J3: Describe 4 ethical issues that arise when storing electronic information about individuals.

Medical records, all dealing with HIPAA.  A patient’s electronic health record usually contains everything and anything dealing with their personal medical history, past/current medical diagnosis, treatments, medications, etc, just in digital format.  Electronic health records (EHR) offer more advantages than paper ones, but also come with more issues and risks.  It is possible to hack these systems containing the records and obtain someone’s personal patient history.  If a patient finds out that the system has been breached and their information has been accessed, their confidence decreases and the ability to trust. 

Some ethical concerns may be privacy and confidentiality.  A patient has the rights that their information will be kept from others and disclosed to those only authorized, unless specifically stated otherwise by the patient.  Information should only be disclosed if the patient grants it, or they are mentally incapacitated, no other guardian to approve, death, unconscious, and etc. It should not be easy for someone to access their information and do whatever with it, like possibly selling it.  That would be unethical.  This information can be shared due to clinical interaction, so nurse and nurse, doctor and doctor, etc. 

Confidentiality is key and should only authorize specific individuals to have information.  This means that certain information should not be available to everyone and anyone at an office.  Access should be based on pre-established roles and privileged, but ONLY information that pertains to carrying out their specific responsibility.

Another ethical issue that arises are security breaches.  Security breaches threated patient privacy when confidential information is available to others without a need to know bases or responsibility.  Those who possibly obtain this information can basically do whatever they wish; sell their information, use it to have personal gain, use their identity, and more. 

EHR’s are meant to be useful because they state all the patients personal medical history past or current.  They are easier to read due to being electronic whereas handwritten copies may be more difficult to read.  When we go in for medical care, we expect to be taken care of and receive the best care; however, if a record is illegible, information can be difficult to translate and care could be less than satisfactory or the wrong thing could be given.  It would be of ethical concern if a doctor/nurse ill-prescribed something due to the fact they were not 100% certain on something they were prescribing or diagnosing.

J1: How does your major relate to cybersecurity technology?

My current major is Psychology. Psychology can encompass many different areas and they all require some level of trust from the doctor, patient, and the technology being used. For instance, being a psychologist or psychiatrist, holding therapy sessions or maintaining online records requires some sort of documentation. In today’s day and age, a majority of medical records are being transferred online. Hard/physical copies come with its own concerns of keeping personal history and data private, just as digital copies do. Having digital copies would require another level of security to ensure the likelihood of being breached stays minimal. The patient is trusting in their doctor that they are able to keep their information private. Later down the road, I do have hopes in getting my Masters in Criminal Psychology, eventually do profiling. Just as cybersecurity protection programs would be good for a clinical setting, they will be crucial in the criminology aspect of things. It will be important to have data stored on these people in a secure place. It would be an issue if this information got leaked or hacked.

Another instance, especially with a pandemic occurring, many appointments or sessions are happening virtually. What happens if the line isn’t secure and someone is able to tap a camera or chat to spy on the appointment? Therapy sessions often contain very personally information, all HIPAA. If these appointments are not kept private, it is a violation. It is important for these companies to have a stable and secure connections to keep information private. Any practice/company can relate to needing some type of cybersecurity program. It is key for them to sit down to map it out and plan for what will be needed and what areas may need tighter security or more layers to it. I would imagine with the medical or personal information, it would be that much more important to keep private information private since we are dealing with lives of other humans.