This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Workforce

Risk Assessment, Contingency Planning, & Data Recovery Procedures

This essay is written by:

Louis PHD Verified writer

Finished papers: 5822

4.75

Proficient in:

Psychology, English, Economics, Sociology, Management, and Nursing

You can get writing help to write an essay on these topics
100% plagiarism-free

Hire This Writer

Risk Assessment, Contingency Planning, & Data Recovery Procedures

 

In the health sector, the precedence of cases reported for the use of vulnerable portable devices and instances of security challenges lead to the development of security standards termed as electronic Protected Health Information (ePHI), to protect health information. The scenario attracts much compliance of Health and Human Services (HHS) and the “Health insurance Portability and Accountability Act of 1996 (HIPAA)” to address ePHI security protocol, basing principle in information protection (Moatty and Vinet, 2016). The security rule allows the provision of protocols as health information technology advances due to the emergence of new security challenges. In this case, the entities withholding electronic data must implement technical safeguards to reduce the risks associated with ePHI (Kammouh et al., 2017). Further, the security rule upholds the conceptualization of scalability, flexibility and technology neutrality (Kammouh et al., 2017). EPHI covered entities, such as clinics, hospitals and nursing homes, utilizes generalized security measures to expansively and appropriately implement standards and specifications to focus on data security compliance. EPHI data set rules to enable policies and procedures implementation for electronic information systems to sustain access to people or software programs granted the rights to access security measures.

Types of Safeguards

Administrative

The HIPAA security rules undertake an administrative protocol set on policies and procedures to enable the selection, development, implementation and maintenance of security methods not only in healthcare practices but also in activities of other organizations affected by the security rules. Such a concern on HIPAA security enables its enactment to protect electronic health information and help in safeguarding the conduct of the covered organizations under the security rule (Moatty and Vinet, 2016). To maximize on its significance in administrative safeguards, HIPAA upholds its documentation privacy rules. Such a case involves the diverse form of documentation ranging from policies, complaints, procedures and notices reported.

The administrative safeguard ensures the provision of a trained workforce regarding its security procedures and policies, which must be applied through appropriate sanctions against the entity workforce that tries to violate the set policies and procedures (Coffey et al., 2017). Therefore, for a covered entity to implement a periodic assessment of its security measures, it needs to meet the requirements of the security rule.

Physical

Physical safeguards are the “physical, policies, procedures, and measures of protecting the electronic information systems of a covered entity along with related buildings, as well as equipment from environmental and natural hazards, and unauthorized intrusion.” The covered entities are mandated to limit and watch on those accessing information systems and users must be authorized by the relevant authorities to access the systems (Kammouh et al., 2017). The physical aspects also extend to reinforce the implementation of policies that enhance proper usage and access to electronic media and the workstations.

Technical

In Centers for Medicare and Medicaid Services (CMS), technological advancements have increasingly created vulnerabilities in the new challenges facing security systems such as abuse of access to information privileges by insiders. Challenges in health electronic protected information, such as electronic health records, form different external and internal risks. The protocol demands that the protected information is recorded and examined rocedurally to ensure security and avoidance of data alteration or data destruction (Coffey et al., 2017). Such a technical safeguard implementation procedure upholds the standards to represent efficient business operations for technological and technical policies and procedures.

Technological and technical policies, as well as procedures, uphold and safeguard access control, audit control and integrity of stored information. Access control offers the rights and privileges to perform and access functions in utilizing the information systems, programs, applications, or files (Moatty and Vinet, 2016).

Access control restricts user rights and initializes granting privileges to authorizing users based on the management standard rule under the administrative safeguards section of the jurisdiction (Kammouh et al., 2017). An entity enables appropriate access controls to functional workforce members using unique user identifications, emergency access procedures, automatic log-off, encryption and decryption measures (Fernández-Alemán et al. 2013).

Audit control enables hardware implementation, software and procedural mechanisms to examine and record operations in electronic information systems that utilize ePHI. The procession of data in audit reports points to the importance of considering risks in the security rule of an organization to engage organizational factors, technical infrastructure, software and hardware security securities (Coffey et al., 2017). Various audit control protocols authenticate on procession for information structures that contain or utilized ePHI. Therefore, the policy and procedures enacted by audit control enable compliance with the necessitated implementation specifications.

Insincerity exploits the property of information that has not been destroyed or altered in any unauthorized manner. Any instance of improperly destroyed or altered results of clinical information leads to challenges in a covered organization, including issues involving a patient’s safety.  The value of a stored data is intimidated by cases where data is compromised in both non-technical and technical data sources. Organization workforce might intentionally or accidentally destroy or alter ePHI, which renders the resultant health intervention as a failure (Kammouh et al., 2017). Authenticity and integrity of electronically protected health information create the value to the covered entities by ensuring the relevant health data are protected.

Risk/VulnerabilityLikelihood of occurrence (low, med, high)Existing controls in placeProposed mitigation

Measures

Contingency Plan: Which implementation specifications could apply to risk (use # from below, can be one or more)
EXAMPLE:

Staff visiting an unsecured web site and pop-ups getting downloaded, a virus attack leading to a system crash

HIGHAnti-virus

applications

installed on

all desktops

Review Internet usage policy and mandate review by employees

-Pop blockers in place and Software in place to segregate data being erroneously downloaded

1,4,5
Modification of Data transmissionMediumPrivate protected networks provided.Prohibiting data transmission via open networks;5
Data left on other devices (accidental or intentional)MediumUse of flash disks, USBAvoid downloads of        ePHI on portable/remote devices1,2
The use of external devices to access corporate information leads to uncertainty in data access and security.LowEncryption of DataControlling access on the devices with only the relevant individuals allowed to access the data, hence avoiding interference.1,2,5
Theft of the e-PHI devicesLowSecurity; CCTVInstalling trackers on the devices to enhance locating a device in case it is stolen. The CCTV camera would also provide images of the potential theft suspects for easier identification and limit the possibility of theft.1,2,3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

References

Coffey, M., Cohen, R., Faulkner, A., Hannigan, B., Simpson, A., & Barlow, S. (2017). Ordinary risks and accepted fictions: how contrasting and competing priorities work in risk assessment and mental health care planning. Health Expectations20(3), 471-483.

Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of biomedical informatics46(3), 541-562.

Kammouh, O., Dervishaj, G., & Cimellaro, G. P. (2017). Quantitative framework to assess resilience and risk at the country level. ASCE-ASME Journal of risk and uncertainty in engineering systems, part A: civil engineering4(1), 04017033.

Moatty, A., & Vinet, F. (2016). Post-disaster recovery: the challenge of anticipation. In E3S Web of Conferences (Vol. 7, p. 17003). EDP Sciences.

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask