Question

"Protection of patient data has become a critical part of the scope of practice of all healthcare professionals. Routine data breaches underscore the importance of training clinical employees in protecting these data. However, beyond exposure to HIPAA regulations, little is done to educate the healthcare student about the risks and vulnerabilities of the online environment as it pertains to health data" (Swede, Scovetta, & Eugene-Colin, 2018). Search the peer-reviewed literature for examples of this. You may select any topic relating to technology that illustrates the potential for really messing things up. Include, in your description, an analysis of what might have caused the problems and potential solutions to them. Be sure to provide supporting evidence, with citations from the literature. As with the first discussion topic, it is not enough for you to simply create a own posting. You must read the postings of the other members of the class and comment on each of them. Please see Discussion Forum of the class syllabus for additional details on content.

Answer 1

Health organizations should adopt the “three E’s” in developing their patient data security program:

Evaluate: Conduct an appropriate risk analysis to catalog the location of patient data and the security measures in place to protect that data.

Educate: Implement comprehensive and consistent security training for the workforce and user base.

Exercise: Hold simulated cyber incidents to test the organization’s response under controlled conditions.

Step-by-step explanation:

While new technologies promise to transform patient care, they also complicate the task of securing patient data. But patient data will continue to be a lucrative target for cyberattackers. Healthcare providers need to recognize the evolving security challenges in this complex environment.

“Understanding the landscape that you are operating in as an individual organization is key to being prepared. The greater the complexity of the security and data sprawl, the more complex the security data architecture models end up being,” observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association, in a September 2018 HealthITSecurity.com webcast.

“Being prepared and understanding how all of these things are shaping up in your environment is exceedingly important. How you identify and manage your environment is key to being prepared,” he added.

Martinez recommended organizations conduct risk analysis to ensure patient data is secured and HIPAA compliance is met. A full 88 percent of the 42 organizations that have paid fines to the Office for Civil Rights (OCR) failed to conduct a sufficient risk analysis, he noted.

In a May 2018 article, OCR explained that risk analysis is not penetration testing or compliance gap assessment. But risk analysis needs to include an inventory of all information assets used to create, maintain, retrieve, or transmit patient data, as well as the threats, vulnerabilities, likelihood, impact, and controls associated with that data.

“Most organizations have much of this in some form, but they don’t have a cohesive, singular tool or solution that can bring it together and provide a risk analysis picture for the organization,” Martinez said.