z-logo
Premium
When it comes to securing patient health information from breaches, your best medicine is a dose of prevention: A cybersecurity risk assessment checklist
Author(s) -
Blanke Sandra J.,
McGrady Elizabeth
Publication year - 2016
Publication title -
journal of healthcare risk management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.221
H-Index - 16
eISSN - 2040-0861
pISSN - 1074-4797
DOI - 10.1002/jhrm.21230
Subject(s) - health insurance portability and accountability act , data breach , business , checklist , health care , best practice , computer security , risk management , agency (philosophy) , insider , protected health information , insider threat , information security , internet privacy , computer science , confidentiality , hrhis , finance , health policy , psychology , philosophy , management , epistemology , political science , law , economics , cognitive psychology , economic growth
Background Health care stakeholders are concerned about the growing risk of protecting sensitive patient health information from breaches. The Federal Emergency Management Agency (FEMA) has identified cyber attacks as an emerging concern, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) have increased security requirements and are enforcing compliance through stiff financial penalties. Purposes The purpose of this study is to describe health care breaches of protected information, analyze the hazards and vulnerabilities of reported breach cases, and prescribe best practices of managing risk through security controls and countermeasures. Prescriptive findings were used to construct a checklist tool to assess and monitor common risks. Methodology This research uses a case methodology to describe specific examples of the 3 major types of cyber breach hazards: portable device, insider, and physical breaches. We utilize a risk management framework to prescribe preventative actions that organizations can take to assess, analyze, and mitigate these risks. Findings The health care sector has the largest number of reported breaches, with 3 major types: portable device, insider, and physical breaches. Analysis of actual cases indicates security gaps requiring prescriptive fixes based on “best practices.” Practice Implications Our research culminates in a 25‐item checklist that organizations can use to assess existing practices and identify security gaps requiring improvement.

This content is not available in your region!

Continue researching here.

Having issues? You can contact us here