When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist
Autor: | Elizabeth McGrady, Sandra J. Blanke |
---|---|
Rok vydání: | 2016 |
Předmět: |
Health information technology
Best practice 02 engineering and technology Computer security computer.software_genre 020204 information systems 0502 economics and business Health care 0202 electrical engineering electronic engineering information engineering Electronic Health Records Computer Security Health Insurance Portability and Accountability Act Risk Management Emergency management business.industry 05 social sciences Risk management framework General Medicine Security controls United States Checklist business Risk assessment computer 050203 business & management Confidentiality |
Zdroj: | Journal of healthcare risk management : the journal of the American Society for Healthcare Risk Management. 36(1) |
ISSN: | 2040-0861 |
Popis: | Background Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. Purposes The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. Methodology This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. Findings The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on “best practices.” Practice Implications Our research culminates in a 25-item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement. |
Databáze: | OpenAIRE |
Externí odkaz: |