Unit 6 Risk Management

docx

School

Eastern Gateway Community College *

*We aren’t endorsed by this school

Course

230

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

4

Uploaded by MegaRiverDove42

Report
1. Unit 6 Risk Management Ashley Hammock HIM 230 Legal and Ethical concepts in healthcare Professor Terrell February 18, 2024
2. Part l: Model a list of the steps outlined in the HHS video on risk analysis.   1. Identify the scope of the analysis 2. Gather Data 3. Identify & document potential threats 4. Asses current security measures 5. Determine the likelihood of threat occurrence 6. Determine the potential impact of threat occurrence 7. Determine the level of risk 8. Identify security measures and finalize documentation 9. Review and update annually Part 2: You are the coding supervisor for an HIM department. Management decided to add remote coding for qualified coders. You must complete a risk analysis for this new workplace branch. Use the steps from Part 1 and identify the risks that may pose security issues.   Identify at least eight risks.   1. Unsecure access to network 2. Improper disposal of files 3. Phishing Emails 4. Weak passwords 5. Not having a VPN to secure network 6. Compliance program not in place 7. Tools not provided to secure laptops 8. Ransomware Infections
3. Part 3: Apply the risks you identified in Part 2 to model a risk matrix showing the likelihood and impact of what you consider to be the top 5 risks you identified.     1. Unsecure access to network – low 2. Phishing Emails – medium 3. Weak passwords – medium 4. Not having a VPN – low 5. Compliance Program - low All of the above scenarios have the potential to release a patients EPNI such as unauthorized access or disclosure of information. Part 4: Incident Response: There has been a breach of ePHI involving one of the remote coders.   Identify the steps for incidence response.     1. Prep Incident Response team 2. Detection – details on the incident, information on affected networks 3. Containment – limits the damage on the attack, eradication is removing the malware identifying all user accounts that were breached followed by recovery replacing the affected files. 4. After incident activity – the cause and the cost of the incident, steps that should be taken so this doesn’t happen again.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4. McNeal, A. (2023, February 15). Phishing Incident Response . Graphus. https://www.graphus.ai/blog/phishing-incident-response/ Office for Civil Rights (OCR). (2010, July 14). Guidance on Risk Analysis . HHS.gov. https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/ index.html Sayles, N. B., & Gordon, L. L. (2016). Health information management technology : an applied approach (5th ed.). Chicago, Ill. Ahima - American Health Information Management Association. What is the Security Series? (2005). https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/ riskassessment.pdf

Related Documents

MKTwain - CMGTCB-582 - Competency 1 Reflection.docx
MKTwain - CMGTCB-582 - Competency 2 Reflection.docx
MKTwain - CMGTCB-559 - Final Reflection 02.08.24.docx
MKTwain - CMGTCB-559 - Comp 1 Reflection.docx
MKTwain - CMGTCB-559 - Comp 2 Reflection.docx
MKTwain - CMGTCB-559 - Comp 3 Reflection.docx
QSO 640 MODULE 4 PRE-TEST .docx
QSO 640 Module 6 - Pre-Test.docx
final project 3.docx
MKTwain - CMGTCB-555 - Competency 3 - Reflection.docx
MKTwain - CMGTCB-554 - Competency 2 Reflection.docx
MKTwain - CMGTCB-554 - Competency 1 - Reflection.docx