Hostname: page-component-586b7cd67f-gb8f7 Total loading time: 0 Render date: 2024-11-25T23:34:25.305Z Has data issue: false hasContentIssue false
  • English
  • Français

Organizational Repertoires and Rites in Health Information Security

Published online by Cambridge University Press:  01 October 2008

TED COOPER ,
JEFF COLLMANN  and
HENRY NEIDERMEIER
Get access Rights & Permissions [Opens in a new window]

Extract

The privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 emphasize taking steps for protecting protected health information from unauthorized access and modification. Nonetheless, even organizations highly skilled in data security that comply with regulations and all good practices will suffer and must respond to breaches. This paper reports on a case study in responding to an important breach of the confidentiality and integrity of identifiable patient information of the Kaiser Internet Patient Portal known as “Kaiser Permanente Online” (KP Online). From the perspective of theories about highly reliable organizations, effective health information security programs must respond resiliently to as well as prospectively anticipate security breaches.

Type
Special Section: The Newest Frontier: Ethical Landscapes in Electronic Healthcare
Information
Cambridge Quarterly of Healthcare Ethics , Volume 17 , Issue 4 , October 2008 , pp. 441 - 452
Copyright
Copyright © Cambridge University Press 2008

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

1 Health Insurance Reform: Security Standards; Final Rule. 68 Fed. Reg. 8333-8381 (Feb 20, 2003); Standards for Privacy of Individually Identifiable Health Information. 65 Fed. Reg. 82461–82829 (Dec 28, 2000).

2 Weick K, Sutcliffe K. Managing the Unexpected: Assuring High Performance in an Age of Complexity. San Francisco, CA: Jossey Bass; 2001; Weick K, Surcliffe K, Obstfeld D. Organizing for high reliability: Processes of collective mindfulness. Research in Organizational Behavior 1999;21:81–123.

3 Collmann J, Cooper T. Breaching the security of the Kaiser Permanente Internet Patient Portal: The organizational foundations of information security. Journal of the American Medical Informatics Association 2007;14:239–43.

4 Weick K. Sensemaking in Organizations. Thousand Oakes, CA: Sage Publications; 1995.

5 See note 2, Weick 1995.

6 See note 3, Collmann, Cooper 2007.

7 Snook S. Friendly Fire: The Accidental Shootdown of US Black Hawks over Northern Iraq. Princeton, NJ: Princeton University Press; 2000.

8 Perrow C. Normal Accidents: Living with High-Risk Technologies. Princeton, NJ: Princeton University Press; 1999.

9 Turner V. Drama, Fields and Metaphors: Symbolic Action in Human Society. Ithaca, NY: Cornell University Press; 1974.

10 Paulk M, Weber C, Curtis B, Chrissis M. The Capability Maturity Model: Guidelines for Improving the Software Process. Boston, MA: Addison Wesley Professional; 1995.

11 Brubaker B. “Sensitive” Kaiser e-mails go astray. Washington Post 9 Aug 2000.

12 See note 3, Collmann, Cooper 2007.

13 Turner V. Schism and Continuity in an African Society. Manchester, UK: Manchester University Press; 1957; Kapferer B. A Celebration of Demons: Exorcism and the Aesthetics of Healing in Sri Lanka. Washington, DC: Smithsonian; 1991.

14 See note 1, Health Insurance Reform 2003.

15 See note 2, Weick et al. 1999.

16 See note 2, Weick, Sutcliffe 2001.