Operational Security and Incident Response Policy in Healthcare Sector

Verified

Added on 2020/05/08

AI Summary

This report delves into the critical aspects of operational security and incident response within healthcare organizations. It begins by examining existing incident response policies, referencing OMB Circular No. A-130, FISMA, and other relevant guidelines. The report then outlines the necessity of a robust incident response capability (CSIRC) in healthcare, emphasizing the importance of complying with federal regulations such as CMS Conditions of Participation, HIPAA, and the Safe Medical Device Act. It also highlights the significance of EMTALA policy and policies for medical screening. The document underscores the benefits of having an incident response capability, including the ability to respond efficiently to incidents, minimize data loss, and improve future preparedness. It also discusses the importance of adhering to legal and ethical standards during and after security breaches. The report is supported by references to academic sources that provide further context to the discussed topics.

Running Head: OPERATIONAL SECURITY
OPERATIONAL SECURITY
Name of the Student
Name of the University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1OPERATIONAL SECURITY
Table of Contents
INCIDENT RESPONSE POLICY FOR A HEALTH CARE ORGANIZATION.........................2
Part A:..........................................................................................................................................2
Part B:..........................................................................................................................................3
References........................................................................................................................................5

2OPERATIONAL SECURITY
INCIDENT RESPONSE POLICY FOR A HEALTH CARE ORGANIZATION
Part A:
On research done on some of similar kind of organization two incident response policies
are as follows (Barr, 2016):
 OMB’s Circular No. A-130, Appendix III, 3 released in 2000, which guides Federal
organizations guarantee that there are capacity to give assistance to clients when the
security episode happens within the framework what's more, for sharing data concerning
regular vulnerabilities and dangers.
 FISMA (from 2002) which expects offices to have "methods for recognizing,
announcing, and reacting to security episodes" and sets up an incorporated Federal data
security occurrence focus.
 This provides technical assistance timely to operate the agencies of the
information systems that includes guidance over handling information security
and detecting incidents.
 Analyzes and compiles the information about the incidents which threatens the
existing information system.
 Inform the operators of the information system about the latest potential data
security threats and vulnerability.
At some point when some other strategy or methodology related to the utilization of other
restorative gadget, pharmaceutical operator, or clinical technique, there is a justification of
hands-in preparation, not withstanding sharing of data about the composed approaches (Phillips,
2016). Such preparations might be given by the producer/seller or somebody in the association

3OPERATIONAL SECURITY
(e.g.. a medical caretaker instructor), the director for each units or divisions ought to be relegated
duty regarding:
a) Guarantees all the individual staffs to work in his/her work place assigned in the time
span and thus achieve a score of passing on the competency check tests or perceptions
b) Gather and hold related prepared records.
Part B:
There is a requirement of incident response for the health care organization. There is an
involvement of several vital decisions and actions organizing some effectiveness in the
Computer Security Incident Response Capability (CSIRC). As per the scenario, the latest version
of the organization’s incident response policy that could be suggested across the system:
 Designed plans to promote compliance with some federal regulations like the CMS
Conditions of Participation, HIPAA and Safe Medical Device Act or if there is a chance
of multiple hospitals within the healthcare system then accreditation requirements are
vital like the Joint Commission, DNV (Seys et al., 2013).
 EMTALA policy, the policy for the medical screening policy.
 OMB Memorandum M-07-16, Safeguarding Against and Responding to the Breach of
Personally.
Identifiable Information Assaults every now and again trade off information in
individuals and businesses, and this is basic to react rapidly and viably whenever the security
breaks happen. PC security idea occurrence reaction has moved toward becoming broadly
acknowledgement and actualization. One of the benefits of having episode reaction ability is that
it underpins reacting to occurrences efficiently with the goal that the fitting moves are made

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4OPERATIONAL SECURITY
(Clements & Casani, 2016). Occurrence reaction causes work force to limit misfortune or
robbery of data and administration’s interruption that is caused by occurrences. Other advantages
of episode reaction is the capacity to utilization of data picked up that is dealing with to better get
ready for taking care of future occurrences and to give more grounded assurance to frameworks
and information. Occurrence reaction ability likewise assisting with management of legitimately,
having lawful issues that might emerge amid episodes.

5OPERATIONAL SECURITY
References
Barr, D. A. (2016). Introduction to US Health Policy: the organization, financing, and delivery of
health care in America. JHU Press.
Clements, B. W., & Casani, J. (2016). Disasters and public health: planning and response.
Butterworth-Heinemann.
Phillips, J. P. (2016). Workplace violence against health care workers in the United States. New
England journal of medicine, 374(17), 1661-1669.
Seys, D., Scott, S., Wu, A., Van Gerven, E., Vleugels, A., Euwema, M., ... & Vanhaecht, K.
(2013). Supporting involved health care professionals (second victims) following an
adverse health event: a literature review. International journal of nursing studies, 50(5),
678-687.