Risk Analysis and Security
From Clinfowiki
Revision as of 05:21, 27 January 2015 by Lisa.Briones (Talk | contribs)
Overview
As electronic patient data is being shared outside of the healthcare organizations there are unique challenges being encountered. Additional security controls are being implemented because of the changing environment to a more complex information sharing arrangement. This has prompted many security surveys in an effort to identify the risks as organizations convert to electronic patient data. Some components noted are external threats, internal threats, risks to confidentiality of patient data, compliance requirements, effectiveness of security controls, evaluation of policies and procedures, risks to integrity of patient data, risks to availability of patient data, and new opportunities to improve security.[1]
- Risk Analysis and Requirements
- What is Risk Analysis?
- “§164.308(a)(8), Evaluation, which states that organizations must “Perform a periodic technical and nontechnical evaluation, based initially upon the standards and implemented under this rule and subsequently, in response to environmental or operational changes affecting the security of electronic protected health information, that establishes the extent to which an entity’s security policies and procedures meet the requirements of this subpart.”[2]
- Security Governance
- When analyzing a system for security standards the certification and accreditation begins. The “CIA TRIAD” model is used as a guideline during system reassessment. The National Institute of Standards and Technology defines CIA as Confidentiality, Integrity, and Availability. They are defined below:
References
- ↑ www.himss.org 2008 HIMSS Security Survey sponsored by Booz/Allen/Hamilton
- ↑ 2.0 2.1 AHIMA. "Security Risk Analysis and Management: An Overview (Updated)." Journal of AHIMA 84, no.11 (November–December 2013): expanded web version.http://library.ahima.org/xpedio/idcplg?IdcService=GET_HIGHLIGHT_INFO&QueryText=%28risk+analysis+and+security%29%3Cand%3E%28xPublishSite%3Csubstring%3E%60BoK%60%29&SortField=xPubDate&SortOrder=Desc&dDocName=bok1_050533&HighlightType=HtmlHighlight&dWebExtension=hcsp
- ↑ AHIMA. "The 10 Security Domains (Updated 2013)." Journal of AHIMA 84, no.10 (October 2013): expanded web version.http://library.ahima.org/xpedio/idcplg?IdcService=GET_HIGHLIGHT_INFO&QueryText=%28risk+analysis+and+security%29%3Cand%3E%28xPublishSite%3Csubstring%3E%60BoK%60%29&SortField=xPubDate&SortOrder=Desc&dDocName=bok1_050430&HighlightType=HtmlHighlight&dWebExtension=hcsp