CSEC630 Team Assig met iTrust

The primary purpose of this Risk assessment report is to identify the threats and vulnerabilities that are possible in an IT system domain called Electronic Medical Record (EMR) throughout its lifecycle. The Risk Assessment plan is needed for this Fictional Enterprise (Medco) as this uses the automated information to deal with the patient records and to process this information with the patient record for better use of their mission, risk management plan plays an important role in protecting the organization’s information assets. This report will provide the detailed summary of possible

The advancement in technology has rapidly transformed the world today, and the increase in the number of web-enabled devices has completely changed peoples ' lives especially the way they communicate. Electronic Health Record system, which is a digital copy of a patient’s medical history is one of the revolutionary ideas that have come with this advancement. Electronic Health Records (EHRs) are instantaneously updating records that are patient-centered designed with the aim of providing real-time information to the authorized users (Cohen, 2010). It contains all the patient’s information that is in the hand of the medical providers including their medical history, treatment dates and types, immunizations conducted to the patient and their dates, radiology images and all the laboratory results from the tests conducted in the past. All this information is held in a digital format and can only be updated by authorized users who are stationed in the medical facilities. Electronic records are designed to make it easy for different health providers and organizations to share patients’ information which streamlines their operations since all the necessary information and history can be accessed from any location at any time.

Ultimately, the software, equipment and cloud solutions the companies and vendors provide will have to demonstrate a high quality of security and reliability. Patients’ private medical data as well as their lives are at risk in this new arena of technology.

Health information is a fundamental piece of data which represents a person, business, organization, or a community. This data is vital in monitoring and coordination of care for individuals and communities. It not only monitors and coordinates patient care, but reduces costly mistakes and prevent duplication of treatments as well as taking a pivotal role in preserving, securing, and protecting personal health information. Since, this information is extremely essential and sensitive, it must remain secure and safe to prevent frauds and cyber-attacks. First of all, this paper discusses vitality of the health information in regards to individuals, professionals, and organizations along with its benefits to improve overall quality of life. Secondly, it discusses the role of information technology in various aspects of the industry and the what the future holds within IT.

There is no doubt in that technology has multifaceted benefits but, at the same time, it has forced mankind to feel insecure. Every industry depends upon the data of the customers and the health industry is no more an exception here. The data of each patient is shared to facilitate health itself and for more rigorous and authentic research. Hence, protecting patient data is very important. It is so important that in 1996, the federal government introduced the Health Insurance

Modern communications capabilities open up a world of possibilities for all types of medical practices to develop deeper connections with their patients and to manage health care remotely. The HIPAA Privacy Rule gives patients the right to obtain copies of their medical records, treatments and protected health information or PHI. These requirements go further if medical providers want to receive reimbursement from Medicare and Medicaid -- patients must be able to access their records online, download copies and transmit the information to third-party providers. Most medical practices are finding it necessary to develop patient portals where patients and physicians can interact, share information and perform important functions such as practices billing patients and accepting payments online. HIPAA 's rules require that these patient portals have strong security and privacy protections to prevent unauthorized access of these confidential PHI records.

Hospitals have put in place widespread security and privacy measures to protect patient health information. However, there are still errors being made in data security through the IT standpoint. Some of these errors or issues include:

In a large service-related Healthcare organization with the staff to patient ratio approximately 1:100, there is a greater threat by technology of breaching security records. Medical records include information about ones physical and mental being. They may contain information about ones relationship with family members, sexual behavior, drug or alcohol problems and HIV status ( Burke & Weill, 2005). The confidentiality is threatened when the medical records information is put on the Internet, by use of telemedicine, and by the use of e-mail by healthcare workers. Although this is the fastest way to store and share

Another downfall or disadvantage of using this software is the concerns of client’s security. Most individuals think a disadvantage would be the security vulnerability for the client’s medical records. The ultimate concern is that hackers are still out there and may steal client’s personal information and possible compromise their identity. It does not matter how many password encryptions, security features added, and firewalls are put up, hackers can get in there. However, there are also companies that specialize in security measures for the maintenance of Electronic Health Records software.

The electronic protected health information (ePHI) gets electronically stored and collected in hard copy form as they secure the information. According to the U.S. Department of health and Human Service Office for Civil Rights (OCR) report, millions of people have been impacted by HIPAA data breaches. Hence, healthcare organizations must protect and secure personal health data now more than ever because of the threats that are associated with information. This would substantially increase the protection of healthcare from cyber threats. Moreover, these people are extremely diverse and the cleverness of their data information must be organized within hospitals. Medical records are in high demand because of the sophistication of the records.

Introduction: Technology is a constantly changing and evolving field. Those changes can be used to make the lives of people easier in every single way. With the creation of computers and the internet we have been applying technological changes in the health care world for years now. Patients can access their records with a few swipes at their keyboard and share records with other providers. In addition, providers can share reports with each other just as easily.

In today’s society, medical records becomes a huge issue. In many organizations such as healthcare, patient confidentiality becomes a high concern. Having internet health services, creates a challenge for compliance in healthcare. Providers have treated application security and infrastructure security independently until now. Access must be secured for clinical applications to alleviate the concern from providers in healthcare. Therefore, IT infrastructure must be protected from hackers, misusing information as well as thieves. (FairWarning, n.d.)

It is critical now more than ever, due to the lack sufficient security, to protect patient data in the healthcare industry. Therefore, in order to accomplish this goal, investigation into the possible causes of inadequate security as well as the other causes of healthcare breaches and cyber-threats must be explored. Without this analysis, patient data will continue to be compromised, which will cause devastating damage to both patients and healthcare organizations. From the extensive research on the outbreak of healthcare data breaches, the major factors that contribute to the increase of this issue were discovered. By thorough analysis of these factors, useful solutions will be developed to decrease the compromise of patient data as well as healthcare organizations implementing better security measures.

In recent years, healthcare sector plays a significant role in the society where the high quality of facilities, services and care are provided to expedite the performance of the system. Unfortunately, the security issues are considered risk due to lower system performance and technology that have being implemented in the healthcare application. Hence, the information and data are not being able to share among other organisations boundaries where leading to the less productive of work and decrease the acceleration of process.

Information security and privacy is occupying a most important role in the healthcare territory in order to deliver protected information process to their patients (Appari, & Johnson, 2010). As healthcare department is the organization with vast data and essential information the hospitals has to keep a useful information security technique in their enterprise process (Mishra et al., 2011). Information security is one such phase in the healthcare sphere which is extremely problematic to describe and evaluate even to the individuals who are working on the process. In the healthcare organization, information is of many types which required for the work and even the security is a main control for almost all the practices which are transmitted out in the healthcare field (Appari, & Johnson, 2010). Hospitals, in specific, have been instructed to create a new set of security specialists to protect healthcare data tools techniques upon which exists may rely. Healthcare data is very critical for patients because it is very confidential records. If a medical apparatus is filled with a computer virus it can even exemplify a possibility to patients ' lives. Hence, hospitals should design alertness of the risk, to defend against concerns to healthcare databanks and be concerned about the high risk of infected computers or medical tools being connected to their networks (Mishra et al., 2011).