Assignment: Health Care Organization’s Security Program

Want create site? With you can do it easy.

Assignment: Health Care Organization’s Security Program

Assignment: Health Care Organization’s Security Program

Don't use plagiarized sources. Get Your Custom Essay on
Assignment: Health Care Organization’s Security Program
From $8/Page
Order Essay

The realization of any of the threats discussed in the previous section can cause significant damage to the organization. Resorting to manual operations if the computers are down for days, for example, can lead to organizational chaos. Theft or loss of organizational data can lead to litigation by the individuals harmed by the disclosure of the data and HIPAA violations. Malware can corrupt databases, corruption from which there may be no recovery. The function of the health care organization’s security program is to identify potential threats and implement processes to remove these threats or mitigate their ability to cause damage. The primary challenge of developing an effective security program in a health care organization is balancing the need for security with the cost of security. An organization does not know how to calculate the likelihood that a hacker will cause serious damage, or a backhoe will cut through network cables under the street. The organization may not fully understand the consequences of being without its network for four hours or four days. Hence, it may not be sure how much to spend to remove or reduce the risk. Another challenge is maintaining a satisfactory balance between health care information system security and health care data and information availability. As we saw in Chapter Two, the major purpose of maintaining health information and health records is to facilitate high-quality care for patients. On the one hand, if an organization’s security measures are so stringent that they prevent appropriate access to the health information needed to care for patients, this important purpose is undermined. On the other hand, if the organization allows unrestricted access to all patient-identifiable information to all its employees, the patients’ rights to privacy and confidentiality would certainly be violated and the organization’s IT assets would be at considerable risk. The ONC (2015) publication Guide to Privacy and Security of Electronic Health Information for health care providers includes a chapter describing a seven-step approach for implementing a security management process. The guidance is directed at physician practices or other small health care organizations, and it does not include specific technical solutions. Specific solutions for security protection will be driven by the organization’s overall plan and will be managed by the organizations IT team. Larger organizations must also develop comprehensive security programs and will follow the same basic steps, but it will likely have more internal resources for security than smaller practices. Each step in the ONC security management process for health care providers is listed in the following section.

Step 1: Lead Your Culture, Select Your Team, and Learn This step includes six actions:

1. Designate a security officer, who will be responsible for developing and implementing the security practices to meet HIPAA requirements and ensure the security of PHI.

2. Discuss HIPAA security requirements with your EHR developer to ensure that your system can be implemented to meet the security requirements of HIPAA and Meaningful Use.

3. Consider using a qualified professional to assist with your security risk analysis. The security risk analysis is the opportunity to discover as much as possible about risks and vulnerabilities to health information within the organization.

4. Use tools to preview your security risk analysis. Examples of available tools are listed within Step 3.

5. Refresh your knowledge base of the HIPAA rules.

6. Promote a culture of protecting patient privacy and securing patient information. Make sure to communicate that all members of the organization are responsible for protecting patient information.

Step 2: Document Your Process, Findings, and Actions

Documenting the processes for risk analysis and implementation of safeguards is very important, not to mention a requirement of HIPAA. The following are some examples cited by the ONC of records to retain:

• Policies and procedures

• Completed security checklists (ESET, n.d.)

• Training materials presented to staff members and volunteers and any associated certificates of completion

• Updated business associate (BA) agreements

• Security risk analysis report

• EHR audit logs that show utilization of security features and efforts to monitor users’ actions • Risk management action plan or other documentation that shows appropriate safeguards are in place throughout your organization, implementation timetables, and implementation notes

• Security incident and breach information

Step 3: Review Existing Security of ePHI (Perform Security Risk Analysis)

Risk analysis assesses potential threats and vulnerabilities to the “confi dentiality, integrity and availability” (ONC, 2015, p. 41) of PHI. Several excellent

Table 9.3 Resources for conducting a comprehensive risk analysis

OCR’s Guidance on Risk the HIPAA Rule Analysis Requirements under HIPAA rules http ://www.hhs.gov/hipaa/for-professionals/security/ guidance/final-guidance-risk-analysis/index.html
OCR Security Rule Frequently Asked Questions (FAQs) http://www.hhs.gov/hipaa/for-professionals/faq
ONC SRA (Security Risk Assessment) Tool for small security-risk-assessment practices https://www.healthit.gov/providers-professionals/security-risk-assessment
National Institute of Standards and Technology (NIST) HIPAA Security Rule Toolkit https://scap.nist.gov/hipaa/

government-sponsored guides and toolsets available for conducting a comprehensive risk analysis are listed in Table 9.3 with a corresponding web address. The three basic actions recommended for the organization’s first comprehensive security risk analysis are as follows:

1. Identify where ePHI exists.

2. Identify potential threats and vulnerabilities to ePHI.

3. Identify risks and their associated levels.

Step 4: Develop an Action Plan

As discussed, the HIPAA Security Plan provides flexibility in how to achieve compliance, which allows an organization to take into account its specific needs. The action plan should include five components. Once in place, the plan should be reviewed regularly by the security team, led by the security officer.

1. Administrative safeguards

2. Physical safeguards

3. Technical safeguards

4. Organizational standards

5. Policies and procedures

Table 9.4 lists common examples of vulnerabilities and mitigation strategies that could be employed. Assignment: Health Care Organization’s Security Program

Table 9.4 Common examples of vulnerabilities and mitigation strategies

Security component Examples of vulnerabilities Examples of security mitigation strategies
Administrative safeguards No security officer is designated.

Workforce is not trained or is unaware of privacy and security issues.

Security offers is designed and publicized.

Workforce training begins at hire and is conducted on a regular and frequent basis.

Security risk analysis is performed periodically and when a change occurs in the practice or the technology

Physical safeguards Facility has insufficient locks and other barriers to patient data access.

Computer equipment is easily accessible by the public.

Portable devices are not tracked or not locked up when not in use

Building alarm system are installed.

Offices are locked.

Screens are shielded from secondary viewers.

Technical safeguards Poor controls enable inappropriate access to EHR.

Audit logs are not used enough to monitor users and other HER activities.

No measures are in place to keep electronic patient data from improper changes.

No contingency plan exists.

Electronic exchanges of patient information are not encrypted or otherwise secured.

Secure users’ IDs, passwords and appropriate role-based access are used.

Routine audits of access and changes to EHR are conducted.

Anti-hacking and anti-malware software are installed.

Contingency plans and data backup plans are in place.

Data are encrypted.

Organizational standards No breach notification and associated policies exist.

BA agreements have not been updated in several years.

Regular reviews of agreements are conducted, and updates made accordingly.
Policies and procedures Generic written policies and procedures to ensure HIPAA security compliance were purchased but not followed.

The manager performs ad hoc security measures.

Written policies and procedures are implemented, and staff members are trained.

Security team conducts monthly review of user activities.

Routine updates are made to document security measures.

Did you find apk for android? You can find new and apps.

Calculate the price
Make an order in advance and get the best price
Pages (550 words)
$0.00
*Price with a welcome 20% discount applied.
Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.
We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.
How it works
Receive a 100% original paper that will pass Turnitin from a top essay writing service
step 1
Upload your instructions
Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.
Pro service tips
How to get the most out of your experience with Top Writers 4Me
One writer throughout the entire course
If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.
The same paper from different writers
You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."
Copy of sources used by the writer
Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.
Testimonials
See why 10k+ students have chosen us as their sole writing assistance provider
Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.
Nursing
Excellent writing !! Definitely I will use your services again... Thank you.
Customer 452487, August 22nd, 2021
Nursing
Excellent. Thank you.
Customer 452487, August 26th, 2021
Group Dynamics
Great job. I appreciate it.
Customer 452521, November 22nd, 2021
Nursing
Good job. Thank you
Customer 452487, September 16th, 2021
Nursing
Good job! Thank you
Customer 452487, October 17th, 2021
Mathematics
Job WELL DONE! Thank You very much!!
Customer 452483, July 12th, 2021
Communications
Well done! I thank you very much!
Customer 452483, July 9th, 2021
Psychology
Thank you for all of your help and hard work, truly appreciate you guys always being there with my hectic schedule. Thank you again!
Customer 452483, September 20th, 2021
Psychology
On point! Appreciate all the hard work!!
Customer 452483, August 16th, 2021
Communications
Thank you for your hard work; I enjoyed reading the essay and appreciate your writing.
Customer 452483, July 18th, 2021
Nursing
Excellent job! super recommended.
Customer 452487, August 24th, 2021
Sociology
Thank you so much! Appreciate it!
Customer 452483, November 8th, 2021
1159
Customer reviews in total
96%
Current satisfaction rate
2 pages
Average paper length
47%
Customers referred by a friend
OUR GIFT TO YOU
20% OFF your first order
Use a coupon TOP20 and enjoy expert help with any task at the most affordable price.
Claim my 20% OFF Order in Chat