University of Cumberlands - Risk Management in Business Model Report

Verified

Added on 2022/09/07

AI Summary

This report examines the current state of risk management within a healthcare organization, highlighting deficiencies in information security and the absence of critical security components. It identifies risks related to the organization's computer network and data security, while acknowledging its compliance with HIPAA and other external regulations. The report recommends extending HIPAA security guidelines to create a comprehensive information security policy and provides a table detailing areas needing improvement, such as physical security, network access control, and employee training on information security policies. The report emphasizes the importance of ongoing risk assessment and proposes specific measures to enhance the security of patient, employee, and supplier data. The conclusion emphasizes the need for improved security procedures and suggests that the implementation of these recommendations will lead to a more secure system.

Risk Management in a Business Model
Student’s name
Institution Affiliation(s)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
The organization does not have an adequate information security strategy, and critical
elements of a secure network are missing. The business is compliant with the Health Insurance
Portability and Accountability Act (HIPAA) and follows other external compliance requirements
as well. The report identifies the existing situation of the business and pinpoints risks and
mitigation techniques with respect to a computer network and information security.

Introduction
HIPAA are security rules that allow for elasticity according to the size, structure to a
specific business, and its methods of handling data. In a business model, risk assessment is
supposed to be done periodically. During the evaluation, both public and private data is
evaluated. For our organization, I would recommend the extension of the HIPAA security outline
when coming up with an information security policy. The following table provides us with areas
that need improvement (Vanderpool, 2019).
Policy Description What’s affected Who’s
affected
Why When
Prevention of
Physical theft
(Drolet,
Marwaha,
Hyatt, Blazar,
& Lifchez,
2017)
Physical preventions
are put in place to
prevent both the
hard drives and
other storage devices
BYOD devices
such as cell phones,
personal PCs,
workstations and
other external Disk
Drives
All system
users are
affected (Drolet
et al., 2017)
The reason is to
ensure that all the
data is secured and
protected from
physical theft.
System users
are affected all
the time.
Back up and
physical
access
Only authorized
persons are allowed
to access the
network servers
The NAS, routers,
servers, and
switches (Chen &
Benusa, 2017).
Authorized
persons such as
admins and all
those with
clearance to
handle storage
and data areas.
Switches, routers,
and data drives are
only made
accessible to
authorized
organization
personnel.
Both access to
network servers
and other
network devices
should be made
available only
to authorized
persons.
Employee
training on IS
policy
The exercise is
aimed at ensuring
that all employees
get training on the
existing IS strategies
The existing
policies and
procedures
(Mbonihankuye,
Nkunzimana, &
Ndagijimana, 2019)
Both the
employees and
the
management
Policies and
procedures that
govern IS should be
known to all
employees
During
scheduled
training periods
and when the
year ends.
One-time-
passwords
(OTP)
Users should be
prompted for new
passwords after 1 to
2 months.
The whole
computer network
system
All system
users are
affected
(Mbonihankuye
et al., 2019)
The reason is to
contain both
dictionary and brute
force attacks.
The password
would last
between 1 to 2
months from
the time it was
created

Conclusion
To sum up, our organization lacks in terms of security procedures for our information
security network needs. An extension of HIPAA regulations and rules are used as the foundation
of coming up with a security strategy. Several more methodologies or actions are listed on the
table above, aimed at providing a more secure system where patients, employees, suppliers, and
our closest associate’s data are guaranteed safety. After the report is presented to the board of
management, more policies and procedures can be enacted.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Chen, J. Q., & Benusa, A. (2017). HIPAA security compliance challenges: The case for small
healthcare providers. International Journal of Healthcare Management, 10(2), 135–146.
https://doi.org/10.1080/20479700.2016.1270875
Drolet, B. C., Marwaha, J. S., Hyatt, B., Blazar, P. E., & Lifchez, S. D. (2017). Electronic
Communication of Protected Health Information: Privacy, Security, and HIPAA
Compliance. The Journal of Hand Surgery, 42(6), 411–416.
https://doi.org/10.1016/j.jhsa.2017.03.023
Mbonihankuye, S., Nkunzimana, A., & Ndagijimana, A. (2019). Healthcare Data Security
Technology: HIPAA Compliance [Research Article].
https://doi.org/10.1155/2019/1927495
Vanderpool, D. (2019). HIPAA COMPLIANCE: A Common Sense Approach. Innovations in
Clinical Neuroscience, 16(1–2), 38–41.