Abstract

Healthcare Information Technology (IT) has made great advances over the past few years and while these advances have enable healthcare professionals to provide higher quality healthcare to a larger number of individuals it also provides the criminal element more opportunities to access sensitive information, such as patient protected health information (PHI) and Personal identification Information (PII). Having an Information Assurance (IA) programallows for the protection of information and information systems and ensures the organization is in compliance with all requires regulations, laws and directive is essential. While most organizations have such a policy in place, often it is inadequate to ensure the proper protection to prevent security breaches. The increase of data breaches in the last few years demonstrates the importance of an effective IA program. To ensure an effective IA policy, the policy must manage the operational risk, including identifying risks, assessment and mitigation of identified risks and ongoing monitoring to ensure compliance

Highlights

  • Advances in today’s Healthcare Information Technology have allowed healthcare professionals to become highly connected to the information highway which provides them greater access to patients and their healthcare information

  • Medical ID theft is becoming big business, the World Privacy Forum found that a social security number has a street value of one dollar and a stolen medical identity goes for fifty dollars [4]

  • Senior management has the key responsibility to support and promote the Information Assurance (IA) program to the organization and to ensure that the organization is in compliance with the industry laws and regulations, such as Privacy act, Health Insurance Portability and Accountability Act (HIPAA), etc., because a data breach can be costly for an organization

Read more

Summary

INTRODUCTION

Advances in today’s Healthcare Information Technology have allowed healthcare professionals to become highly connected to the information highway which provides them greater access to patients and their healthcare information. Organizations must ensure that that is a Information Assurance program is in place and that it is adequate enough to address the increased threats to the confidentiality, integrity, and availability of sensitive information, such as patient health information, and stays in compliance with all financial, legal and health care compliance regulations. Kingdom Hospital is a factious hospital that is used for this case study and as a hospital has unique requirements, such as medical devices, wireless devices (tablets, blackberries, etc.), Health Insurance Portability and Accountability Act (HIPAA) and Privacy issues that are not currently being fully met This increases the threat to the confidentiality, integrity, and availability of Kingdom resources and assets, such as electronic protected health information (PHI)

INFORMATION ASSURANCE PROGRAM
ETHICAL AND LAWS IMPLICATIONS
ACCEPTABLE USE
TRAINING AND AWARENESS
RISK MANAGEMENT
CATEGORIZE
SELECT
IMPLEMENT
MONITOR
CASE STUDY
KINGDOM VULNERABILITIES IDENTIFIED
Kingdom Enterprise Network Risks Identified
Kingdom Security Requirements
Kingdom Security Training Policy
Findings
CONCLUSION
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call