HIM 615 security risk analysis

Sample Answer for HIM 615 security risk analysis Included After Question

The purpose of this assignment is to analyze the use of risk assessments and their infiuence within your current or previous organization.
Write a 750-1,000 word paper that includes the following criteria:

1. Describe the top three internal and top three external risks currently threating PHI data within your selected
   organization.
2. Explain how risk assessments are conducted within the organization.
3. Discuss who conducts these assessments and with what frequency.
4. How do these assessments mitigate the risks you have identifed?
   Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success
   Center.
   This assignment uses a rubric. Review the rubric prior to beginning the assignment to become familiar with the
   expectations for successful completion.
   You are required to submit this assignment to LopesWrite. A link to the LopesWrite Technical Support Articles is
   located in Class Resources if you need assistance.

A Sample Answer For the Assignment: HIM 615 security risk analysis

Title:  HIM 615 security risk analysis

Protected Health Information (PHI) refers to any form of data or information on health status. PHI may also be defined as the medical histories, demographic information, laboratory outcomes, personal health information, and insurance information collected by healthcare professionals to enhance an individual’s identity and establish appropriate care. PHI is essential for research and clinical scientists when it comes to the studies of health and healthcare trends. PHI can also be applied to develop value-based care programs in the delivery of quality care. Some of the patient’s information considered PHI protected include health plan beneficiary number, medical record number, and social security number (Chernyshev et al., 2019). Due to this sensitive information, PHI is often faced with a lot of threats that arise both internally and externally. The purpose of this paper is to discuss the top three external and internal risks currently threatening PHI data within Arnold Palmer Hospital for Children. 

Top Three Internal and Top Three External Risks Currently Threating PHI Data

Authorized access to PHI data is one of the internal threats that Arnold Palmer Hospital for Children currently faces. Employees may have unauthorized access to PHI data for varied reasons. Unauthorized acquired PHI data/information can be used as retaliation by the discontented workers. These data may also be used for financial gains. Some of the reasons for unauthorized access to PHI data may include curiosity, criminal intent, demanding ransom, etc. The use of Unauthorized devices is among the top three internal threats that impact PHI data. Portable devices such as USB and mobile devices can be easily used to transfer data from the company or healthcare institution (Yeng et al., 2019). Arnold Palmer Hospital for Children has recorded some incidences where employees transfer data from the organization to outside sources. Finally, Shadow IT is among the top three internal threats to PHI data/information; the practice involves the application of unauthorized third-party software.

The top three external threats to PHI data in Arnold Palmer Hospital for Children include social engineering often applied to deceive employees or other stakeholders into giving out information, Sabotage by individuals, and hacking by individuals. The most common form of social engineering in the hospital is the use of phishing emails, whereby an email is sent to an individual employee with the sole objective of obtaining information. Individual sabotage often includes activities such as distribution of malware, compromising of networks, and denial of service attacks. Finally, hacking often involves the exploitation of vulnerabilities such as the presence of improperly configured software and lack of system security.  

How Risk Assessments Are Conducted In Arnold Palmer Hospital for Children

The risk assessment involves five major stages that have to be followed or considered to ensure effective/proper outcomes. The first step involves the determination of the PHI that an organization has access to and where the e-PHI is kept/stored in the organization. The first stage also involves the determination of different approaches or devices used in the transmission of data (Jiang & Bai, 2019). The second step involves the assessment of current security measures, including software and the general programs that may be prone to attacks. The third step often involves the identification of where the organization is vulnerable and the probability of threats occurring. Besides, there is always an analysis of possible gaps that can be exploited within the organization’s system. The fourth step involves the determination of evaluation of the levels of risks; this is possible through the evaluation of the likelihood of all the threats and the effects/impacts on the system. The final step involves the documentation of all the processes and procedures above. 

Discuss Who Conducts These Assessments and With What Frequency

Undertaking assessment on the system security requires experts in information and communication technology. In Arnold Palmer Hospital for Children hospital, the assessments are always done by system analysis in collaboration with data managers, computer experts, programs developers, and expert security analysis, whose main work is to determine and avert possible vulnerabilities in the system constantly. The security analysis/assessment may also be done in collaboration with the system vendors. In Arnold Palmer Hospital for Children, the security assessment is done frequently due to constant internal and external threats. There are automated security apparatus that constantly analyze possible vulnerabilities and any form of attack on the system.

How Assessments Mitigate the Risks Identified

The assessment is necessary for revealing the risks and possible vulnerabilities in the systems. Besides, through these assessments, system analysts are able to identify the gaps that hackers, both internal and external, can exploit to gain access to the system and compromise information. Also, through risk assessments, one is able to determine possible unauthorized devices linked into the system; appropriate measures can therefore be undertaken to reduce or mitigate the gaps created by these devices. Finally, through security assessment, system analysts are able to identify possible threats caused by unauthorized access to the PHID data or information. 

Conclusion

Protected Health Information (PHI) refers to any form of data or information on health status. PHI may also be defined as the medical histories, demographic information, laboratory outcomes, personal health information, and insurance information collected by healthcare professionals to enhance an individual’s identity and establish appropriate care. Authorized access to PHI data is one of the internal threats that Arnold Palmer Hospital for Children currently faces. The top three external threats to PHI data in Arnold Palmer Hospital for Children include social engineering often applied to deceive employees or other stakeholders into giving out information, Sabotage by individuals, and hacking by individuals. 

References

Chernyshev, M., Zeadally, S., & Baig, Z. (2019). Healthcare data breaches: Implications for digital forensic readiness. Journal of medical systems, 43(1), 1-12. https://link.springer.com/article/10.1007/s10916-018-1123-2

Jiang, J. X., & Bai, G. (2019). Evaluation of causes of protected health information breaches. JAMA internal medicine, 179(2), 265-267. https://jamanetwork.com/journals/jamainternalmedicine/article-abstract/2715158

Yeng, P., Yang, B., & Snekkenes, E. (2019, July). Observational Measures for Effective Profiling of Healthcare Staffs’ Security Practices. In 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC) (Vol. 2, pp. 397-404). IEEE. https://ieeexplore.ieee.org/abstract/document/8754403