Information Assurance and Security

computer science


1.Case Study: At a teaching hospital, many medical students may be

assigned to a single patient to review and learn from the cases that are

present in the hospital with hands on experience. However, access to

medical records is only allowed if you are actually assigned to the case. It

is a policy that is reviewed at the start of each clinical rotation, and

violations of this policy are monitored through the IT access logs. Violations

of this policy are taken very seriously, up to an including expulsion from

med school. 

There was a patient who was bit by a bat and developed rabies. Rabies is

common in animals, but nearly always fatal in humans. A physician

proposed a very unconventional treatment, and the patient lived. This made

medical history and became a medical case study that was reviewed in

many medical forums, including grand rounds (where many physicians

come to hear about new technologies and treatments). After this particular

grand round, the IT performed a medical records access audit. Even

through the information about the case was already shared with everyone

in grand rounds, there was a spike in the number of medical students

accessing the patient's chart. Over 50 unauthorized accesses were

discovered shortly in the week following the presentation.

When confronted about their privacy violations of the medical records,

students were often  genuinely surprised, and felt that this was a legitimate

reason for accessing a patient's chart - to learn more about the case (after

all, they were there to learn!) The access policies were re-written to include

this as a specific example of violations, and the students were given a

severe warning in their student files. A second violation would result in their

expulsion from medical school.

Were the students right or wrong to access the chart? Was the access

audit effective? Was the policy effective? What other types of situations

lead to violations of a privacy policy? Are audits the best way to manage

these? When you know that a person may lose their job as a result of the

audit that you perform but you know more of the reasoning why they did the

violation, does this create an ethical dilemma for you?

Related Questions in computer science category

The ready solutions purchased from Library are already used solutions. Please do not submit them directly as it may lead to plagiarism. Once paid, the solution file download link will be sent to your provided email. Please either use them for learning purpose or re-write them in your own language. In case if you haven't get the email, do let us know via chat support.