Honouring Confidentiality
Learn about the importance of protecting confidentiality and the laws regarding it.
We'll cover the following...
Given the scenario below, select the approach that you would choose from the options provided.
Scenario
You are a skilled software engineer working for a healthcare insurance company. Your role involves maintaining and securing vast databases of sensitive patient information.
One day, as you conduct a routine security audit, you find a critical vulnerability in the company’s software system. You know that your company holds sensitive information of thousands of people. If the data is breached, it will expose protected health information (
As you look deeper into the issue, you realize that this vulnerability should have been detected long before. The gravity of the situation dawns upon you. You understand that credit/debit card data or credentials can still be updated or canceled, but the personally identifiable information is not likely to be changed, which makes it even more sensitive information that needs to be secured. So, this vulnerability can potentially result in a catastrophic data breach that could have devastating consequences for patients—their privacy violated, sensitive health information exposed, and the trust in your organization shattered.
One option is to turn a blind eye, hoping the vulnerability goes unnoticed, thereby avoiding immediate consequences. However, you’re aware that this would directly violate
The alternative is to take swift action. You could report the vulnerability to your superiors and work with them to fix it.
What do you do now?
Did you know?
There is a public database known as the “HHS Office for Civil Rights (OCR) Data Breach Portal” that lists the names of healthcare organizations and entities whose data has been breached/compromised. The purpose of this portal is to hold organizations accountable for protecting sensitive patient information, encouraging transparency and ...