Security Risks And Risk Management

1267 Words6 Pages
EHEALTH SECURITY RISK MANAGEMENT Abstract Protecting the data related to health sector, business organizations, information technology, etc. is highly essential as they are subject to various threats and hazards periodically. In order to provide security, the information has to adapt to certain risk analysis and management techniques which has to be done dynamically with the changes in environment. This paper briefly describes about analyzing the security risks and risk management processes to be followed for electronic health records to ensure privacy and security. Overview of Security Risk Management: The data present in the Electronic Health Records that are recorded, maintained or transmitted by the third party devices and so, must be…show more content…
Further, privacy and security are like chronic diseases that require treatment, continuous monitoring and evaluation, and periodic adjustment. According to HIPAA, the required implementation specification for risk analysis requires a covered entity to, “conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity.” The process of risk analysis consists of 9 steps: Step 1. System Characterization: Initially system characterization is required to accelerate the process of risk analysis. Through this process, the information that is needed to be protected is identified. Some of the examples of applications include Electronic health records, Laboratory information system, and pharmacy system. The general support systems consist of computers, laptops, smartphones, email, etc. which are used in the organization to support various applications. The risk analysis should stress upon systems that have more effect on healthcare operations Step 2. Threat Identification: The next step is to identify threats. Threats can be of anything from earthquakes and tornadoes to human errors, carelessness, hacking, hardware failure, power outage, etc. Identifying all the threats is not necessary but it is important to identify the regular
Open Document