Question

An employee of the nursing home left a facility laptop in a vehicle. The vehicle was stolen. The facility does not know who took the vehicle or where it is. The laptop included files of resident information on the hard drive. It allowed remote access to the facility’s system and health records, but was password protected. The computer itself also required a password to utilize and access anything. Breach analysis? Write up your analysis in 250-500 words.

Answer 1

It is a great negligence from the employee, as laptop contains personal details of the people in the nursing home. Even though it is password protected, any hacker can unlock it. If the vehicle was stolen purposefully for the laptop they may use the details to black mail individuals in the facility, for money or any insurance claims.

The laptop was to be kept in a safer place or carried along with you everywhere. The laptop was to be within our eyes perimetry, as we can use it when ever and where ever needed. It is to be carried always on your bag. As it can access the health records it is very dangerous, as it can tamper the individuality of the residents, if they have some tender issues like depression or any psychiatry illness.

Maybe the laptop might be sold when we can never retrieve it, as most shops ththe details of buyer or seller is not recorded.

Buying another laptop is also a financial burden and entering the details again is another milestone. Again when we approach individuals to collect the details they also have a doubt, they may not open up again. The health care facility must quickly perform a risk assessment that will:

review a potential breach;

Identify whether it is reportable and if it is reportable provide notice of the breach to all individuals whose PHI was subject to the breach;

Provide notice to the Secretary of the HHS and, in some instances, to one or more prominent media outlets and

remediate the problem (i.e. offering credit monitoring to individuals whose PHI was subject to the breach).

Conduct ongoing training addressing, the following topics:

Threats and vulnerabilities associated with mobile device use;

Methods for securing devices and protecting health information;

Best practices for avoiding privacy and security mistakes when using devices.