A routine audit of an electronic health record (EHR) system

Introduction _____________________________________

As an information security professional, you are responsible for ensuring preventive information security controls are in place. Such controls include implementing organizational and security policies, processes, and other forms of preventive security measures. Given the information in the scenario below, you have been asked to create employee policies for the company and ensure the policies comply with the minimum requirements of the national or international standards in these areas. These policies will be published to the entire organization in the employee handbook or the HR portal.

Scenario ________________________________________

During a routine audit of an electronic health record (EHR) system, a major healthcare provider discovered three undocumented accounts that appeared to have access to the entire clinical and financial health record within the system. Further investigation revealed that these accounts were accessing records around the clock via remote access to the healthcare system’s network. Three remote access accounts appeared to have been set up at least six months prior to the creation date of the first account in the EHR. Additionally, the accounts in the EHR were originally established as standard user accounts approximately two months ago and escalated to full access over the course of two weeks. System controls are verified to be in effect that limit access for each account to no more than 300 records per day. Over the course of the past two months it is estimated that more than 37,000 but no more than 50,000 records could have been accessed. Reports are being run to determine which patient accounts were accessed, but the reports will take more than two weeks to identify the record identification numbers and then take longer than 60 days to compile the usernames and addresses. An audit of other systems that contain sensitive information revealed no other unauthorized access. Audit files that would normally identify the creator of the accounts overwrite themselves after two weeks in the systems that provide remote access and the EHR. No one in senior management has any reason to suspect that it was an inside job, but based on the short duration for log retention, there is no way to eliminate that possibility either.

Requirements ________________________________________

Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide. You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course. A. Describe three of the security faults in this scenario that caused a security breach. B. After researching the national and international standards, create three policy statements that apply to the entire organization, comply with a national or international standard, and might have prevented the security breaches identified in part A. 1. Justify how each organizational policy statement in part B complies with a specific nationally or internationally recognized standard (e.g., HIPAA, HiTech, PCI-DSS, ISO/IEC, NIST) and could plausibly be enforced at the company. Note: The policy statements should match the baseline requirements of the standards for organizational compliance. C. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized. Rubric

#routine #audit #electronic #health #record #EHR #system

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions

Prior to beginning work on this discussion, read the Five

Prior to beginning work on this discussion, read the Five Essentials of Leadership Communication (Links to an external site.). Create your own top five essentials of leadership communication. Share why you feel these are important and how as a leader you can help others succeed through these five essentials. Your discussion

1st respond Authentic Leadership Manning & Jones (2021) list six

1st respond   Authentic Leadership Manning & Jones (2021) list six standards of a healthy work environment include skilled communication, true collaboration, effective decision-making, appropriate staffing, meaningful recognition, and authentic leadership. Two key insights that will be discussed are authentic leadership and skilled communication. Authentic leadership can clearly empower others

You were recently hired as an occupational safety and health

You were recently hired as an occupational safety and health consultant for Gemstone Fabricators, a medium-sized manufacturing facility that makes stainless steel counters, containers, and carts for the food prep and restaurant industries. Several years ago, Gemstone decided it wanted to become an Occupational Safety and Health Adminstration (OSHA) Voluntary

Module 05 Written Assignment- Care Plan Module 05 Content You

  Module 05 Written Assignment- Care Plan Module 05 Content You are the nurse receiving a report on your patient that was admitted as an emergency earlier in the day. A 64-year-old female underwent a right colectomy. The right side of her colon was removed due to cancer. She has

In this assignment, you will be collecting data about the

  In this assignment, you will be collecting data about the temperature patterns in your city. You will be calculating mean, media, mode and range. You will also be using this data to create a graph and discuss what you learned from the visual representation of data. You will complete

Flesh and Blood So Cheap by Albert Marrin

Write a five paragraph essay that offers an analysis of the book “Flesh and Blood So Cheap” by Albert Marrin. This is not a book report where you will simply tell me what the book is about. Critically analyze the book. What was Marrin’s argument? What seems to be his

It is the responsibility of the global firm to ascertain

   It is the responsibility of the global firm to ascertain the level of importance of various aspects of culture. Companies’ operations need to recognize and adjust to the cultural environment. In this week’s Lesson, you will find eight elements of culture.  For this assignment, there are four elements of

It is essential that you understand the impact of sanctions

 It is essential that you understand the impact of sanctions in the cybersecurity field; therefore, this assignment will provide you with an introduction to sanctions.  Create a presentation that is suitable for delivery to clients of a cybersecurity firm regarding global threats.   Be sure your presentation includes the following:

To complete this assignment, the video and then answer the

 To complete this assignment,  the video and then answer the questions below. Be sure to write your answers in complete sentences. One Page only   What are the four key steps of the 3-2-1 Trick? What is the key to the 3-2-1 Trick? What is the true potential behind the 3-2-1 Trick?

What is your opinion about why Wellness and health are

  What is your opinion about why Wellness and health are declining in current society? What training have you had to help you combat this issue? If you could place five people in a lifeboat of wellness with you, who would they be and why did you select them? What

Research, discuss and analyze an immigration policy from another country.

 Research, discuss and analyze an immigration policy from another country. After discussing and analyzing the immigration policy from the other country, compare and contrast it with a United States immigration policy. Some questions to ponder while researching this discussion board: What is the policy? Whom does it impact? Whom does

The final portfolio project is a three-part activity. You will

   The final portfolio project is a three-part activity. You will respond to three separate prompts but prepare your paper as one research paper. Be sure to include at least one UC library source per prompt, in addition to your textbook (which means you’ll have at least 4 sources cited). 

Explain the general rationale behind using a z-score for describing

Explain the general rationale behind using a z-score for describing how an individual performed on an e x a m compared to just stating the overall mean and the individual’s score. How does the information differ in the two situations? What additional information are you gaining with a z-score? Imagine

Our intention throughout the master’s program is to tie in

  Our intention throughout the master’s program is to tie in the activities and assignments to your professional career in order to encourage you to build capital with your employer. Your master’s degree and the skills you learn while earning it should support and strengthen your current and future positions

The Challenge of Cultural Relativism

Please read James Rachels, The Challenge of Cultural Relativism (pp. 421-433) in the SECOND section of your course text. While Rachels appreciates the value of being open and thoughtful in response to cultural diversity of opinion regarding morals, he gives a number of reasons why it is not philosophically viable

The coming of Donald Trump to prime politics introduced new

 The coming of Donald Trump to prime politics introduced new dynamics to the American political landscape. Has Donald Trump helped or hurt he GOP? Explain what the GOP stands for as a political party and what changes if any Donald Trump introduced to the party. Give at least one specific

Review the employee handbook of the company for which you

  Review the employee handbook of the company for which you work (or have worked). What are the company policies as they relate to travel expenses? How do you substantiate your travel expenses in order to get reimbursement? What are the company policies as they relate to confidentiality? What kind