Emails are used by people for communication and to store their private information. Through email, people receive messages from the acquaintances as well as from organizations. Therefore, email breach in Kaiser Permanente was very serious because it went against the conventional principle of confidentiality in Medicine. The confidentiality practice obliges the care providers to keep patients’ information private unless consent is granted for the information to be shared. The scripting flaw made it possible for a user of KP online system to access private health information of other 800 users per every message received. By the fact that the users’ health information was shared without their consent, KP owners were liable for prosecution under Health Insurance Portability and Accountability Act (1996). The violation could see KP online paying up to $4.3 million as fine. The users could also institute private suits against the owners of the system. Compensating individual users could have grounded the operations of the organization. More importantly, KP suffered huge reputation problems that would have taken long time to correct. .
Kaiser Permanente had to act so quickly to resolve the problem because they did not want to lose customers. Being a large organization that serves quite a large number of populations in United States, losing customers would mean incurrence of a heavy loss. Additionally, they had to act quickly to avoid the loophole from being noted by other interested parties as it would lead to further damage.
A vital device for any leader is the capacity to lead an intensive and fitting investigation when required. Examination is a critical obligation and among the most paramount work a leader is to do. The investigative steps that I would recommend are first to define the problem. This is a crucial part of understanding how to go about the investigation. In my capacity; I would have defined the problem as a complex issue since it involves complaints from the client. Second, I would create a framework for my investigation. This will serve as a roadmap because it will involve interviews from clients who received the concatenated emails. Thirdly, I would draw a conclusion and come up with recommendations. In doing this, I will contemplate the applicable laws and be fair and reasonable to the clients whose information was made public.
KP has no choice by to fix the group and organizational problems the organization is experiencing. Otherwise, it organization shall experience more complex security problems emanating from poor organization. The email breach was occasioned by poor organization and incompetency. It is accepted rule in software development that program should be tested before they are deployed for use. It is baffling how the email codes passed the test criteria. Again, through investigation, it was established that the people working on the project were working independently at some point. Software development requires collaboration among programmers. Collaboration ensures innovative ways of handling problems. To this end, KP should promote teamwork in every project undertaken by the organization.
The leadership of KP should take far reaching actions to deter future email breaches. The first action is to restructure the IT department. This department takes the biggest proportion of blame for the security breach. The restructuring should involve demoting, firing or redeploying incompetent staff. It also involves allocating enough funds for the department to train its members on internet security. The other second option would be to outsource a reputable company to manage the site. The company would monitor the site, fix bugs and conduct regular system audits. System audits are intended to mitigate system malfunctions risks (Champion, 2003).
Champlain, J. J. (2003). Auditing information systems. Hoboken, N.J: John Wiley.