate internal stakeholders,
encompassing the external
environment
Analyzes non-financial impacts
that could result from breach,
citing specific examples from
research, or justifies rationale if
none were identified
Impacts:
Sponsored
Initiatives
Meets “Proficient” criteria and
articulates nuanced connections
between sponsored initiatives and
healthcare quality and safety and
data security
Scholarly
Research
Meets “Proficient” criteria by
including three or more scholarly
research articles that give in-depth
details supporting identified
interdepartmental issue
Submission is free of errors related
to citations, grammar, spelling, and
syntax and is presented in a
professional and easy-to-read
format
Evaluates organization’s use of
sponsored initiatives in ensuring
healthcare quality and safety and
efficiency in keeping data secure,
and cites specific examples from
research
Includes two scholarly research
articles that give in-depth details
supporting identified
interdepartmental issue
Articulation of
Response
Submission has no major errors
related to citations, grammar,
spelling, or syntax
Assesses the impact of the data
breach on financial decision
making in the organization but
with gaps in accuracy or cited
examples are not specific
Analyzes non-financial impacts
that could result from breach but
with gaps in accuracy, examples
cited are not specific, or
rationale is not justified if none
were identified
Evaluates organization’s use of
sponsored initiatives but with
gaps in detail or does not cite
specific examples from research
Does not assess the impact of
the data breach on financial
decision making in the
organization
15
Does not analyze non-financial
impacts that could result from
breach
15
Does not evaluate organization’s
use of sponsored initiatives
15
Includes some scholarly research
but does not give in-depth
support to identified
interdepartmental issue
Does not include scholarly
research
10
Submission has major errors
related to citations, grammar,
spelling, or syntax that
negatively impact readability and
articulation of main ideas
Submission has critical errors
related to citations, grammar,
spelling, or syntax that prevent
understanding of ideas
15
Total
100%
Running head: HEALTHCARE DATA BREACH
Healthcare Data Breach
Olawunmi Odusanya
January 20, 2019
HIM-422
Professor Rodvill
1
HEALTHCARE DATA BREACH
Summary of Problem
Our hospital experienced a data breach last week which brought significant adverse
effects not only to the IT department, but to the entire organization (Sen & Borle, 2015). The
nature of the data breach in the organization involved hacking. It appears that the suspected
hacker entered the IT Department’s office after one of the IT officers failed to lock the door to
the IT room. One of the regulations and policies of the organization is that all offices, especially
the IT office, should be found under lock and key at all times. This is because of the large
number of vital information maintained in this room that is important to the organization. The
hacker entered through an open door and proceeded to hack into the hospital’s data system,
tampering with patient data and the hospital management software (Sen & Borle, 2015). The
mistake made by this employee had adverse consequences for the organization, because it
enabled an unauthorized person to gain access to the organization’s computer system and steal
vital information.
The data breach resulted in the loss of some vital information, specifically confidential
patient data and the loss of past patient records. The hacker tampered with patient information
from both the inpatient and outpatient departments. With the loss of vital data, it has become
difficult for the organization’s medical personnel to track the previous treatment plans assigned
to former patients. The data breach has made it difficult to review patient progress without
reverting back to the hospital’s manual system. This causes the hospital to use the information
located in the hospital’s paper filing system. Although it was an honest mistake, hospital
management still believes that the data breach was conducted by an employees in the hospital.
2
HEALTHCARE DATA BREACH
3
All computer devices in the hospital are accessed with individual passwords that are only
assigned to hospital personnel.
Key Stakeholders
When there is a data breach, it is necessary for hospital management to inform all
organization stakeholders. Our hospital will inform several stakeholders of the particular security
breach in question. The first group of stakeholders includes all current staff members of the
organization. This includes doctors, nurses, clinical officers, department heads and all support
staff. A second group of stakeholders would be all members of the hospital’s board of directors
as well as other sponsors that support the hospital. The third category of stakeholders will
include the hospital’s suppliers. It is important that suppliers be notified because of the nature of
the breach, which involved the hospital’s management software. Notifying suppliers will allow
enough time for the hospital to return to full operation in a timely manner. (Ronquillo, Erik
Winterholler, Cwikla, Szymanski & Levy, 2018).
The hospital must also inform some government officials about the data incident breach.
This should include some federal agents such as the police and the investigative department.
These government officials will help with both the internal and external investigation. The
governments involvement will help ensure that the guilty person faces the full enforcement of the
law. The IT department in conjunction with other departments needs to implement measures that
will restore the organization to its normal level of operations as well as enhancing the security of
its data. The IT department needs to find ways to ensure that computer devices are consistently
under lock and key when no individual is in the IT office. They also need to ensure that all
patient files are backed up as soon as possible (Bellare & Rogaway, 2018).
HEALTHCARE DATA BREACH
4
References
Bellare, M., & Rogaway, P. (2018). U.S. Patent Application No. 15/714,877.
Ronquillo, J. G., Erik Winterholler, J., Cwikla, K., Szymanski, R., & Levy, C. (2018). Health IT,
hacking, and cybersecurity: national trends in data breaches of protected health
information. JAMIA Open.
Sen, R., & Borle, S. (2015). Estimating the contextual risk of data breach: An empirical
approach. Journal of Management Information Systems, 32(2), 314-341.

Purchase answer to see full
attachment