HIM 615 Security Risk Analysis

/0 Comments/in /by

HIM 615 Security Risk Analysis

The purpose of this assignment is to analyze the use of risk assessments and their infliuence within your current or previous organization.

Write a 750-1,000 word paper that includes the following criteria:

Describe the top three internal and top three external risks currently threating PHI data within your selected organization.

Explain how risk assessments are conducted within the organization.

Discuss who conducts these assessments and with what frequency.

How do these assessments mitigate the risks you have identified?

Analysis of Security Risks

Data analysis and informatics have made significant contributions to the improvement of patient care and outcomes. Acquiring and storing patient data has resulted in the creation of useful information databases that authorized care experts can easily access to make health decisions and develop an appropriate care plan. Because of the sensitivity of patient data, the Health Insurance Portability and Accountability Act designates certain patient data and electronic health records as protected health information (Cohen & Mello). Various threats to the security of such data have existed over the years, some of which are external threats and others are internal threats. While some data security breaches are the result of internal employees’ curiosity, others could be for serious criminal purposes, financial gain, or retaliation by a disgruntled employee. This paper will examine the protected health information security analysis, identifying some of the internal and external risks that are currently threatening an organization’s PHI data. Furthermore, risk assessments will be discussed, with a focus on how risk assessments are conducted, who conducts the assessments, and how the assessments aid in risk mitigation.

Describe the top three internal and top three external risks to PHI data that are currently in play.

As previously stated, risks to the security of private health data can be both internal and external. According to recent studies, internal security risks outnumber external security risks, accounting for 58% of total threats and breaches. One of the internal risks is social engineering, in which an employee is duped into revealing sensitive information under false pretenses. The employee then divulges sensitive and confidential HPI. The other threat is employee negligence, which occurs when a device containing various HPIs, such as a USB, is lost. The third risk is employees on the move who intend to leave the organization, stealing some patient information and sharing it with other providers. Malware and phishing attacks, ransomware attacks, and the threat from vendors who work with the organization and end up accessing PHI unauthorizedly are all examples of external security risks.

Describe how risk assessments are carried out within the organization.

The reality of internal and external threats to PHI data necessitates proper security risk management.
Furthermore, appropriate risk assessment plans should be put in place for successful security risk management in order to assess the threat’s severity as well as potential risk. Risk assessment in the organization has been carried out in accordance with the standards recommended by the National Institute of Standards and Technology. In this method, the organization assesses risks in nine distinct steps (Ayatollahi & Shagerdi, 2017). The first stage entails characterization of the system, followed by threat identification. The next step is to identify vulnerabilities and analyze control mechanisms.
The likelihood is then determined, followed by an analysis of potential consequences. Risk assessment comes next, followed by control recommendations and, finally, results documentation.

Discuss who will perform these assessments and how frequently they will be performed.

Carrying out risk assessments necessitates the use of qualified personnel who can carry out the exercise in such a way that the objectives are met. Even if a proactive risk management system is implemented, it may be difficult to mitigate and prevent risks without properly training the responsible employees. The risk manager is one of the people who help conduct the risk assessment. The organization’s risk manager has extensive experience dealing with a wide range of risks, including threats to health and private information. Among the risk manager’s competencies is the identification and evaluation of risks to aid in the reduction of the risk of the risks occurring. The manager is the other person involved in the risk assessment because he or she helps to coordinate all of the steps involved in the risk assessment process.
The next person who took part in the risk assessment process is the IT management technician, who provides the technical expertise required throughout the risk assessment process. The risk assessment is usually performed once a year to ensure that data breaches are kept to a minimum.

How Do These Assessments Help to Reduce the Risks You’ve Identified?

Potential health private information risks can be mitigated thanks to the risk assessment process—the assessment method used in the organization aids in mitigating both external and internal threats. The risk assessment process identifies weak links that can lead to social engineering and, with the assistance of the organization’s IT team, such links are eliminated, thereby protecting the organization from social engineering. The assessment effectively evaluates the possible causes of employee negligence, which can lead to employees sharing HPI with unauthorized individuals, to ensure that the employees are given appropriate training to help them deal with the risk (Ayatollahi & Shagerdi, 2017). Proper safeguards are also put in place in advance to ensure that departing employees do not have the opportunity to copy the patient’s HPI and transfer it elsewhere. The assessment also aids in the reduction of external risks.
For example, the assessment aids in identifying potential system weak points that may be vulnerable to malware and phishing attacks, thereby strengthening them to prevent HPI attacks via such points.

Conclusion

Health private information is an important aspect of patient data that must be protected in order to meet the standards of integrity and confidentiality. One method of fostering such security is to conduct thorough risk assessments, which aid in identifying potential risks and mitigating them. Furthermore, qualified personnel are essential for a successful risk assessment method.

RUBRIC

Security Risk Analysis – Rubric

No of Criteria: 9 Achievement Levels: 5

Criteria

Achievement Levels

DescriptionPercentage

Unsatisfactory

0.00 %

Less than Satisfactory

74.00 %

Satisfactory

79.00 %

Good

87.00 %

Excellent

100.00 %

Content

70.0

 

Internal and External Risks

20.0

A description of three internal and three external risks threatening PHI data is not included.

A description of one internal and one external risks threatening PHI data is included.

A description of two internal and two external risks threatening PHI data is included.

A description of three internal and three external risks threatening PHI data is complete and includes supporting detail.

A description of three internal and three external risks threatening PHI data is extremely thorough and includes supporting detail.

Risk Assessment Implementation

20.0

An explanation of how risk assessments are conducted is not included.

An explanation of how risk assessments are conducted is incomplete or incorrect.

An explanation of how risk assessments are conducted is included but lacks supporting detail.

An explanation of how risk assessments are conducted is complete and includes supporting detail.

An explanation of how risk assessments are conducted is extremely thorough and includes supporting detail.

Personnel Involved in Risk Assessment

20.0

A description of who is responsible for conducting risk assessments is not included.

A description of who is responsible for conducting risk assessments is incomplete or incorrect.

A description of who is responsible for conducting risk assessments is included but lacks supporting detail.

A description of who is responsible for conducting risk assessments is complete and includes supporting detail.

A description of who is responsible for conducting risk assessments is extremely thorough and includes supporting detail.

Decrease in Risk

10.0

A description of how risk assessments mitigate the risks identified is not included.

A description of how risk assessments mitigate the risks identified is incomplete or incorrect.

A description of how risk assessments mitigate the risks identified is included but lacks supporting detail.

A description of how risk assessments mitigate the risks identified is complete and includes supporting detail.

A description of how risk assessments mitigate the risks identified is extremely thorough and includes supporting detail.

Format

10.0

 

Paper Format (use of appropriate style for the major and assignment)

5.0

Template is not used appropriately or documentation format is rarely followed correctly.

Appropriate template is used, but some elements are missing or mistaken. A lack of control with formatting is apparent.

Appropriate template is used. Formatting is correct, although some minor errors may be present.

Appropriate template is fully used. There are virtually no errors in formatting style.

All format elements are correct.

Documentation of Sources (citations, footnotes, references, bibliography, etc., as appropriate to assignment and style)

5.0

Sources are not documented.

Documentation of sources is inconsistent or incorrect, as appropriate to assignment and style, with numerous formatting errors.

Sources are documented, as appropriate to assignment and style, although some formatting errors may be present.

Sources are documented, as appropriate to assignment and style, and format is mostly correct.

Sources are completely and correctly documented, as appropriate to assignment and style, and format is free of error.

Organization and Effectiveness

20.0

 

Thesis Development and Purpose

7.0

Paper lacks any discernible overall purpose or organizing claim.

Thesis is insufficiently developed or vague. Purpose is not clear.

Thesis is apparent and appropriate to purpose.

Thesis is clear and forecasts the development of the paper. Thesis is descriptive and reflective of the arguments and appropriate to the purpose.

Thesis is comprehensive and contains the essence of the paper. Thesis statement makes the purpose of the paper clear.

Argument Logic and Construction

8.0

Statement of purpose is not justified by the conclusion. The conclusion does not support the claim made. Argument is incoherent and uses noncredible sources.

Sufficient justification of claims is lacking. Argument lacks consistent unity. There are obvious flaws in the logic. Some sources have questionable credibility.

Argument is orderly, but may have a few inconsistencies. The argument presents minimal justification of claims. Argument logically, but not thoroughly, supports the purpose. Sources used are credible. Introduction and conclusion bracket the thesis.

Argument shows logical progressions. Techniques of argumentation are evident. There is a smooth progression of claims from introduction to conclusion. Most sources are authoritative.

Clear and convincing argument that presents a persuasive claim in a distinctive and compelling manner. All sources are authoritative.

Mechanics of Writing (includes spelling, punctuation, grammar, language use)

5.0

Surface errors are pervasive enough that they impede communication of meaning. Inappropriate word choice or sentence construction is used.

Surface errors are pervasive enough that they impede communication of meaning. Inappropriate word choice or sentence construction is used.

Some mechanical errors or typos are present, but they are not overly distracting to the reader. Correct and varied sentence structure and audience-appropriate language are employed.

Prose is largely free of mechanical errors, although a few may be present. The writer uses a variety of effective sentence structures and figures of speech.

Writer is clearly in command of standard, written, academic English.

Total Percentage  100

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *