Sign In
Not register? Register Now!
Essay Available:
Pages:
3 pages/β‰ˆ825 words
Sources:
4 Sources
Style:
APA
Subject:
IT & Computer Science
Type:
Case Study
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 18.23
Topic:

Case Study 2 (Security Controls) Security Management. (AHIMA)

Case Study Instructions:

The American Health Information Management Association (AHIMA), a professional association for health professionals involved in health information management, recently released 16 steps to creating a plan for cybersecurity attacks. They are listed below:
Conduct a risk analysis of all applications and systems. Any and all information, applications and systems stored by your healthcare organization could be compromised and must be addressed by your cybersecurity risk assessment.
Recognize record retention as a cybersecurity issue.
Patch vulnerable systems.
Deploy advanced security endpoint solutions that provide more effective protections than standard antivirus tools.
Encrypt any work stations, laptops, smartphones, tablets, and portable media and backup tapes.
Improve identity and access management. Policies to achieve this could include password standards, locking users out of systems after failed login attempts, using two factor authentication, restricting concurrent logins, implementing time-of-day restrictions and education.
Refine web filtering (block bad traffic).
Implement mobile device management.
Develop an incident response capability. You can do this by creating cybersecurity attack plans, educating a data breach plan and conducting drills.
Monitor audit logs to selected systems.
Leverage existing security tools like Intrusion Prevention/Detection Systems.
Evaluate current and potential business associates (per the HIPAA Security Rule).
Improve tools and conduct an internal phishing campaign to teach employees what “red flags” are in emails.
Have an outside cybersecurity firm execute technical and non-technical evaluations.
Apply a ‘Defense is Depth’ strategy. Review access control protocols, evaluate security policies to make sure they incorporate current cybersecurity best practices, review audit logs regularly, consider your healthcare entity’s cybersecurity attack response capabilities and conduct desktop drills.
Detect and prevent intrusion. Monitor your hospital network for nefarious activities with anomaly detection or signature-based methods. Intrusion detection systems can make reports and give trends that could indicate a cybersecurity attack or breach.
Based on the HIPPA security controls identified from the assigned readings, select 2 security controls for each of the 16 steps listed above. Provide a brief rationale how these controls reduce risk.

Case Study Sample Content Preview:

Security Controls
Student
Institution
Course
Date
Security Controls
STEP

Security Control Measure

1

Security Management
Identification of the relevant information systems that has EPHI including all the hardware and software used to collect, store, transmit or process the health information. At this step all business functions and ownerships should be verified and the information systems controlled. (Cheng, 2016).
Implementation of a risk management strategy which entails sufficient security measures to mitigate risk and vulnerability. It should ensure integrity, confidentiality and availability of all the health information.

2

Access Control: This control foresees the adoption of technical procedures and policies for the information systems that maintain electronic health records. These records contain patients’ information, and monitoring ensures that only authorized persons and software applications can access the information.
Implement integrity control strategies and steps that protect electronic health information from destruction or alteration.

3

Use of testing control to helps in preventing employees from having wrongful access. Governance, risk, and compliance software is used to assign access levels to users and conducts a test to find out a person who might have additional unauthorized information access.
Use of training software to ensure that all employees complete their training on how to protect electronic health information from unauthorized persons and learn how to protect the vulnerable systems (Cheng & Hung,2017).

4

Work station use: Implementation of policies and procedures that the right functions to be carried out, how the tasks are to be performed, and the physical features surrounding a specific workshop or the workstation that has access to the protected medical information.
Workstation security: Providing physical security to all workstations that have access to the protected health information to limit access to allowed users.

5

Identify all methods that can be used for authentication. It ensures that a person is as claimed.
Implantation of a mechanism that can encrypt EPHI and an integrity control measure should be implemented.

6

Separate healthcare clearinghouse if it is part of the larger organization in a healthcare. The clearing house should ensure unauthorized persons does access the EPHI
Implantation of strategies and procedures for permitting access to the EPHI. It should give ways of access will be given to employees in the organization.

7

Access control: This controls foresee the adoption of technical procedures and policies for the information systems that maintain electronic health records. These records contain patients' information and control ensure that only authorized persons and software applications can access the information (Geffert, 2014).

8

Developing and implanting procedures for mobile phone reuse or any electronic device
Ensuring that each individual is ...
Updated on
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Order

πŸ‘€ Other Visitors are Viewing These APA Case Study Samples:

HIRE A WRITER FROM $11.95 / PAGE
ORDER WITH 15% DISCOUNT!
Order Now