PRIVACY AND SECURITY BREACHES
.docx
keyboard_arrow_up
School
Western Governors University *
*We aren’t endorsed by this school
Course
D190
Subject
Health Science
Date
Jan 9, 2024
Type
docx
Pages
6
Uploaded by DeaconPencilScorpion16
1
PRIVACY AND SECURITY BREACHES
Jessica Davis
Western Governors University Introduction To Healthcare IT System – D190
Task 1
December 5, 2023
2
A1.
As the CPO of WGU Hospital, the first course of action during an information breach is to immediately conduct a risk analysis. This will assist in implementing safeguards and identifying which risks should be made a priority over others. The risk analysis also will allow us to estimate the costs that are associated with the breach.
A2.
1.
The first step of our risk analysis is to scope the analysis. This entails locating any possible threats and/or exposures to the PHI confidentiality.
2.
The second step would be to collect all of the data to review and determine what information was breached.
3.
The third step is to review all information and document any possible threats or vulnerabilities to the breach.
4.
The fourth step is to access the hospitals current security practices and determine whether or not additional security measures are needed. 5.
The fifth step is to review and determine which threats are likely to take place.
6.
The sixth step is to review all the impacts that could possibly occur due to the breach.
7.
The seventh step is to look into the seriousness of the risk. We need to dig into how much of an impact the risk may have on our CE and well as those affected.
8.
The eighth step would be to document all findings and steps taking.
9.
The ninth and final step would be to update the security practice and make any necessary changed so that we can be prepared for a potential future security threat.
A3.
I would recommend updating the administrative safeguard, security management. WGU Hospital should have annual training for all employees on how to properly handle devices used to access PHI. This should include how to avoid hacking and what to do in case a device is stolen. A4.
I would recommend updating the technical safeguard, context-based authentication. The device should not have been accessible during the
3
doctor’s time off the clock. Also, it should not have been left unattended, especially off property grounds. A5.
I would recommend reviewing and updating the physical safeguard, mobile security. The mobile device should have been secured within a designated workstation within the facility while the doctor went on his break. There was no reason the doctor should have taken that device, while
on a break, out of the CE. A6.
In the future, this physician should encrypt his device with password protection to ensure that unauthorized users are unable to get access to the
device. They could also implement a remote wiping or disabling software so
that if the device were stolen, they would be able to clean the device of all information so that PHI would not be at risk. A7.
For this situation, the physician willingly took this device along with him during his break and left it unattended in his vehicle. He could be facing
a Willful Neglect violation that could cost anywhere between $11,904 to $1,785,651 per violation. Criminal penalties can also be imposed for intentional violations, leading to fines and potential imprisonment (HIPAA Journal, 2023). There are four tiers that are used to determine the type of violation:
Tier 1: Lack of Knowledge (offense was done unknowingly and could not have been avoided)
Tier 2: Reasonable Cause (could have been avoided if offender had taken more care)
Tier 3: Willful Neglect (corrected within 30 days)
Tier 4: Willful Neglect (not corrected within 30 days)
Depending on which tier the at-fault falls under will determine the amount of the fine:
Tier 1: $100+ per violation up to $50,000
Tier 2: $1,000+ per violation up to $50,000
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help