/dq/media/agency_attachments/UPxQAOdkwhCk8EYzqyvs.png)
Follow Us/dq/media/post_banners/wp-content/uploads/2015/02/Biotechnology.jpg)
Healthcare information technology is on the brink of a paradigm shift on account of an increase in media interest and public scrutiny and as a result cybersecurity recently has become source of a major concern in the healthcare industry. All aspects of cybersecurity, risks and risk management were covered in An Approach Paper on Cyber Risk Management in Healthcare Part 1, Part 2 and Part 3. Lets us now take a look at the importance of patient data confidentiality in conclusion of the four part series of the paper.
Summary, Conclusions, and Recommendations
The goal of this Paper is to share knowledge about risk management with the day-to-day practitioners, equip them with the tools to use on the job, and make them better managers in risk assessment and documentation. We also, hope to instill confidence to use these techniques.
The challenge is to introduce new concepts by using a holistic approach to managing risk. Taking into consideration the processes as well as the organization, the software as well as the hardware, the programmer as well as the end user, consider partnering with your IT vendor. Plan and have a contingency plan. Involve your stakeholders and executives, and let them have a sense of ownership.
Since it is impossible to control all security threats, the need arises for a systematic documented method to prioritize the risks and provide mitigation plans. Overall, the process of information security risk management supports the organizational strategic objectives and enables the staff to identify the risk factors around the information processing chain. As noted before, the risk analysis is the first step of the process of risk management and is a structured and systematic effort to identify the risks and their impacts.
Generally, health information security deals with three aspects; namely,
-protecting patients' data confidentiality,
-ensuring data integrity,
-as well as assuring data availability.
Ignoring any of these aspects may cause a number of problems, such as legal issues or financial losses for hospitals and health care providers By contrast, improving information security will increase the confidence of patients and clinicians, and may lead to the better use of the health data.
The most common threats to the information security are
-unauthorized use of software and computers for communications and
illegal activities.
-discharged employees can be another threat to data integrity and to overcome this issue,
-users' access level should be controlled.
-the data integrity can be threatened by hackers, unauthorized users and Trojan horses
In order to manage the risks, there should be a plan to assess the severity of threats and to determine the potential risks. In fact, the process of risk assessment or risk analysis is the first step in the process
of risk management.
There are several methods for assessing information security risks such as:
-Using a Situational Awareness services to better identify and analyse Risks
- prioritizing the risks to determine the appropriate level of training and controls necessary for effective mitigation
-identifying threats and vulnerabilities,
-analysing the probability
-impact associated with the known threats, and ultimately,
Finally, it can be concluded that IT Managers in Hospitals and other policy makers should work together and address the security gaps existing in the hospitals in order to plan properly and to avoid information security challenges in the future.