Implementing plan on EHR system

profilefogbankwa
IP3.docx

Healthcare Data Security Plan

Frances Ogbankwa

HCM 690 Healthcare Informatics Capstone

Table of Contents

Introduction 3 Healthcare Data Security Plan 4 Risk Analysis for all Systems 5 Cloud Security Implementation 5 Check Accessibility Performance 5 Third Parties Management 6 Risk Assessment Development 6 Interoperability Challenges 6 Evaluating Vendor Systems 7 Mitigation Strategies with Recovery Plan 7 References 9

Introduction

Taking the seriousness of the condition home is evidence that all aspects of this demanding culture require collecting large amounts of individual data. There is always an opponent ready to develop a strategy and defeat you. Although medical institutions have confidential data, compliance and safety are not usually a priority in this area - their emphasis is on patient care, which must be the case. However, part of this care is to protect the patient's “personally identifiable information” (PII) and “protected health information” (PHI). However, in the end, numerous healthcare professionals and institutions let things get in the way of throwing the dice. The medical forms filled by patients are fertile ground for criminals to capture IDs. Most healthcare consumers are aware of this but still do, believing that their provider has all the right systems in place for protecting their information. If patients lose confidence in the PII and PHI protection techniques, they may lose confidence in the entire service provided by the provider.

Cyberattacks, hacker attacks, and data leaks are increasingly serious problems in the healthcare sector. “In 2019, there were more than 1,500 data breaches and more than 165 million sensitive data in the United States (Clement, 2020). Medical institutions have access to a massive amount of private data, which makes cyber security, privacy and security a preference”.

“The Health Insurance and Liability Act (HIPAA) sets standard privacy policies to secure patients' medical records and other personal health information (PHI). HIPAA offers security policies that are specific to electronic PHI. Healthcare institutions need to comprehend that “healthcare data security” is more than just ``consistency'': it should be the foundation of the hospital's patients' application because it is necessary to maintain consumer confidence and the health of organizations (Mooney, 2019).

Healthcare Data Security Plan

The escalation of electronic medical records (EMRs), together with current leaks in "patients' personal health information" and personal identification information, has emphasized the requirement for online security in clinics. Although EMR security measures have been incorporated into the 1996 Health Insurance Transfer and Liability Act (HIPAA), human error and "our approach will not happen" are factors that hinder real security. HIPAA security policies need special measures for ensuring "confidentiality, integrity and security," such as passwords and PINs, to restrict authorized individuals from accessing patient information. Or encrypt stored data not to be read or comprehended unless someone can "decrypt" it through a special key that is merely accessible to regulated persons. However, the bill does not guarantee that hospital systems or individual practices will not be affected by an ever-changing threatening environment.

The main idea of the network is to divide data according to their importance. Think about the hospital's payment system. Radiology departments need to use X-rays, imaging, and other diagnostic tests, but they do not need to access patients' credit card information unless they send their invoices. It is important to dismantle the network and use policies to restrict the access required for specific operations.

Classification is to classify the request and then assess whether it is accepted. “This stage of protection is more beneficial in preventing workers from accessing identified infected websites, or preventing viruses from scattering across the network, or even preventing them from updating. In many instances, this is the essence and realm of how the NextGen firewall will be easy to access for anyone”. These classifications facilitate content, not web pages, to be blacklisted. This means that the firewall is now learning “how to block or not block your request in a way” that provides a minimum of false positives and frustration to users. Although the Intrusion Detection System (IDS) has only three characters, it is detrimental to the world for hackers. IDS stands for "Intrusion Detection System," as the name implies. The system detects and records any suspicious inbound and outbound patterns and sends alerts. Such techniques are very influential against many attacks because they can detect identified attack trends and provide managers with the key data needed to reduce the recurrence of such attacks in the future.

How do healthcare institutions prevent data leaks and cyberattacks? It first establishes an IT security system approach with a cohesive security mechanism (Brady, 2018). Healthcare institutions must adopt a synchronized and coherent way to protect patients' data securely. Here are five steps that can be taken into consideration when constructing comprehensive data protection and security plan for healthcare patients:

Risk Analysis for all Systems

“Healthcare institutions must comply with HIPAA safety regulations. Operational risk analysis is necessary “to determine when and where security risks exist and their likely effect” on the three main objectives of health information security; confidentiality, honesty, and accessibility of ePHI (Information Security, 2020).

By determining all ePHI-containing systems, organizations will monitor patient information effectively.

Cloud Security Implementation

The Microsoft 365 cloud builds security and enables real-time communication that all healthcare professionals know, communicates with patients, and increases operational efficiency (Williams, 2019). Cloud security enables flexibility and custom control.

Check Accessibility Performance

The organization must decide who has access to programs and systems. Identify careless users and ensure that they receive appropriate training.

Third Parties Management

It is a mistake to think that a third party is responsible for the agency's data. Healthcare institutions will ensure that appropriate security and surveillance controls are in place to ensure IP restrictions, data backup, encryption, etc., to ensure that “there is no risk of data leakage."

Risk Assessment Development

According to HIPAA notification rules, parties must perform a risk assessment to determine the possibility of damage to health information (Fairwarning, 2018). The aim is to determine whether the data breach is the most reported in the Charter. The Agency must ensure that it complies with HIPAA regulations and policies.

Interoperability Challenges

Collaboration is a major issue for decision-makers, patients, and providers. According to (Monica 2017), the following are the four main challenges to achieving real synergy: Developing a standardized approach to identifying patients. By developing standard methods for identifying patients, the organization can ensure that the exchanged medical information is completed accurately and efficiently. Patient matching also needs to be aware of its impact on patient safety and management costs (Monica, 2017). This is still an issue that many healthcare professionals face. Removing the wrong patient's file from the EHR will lead to errors in the patient's care.

The second challenge is implementing standards for information technology interoperability in the healthcare environment. This challenge demonstrates a lack of standards in the provision of health care in many environments. Healthcare is offered in patients' homes and long-term clinics, and too many examples. The third issue is to coordinate stakeholders. To tackle ways to improve interoperability, stakeholders will take initiatives to develop a coherent policy in the industry (Monica, 2017). The fourth, but not the last, is the challenge of blocking information and data sharing. The exchange of information between different medical institutions is becoming increasingly important. Sharing information will improve the quality of patient care. The remaining barriers, such as developing patient identification and improving industry standardization and collaboration, will hinder real collaboration (Monica, 2017).

Evaluating Vendor Systems

The organization needs to evaluate and select the right information technology provider. Suppliers must be individuals who meet the level of support required by large healthcare institutions. Organizations require partners who comprehend the constantly updated new rules, medical devices, and likely threats that come with it. Healthcare providers who comprehend the innovative challenges experienced by the industry will effectively address the changing requirements of institutions – particularly those related to cyber security (Mooney, 2019).

Mitigation Strategies with Recovery Plan

A recovery plan is developed to ensure that patient information is not affected throughout the suspension. According to HIPAA security rules, the federal government requires all organizations to have comprehensive security plans and response plans (Snell, 2018). “The recovery plan will encompass training for different types of disasters as part of a possible risk analysis review." The phases that will be taken when dealing with violations will be; firstly to make a risk analysis, ask what, when and where the problem is, secondly submit a formal complaint to the municipality, report the patient for the third time (within 60 days)), and perform for the fourth time Violations are reported to the US Department of Health and the Ministry of Human Services (Karn, 2020). “Another important part of the recovery plan is to identify if any equipment is lost or stolen. All networks and equipment need to be regularly updated to ensure that strict data security measures are in place”. The risk of cyber security breaches is too high, so making cyber security a priority is important for healthcare institutions.

References

Brady, J. (2018). Five Steps to Developing a Healthcare Information Technology Security Plan. Retrieved from https://www.securitymagazine.com/articles/89315-five-steps-to-developing-a-healthcare-information-technology-security-plan

Clement, J. (2020). Annual Number of Data Breaches and Exposed Records in the United States from 2005 to 1st half of 2020. Retrieved from https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/

Fairwarning (2018). 6 Considerations for Healthcare Organizations Building a Patient Data Privacy and Security Plan. Retrieved from https://www.fairwarning.com/insights/blog/6-considerations-for-healthcare-organizations-building-a-patient-data-privacy-and-security-plan-part-1-of-2

HIPAA Journal (2020). September 2020Healthcare Data Breach Report: 9.7 Million Records Compromised. Retrieved from https://www.hipaajournal.com/category/healthcare-data-security/

Infosec (2020). Security Risk Assessment in Health Care. Retrieved from https://resources.infosecinstitute.com/security-risk-assessment-in-health-care/

Karn, J. (2020). 4 Steps to Mitigate a HIPAA Breach and Other Tips You Need to Know. Retrieved from https://nuemd.com/4-steps-mitigate-hipaa-breach-other-tips-you-need-know

Monica, K (2017). Top 5 Challenges to Achieving Healthcare Interoperability. Retrieved from https://ehrintelligence.com/news/top-5-challenges-to-achieving-healthcare-interoperability

Mooney, R. (2019). The Importance of Healthcare Data Security. Retrieved from https://oliveai.com/the-importance-of-healthcare-data-security