In previous years, identity theft was mainly associated with financial transactions. However, over the last decade, fraud takes place in the medical care setting (Gordon et al., 2017). Identity theft in health care involves someone using another individual’s name or insurance details to obtain medical care. The fraud can also involve healthcare professionals utilizing other people’s information to present fictitious invoices to insurance companies. Medical identity theft has, therefore, become a major concern among patients and healthcare providers. For instance, a patient may experience identity theft due to a cyberattack on electronic medical records (EMR). This patient’s situation is caused by various policy issues involving quality and safety in healthcare.
One of the major policy issues which compromise such a patient’s quality and safety in health care is non-compliance based on limited knowledge. Most healthcare professionals fail to comply with organizational data security policies. According to Yeo and Banfield (2022), non-compliance is often due to the employees’ failure to see the risk of poor cybersecurity hygiene. The research study also reveals that a lack of understanding of the importance of these practices often leads to carelessness and negligence which predisposes the facility to a cyberattack on electronic health systems (Yeo & Banfield, 2022). However, healthcare facilities can mitigate non-compliance with data security policies by introducing information awareness and training programs to help health practitioners understand the appropriate cybersecurity behavior.
Another issue involving quality and safety in patients’ identity theft due to cyberattacks is policy violation based on high-risk tolerance. Sometimes health care employees engage in risky cybersecurity actions due to their tolerance of high risks. These practitioners may fail to follow certain policy rules since they are cumbersome and unrelated to patient results (Mansfield-Devine, 2017). According to research by Yeo and Banfield (2022), most data breaches result from unintentional policy violations. For instance, a healthcare practitioner may use an easily cracked password to keep it memorable, but end up compromising sensitive patients’ information such as insurance details.
Lack of additional verification or authentication of essential user accounts in the health care facilities is a key data management policy issue compromising the quality and safety of a patient’s healthcare. A health care facility should limit administrative privileges among a few health entities (Argaw et al., 2020). In addition, the accounts should be closely monitored for any strange activities and log entries. Further security measures like encapsulating browsers and using two accounts with different privileges should be enhanced. In addition, the user accounts with elevated privileges should have additional authentication which goes beyond a password requirement. Failure to do this, an organization lacks an accountability mechanism to improve the quality of healthcare (El-Jardali & Fadlallah, 2017). The precautions mitigate the risk of malicious insider threats promoting medical identity theft through cybersecurity attacks on healthcare systems.
The application of certain unreasonable policies may also be an issue of concern for the quality and safety of a patient. With the rapid growth of telehealth, many health care practitioners use their home networks and devices to carry out their official duties. In addition, health care facilities have the bring your own device (BYOD) policies which allow workers in the facility to maintain overwhelming patient care and outcomes (Argaw et al., 2020). Such advancements and decentralized resources enhance the attack surface for malicious people to exploit. Therefore, some policies within healthcare centers can be termed as unreasonable. However, health organizations can implement revised, acceptable rules and regulations to prevent the connectivity of unauthorized personal devices. In addition, they should implement more precautionary measures like local data encryption.
Lastly, another major fault in the healthcare policies involving the quality and safety of a patient is the violation of patient identification policies. Patient misidentification occurs when a medical center incorrectly matches a patient with another medical record in the system. Some of the significant factors promoting such an error are poor patient data maintenance, overlays, and duplicate medical data. Although some of these errors are genuine mistakes and negligence, others are intentional malicious acts aimed at identity theft. As a type of data breach, identity theft can harm individuals and healthcare organizations (Seh et al., 2020). Besides having a patient identification system, some health practitioners fail to follow the procedure of identifying patients’ identities before admission. For instance, in a case of duplicate medical records, a health practitioner may try to save time by letting the patient access services, an action that might compromise an individual in case of identity theft.
In summation, numerous policy issues compromise the quality and safety of a patient’s healthcare. Some of these policy issues predispose a patient to medical identity theft through cyberattacks. As discussed, these issues may include policy violation due to high-risk tolerance, non-compliance based on limited knowledge, and lack of additional verification or authentication of essential user accounts. In addition, the violation of patient identification policies and procedures may compromise the quality of a patient’s healthcare. The application of other unreasonable policies like the bring your own device policy may also put a patient’s healthcare at risk of medical identity theft.
References
Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M. V., Calcavecchia, F., Anderson, D., Anderson, D., Burleson, W., Vogel, J., O’Leary, C., Esha ya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of hospitals: Discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 1-10. Web.
El-Jardali, F., & Fadlallah, R. (2017). A review of national policies and strategies to improve quality of health care and patient safety: A case study from Lebanon and Jordan. BMC Health Services Research, 17(1), 1-13. Web.
Gordon, W. J., Fairhall, A., & Landman, A. (2017). Threats to information security—public health implications. N Engl J Med, 377(8), 707-709.
Mansfield-Devine, S. (2017). Leaks and ransoms–the key threats to healthcare organisations. Network Security, 2017(6), 14-19. Web.
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020). Healthcare data breaches: Insights and implications. Healthcare 8(2), 133. Web.
Yeo, L. H., & Banfield, J. (2022). Human factors in electronic health records cybersecurity breach: An exploratory analysis. Perspectives in Health Information Management, 19(Spring). Web.