What should we look for during a security-risk assessment?
HIPAA Weekly Advisor, December 4, 2001
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q: What should we look for during a security-risk assessment?
A: Any security risk assessment looks at the following five elements:
- Assets
These include physical assets, such as your network, hardware, software, data, and less obvious intangibles, such as reputation with patients. - Threats
This category addresses those things that could produce an unauthorized release of patient information, such as angry employees, untrained employees, theft by strangers, hackers, natural disaster, etc. - Vulnerabilities
These are identified weaknesses that expose your assets to risk. They would include known deficiencies in software, network weaknesses, training gaps, weaknesses in password controls, poor password selection, poor control of inventory, etc. - Losses
These are the costs to your organization resulting from the loss of protected information. It would include cost of fines, potential lawsuits, damage to reputation, etc. - Safeguards
These are the recommended actions that counter a given vulnerability, such as intrusion detection, training, virus scanning, improved procedures, etc.
From the December 2001 issue of Healthcare Information Security.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- HIPAA Q&A: Flu shot requirement for hospital employees
- Running an effective peer review committee meeting
- HealthDataInsights posts new issues for medical necessity claims
- Sneak Peek: Effort underway to establish caseload benchmarks
- Q/A: Coding for telescopic intraocular lens
- New FAQ posted on storing laryngoscope blades
- Tip: Perform your own internal investigation prior to government audit
- HIPAA 5010 deadline extended, but threat remains, says AMA
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- E-mailed
-
- Running an effective peer review committee meeting
- HIPAA Q&A: Flu shot requirement for hospital employees
- HHS task force: Consider privacy, security with text messages
- What does case-mix index mean to you?
- Q/A: Coding for telescopic intraocular lens
- Q/A: Correct use of modifier -PT
- Tip: Correctly code bilateral pain management procedures
- "Wall fountains" may be spreading Legionnaires to patients, visitors
- 2012 CPT code changes for ASCs: Shoulder and knee scopes and pain management
- Case Management Monthly, March 2012
- Searched