- This topic has 8 replies, 9 voices, and was last updated 3 years, 7 months ago by Kridsada Sirichaisit.
-
AuthorPosts
-
-
2020-09-29 at 9:55 pm #22860Phone Suu KhaingParticipant
Brief description of the story
Three hospitals were fined $100,000, $384,000 and $515,000 respectively for inviting ABC film crews to fill on site without obtaining patient authorization or consent. Each has to implement staff training as part of individual corrective action plans which include policies and procedures related to photography, video recording and audio recording.
The impact of this data breach? Consequences of the data breach?
The breached data included very sensitive and private patient identity which is face, voice and body parts which means zero privacy for patients. There will no more trust by patients to health service as there is no security of their personal identity and no confidentiality of their health status. Also, patients are prone to psychological trauma whether or not they were blamed by friends and colleagues in their surrounding society.
How did the data breach occur?
Health data of patients were revealed to the ABC film crew for the TB show, by letting film crews recording patients in hospitals at their most private and vulnerable moments without patient authorization.
What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
Not following procedures to respect privacy and confidentiality by hospital staff cause HIPAA violation in this scenario. Lack of or weak rules and regulations on procedures of patient HIPAA protection could also pose this kind of situation.
How could you prevent this data breach attack?
Hospitals should have strong rules and regulations.
Trainings/Continuous education to employees regarding HIPPA
Monitor patient recording system
Risk assessment of data breach -
2020-09-30 at 12:55 am #22874Ornpicha ThiampolParticipant
Authorized user security is essential in this case. They should add more double-check security before releasing the data and educate staff to concern about this topic.
-
2020-09-30 at 4:47 am #22881Saravalee SuphakarnParticipant
Thank you for the explanation in this case study. I agree with your prevention measures. In addition, I think awareness about privacy is very important for this case. Both relative companies, the film company and hospital, should do awareness building in the organization.
-
2020-09-30 at 12:16 pm #22887Khaing Zin Zin HtweParticipant
Thanks for your description which is compact yet includes all necessary points. And it would add more interesting points if rules and regulations which hospitals should have could be specified for this scenario.
-
2020-09-30 at 10:42 pm #22899Navinee KruahongParticipant
Hi, I got this case too. I think this case study is such a good example to show the important of patients’ privacy and data security policy/regulation in a hospital. Moreover, the policy and regulation should be updated to cover all data breach cases that might happen in the future.
-
2020-10-02 at 2:12 am #22913Kaung Khant TinParticipant
Thank you so much for this informative report. I agree with your preventive measures. I think the hospital should give a lecture and a set of protocols to the documentary film team before filming. The lecture and the protocols should include data privacy and confidentiality as well as Dos and Donts for the crew member while filming at the hospital.
-
2020-10-06 at 10:21 pm #23071NaphatParticipant
Thank you for shotly brief. In Thailand, there are frequent problems like this. But it is not so serious, such as take a photo in the hospital while the staff are operating.
-
2020-10-08 at 10:15 pm #23202Sila KlanklaeoParticipant
Thank you for the short explanation and I agree with your preventive measures. I think that hospitals are not very serious about this.
-
2020-10-20 at 9:35 pm #23435Kridsada SirichaisitParticipant
Thank you for your brief. I think General Data Protection Regulation (GDPR) Compliance, the data regulation of EU, is the solution from data privacy. GDPR contain the regulation and how to follow to this compliance.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here