University of Delaware Risk Based Approach in Scope of Cybersecurity Threats Essay
NOTE: We do not resell pre-written papers. Upon ordering a paper, we custom-write an original paper exclusively for you. Please proceed and order an original paper to enjoy top grades.
Order a Similar Paper
Order a Different Paper
Response 1 to discussion post below:
Medical records usually contains the medical history of a patient and some demographic information like age, address, sex, social security number etc. Patients trust their doctors and provide some confidential information to their doctors. So protecting the privacy of patient information is vital to the physician and patient relationship. “The Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) codified requirements for covered entities and their business associates to protect patients’ health information.” (Medical Records: Protecting Patient Confidentiality). Previously health care workers used to have easy access to paper records of the patient and after the conversion of records to electronic format accessing them also became easy. So, we need to safeguard this information from access by the unauthorized personnel.
As part of the investigation I will check if the hospital is using health records in the form of papers or electronic format. If the records are still on papers, I will conduct an audit of the people who accessed the room where the records were stored. I will make sure that any unsed medical paper records are shredded away safely. If the records are in Electronic format I will check the user id’s used to access the records stored in databases or the portal and whether they are authorized to search for those particular records. I will create an access level appropriate to the department so that a doctor in one particular department cannot access data of a patient in other department. I will setup a monitoring system to audit the logs and report any inappropriate activity. This will help to identify any abnormal activity and can help to calculate how much time an user is spending on a particular record and if he or she is forwarding to any email etc. I will setup a stricter password policy and provide training to the members of the hospital on how to keep the data secure and the consequences of any leak of information.
Response 2 to discussion post below:
For officially starting the investigation, it is first necessary to know about the job roles and duties of that specific employee. The next thing is to consider the resources he can access in the organization including the network, or database, etc. There is also a possibility of that employee in the involvement of disaster recovery team, and incident response action plan. In this situation, selling patient records to online pharmacies make sense (Taylor, 2019, p. 1.). The investigation made in this situation should be more involved about access rights and privileges of employees rather than investigating the privacy policies of the company. The information kept for the medical facility should be evaluated, and highlight the possible information facts which can be interesting for the pharmaceutical companies.