SECURITY RISK ANALYSIS 1
Security Risk Analysis
Name
Grand Canyon University: HIM-615
Date
, SECURITY RISK ANALYSIS 2
Security Risk Analysis
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH)
Act was created to promote and expand the adoption of health information technology,
specifically, the use of electronic health records (EHRs) by healthcare providers (“What is the
HITECH Act,” 2020). There have been benefits and challenges identified with this new
technology in the healthcare setting. One of the challenges identified with the new technology is
the security of the information. According to HIPAA Journal (2018), protected health
information (PHI) “relates to the past, present, or future physical or mental health or condition of
an individual; the provision of health care to an individual; or the past, present, or future payment
for the provision of health care to an individual”. PHI also includes “all individually identifiable
health information, including demographic data, medical histories, test results, insurance
information, and other information used to identify a patient or provide healthcare services or
healthcare coverage” (“What is Protected Health Information”, 2018). PHI may be prone to
various internal risks associated with PHI such as employee curiosity, criminal intent, employees
leaving the organization, and under-performing employees. There are also various external risks
such as ransomware, phishing, and pretexting.
Internal Risks
Healthcare is the “only industry where insider threats pose the greatest threat to sensitive
data” (Snell, 2018). The 2018 Protected Health Information Data Breach report found that “58%
of incidents came from insider personnel” (Snell, 2018). Employees misusing or abusing their
access privileges is one cause of internal threats to PHI security. Accessing sensitive healthcare
data is a privilege of healthcare employees. It is also essential in facilitating healthcare services.
Security Risk Analysis
Name
Grand Canyon University: HIM-615
Date
, SECURITY RISK ANALYSIS 2
Security Risk Analysis
In 2009 the Health Information Technology for Economic and Clinical Health (HITECH)
Act was created to promote and expand the adoption of health information technology,
specifically, the use of electronic health records (EHRs) by healthcare providers (“What is the
HITECH Act,” 2020). There have been benefits and challenges identified with this new
technology in the healthcare setting. One of the challenges identified with the new technology is
the security of the information. According to HIPAA Journal (2018), protected health
information (PHI) “relates to the past, present, or future physical or mental health or condition of
an individual; the provision of health care to an individual; or the past, present, or future payment
for the provision of health care to an individual”. PHI also includes “all individually identifiable
health information, including demographic data, medical histories, test results, insurance
information, and other information used to identify a patient or provide healthcare services or
healthcare coverage” (“What is Protected Health Information”, 2018). PHI may be prone to
various internal risks associated with PHI such as employee curiosity, criminal intent, employees
leaving the organization, and under-performing employees. There are also various external risks
such as ransomware, phishing, and pretexting.
Internal Risks
Healthcare is the “only industry where insider threats pose the greatest threat to sensitive
data” (Snell, 2018). The 2018 Protected Health Information Data Breach report found that “58%
of incidents came from insider personnel” (Snell, 2018). Employees misusing or abusing their
access privileges is one cause of internal threats to PHI security. Accessing sensitive healthcare
data is a privilege of healthcare employees. It is also essential in facilitating healthcare services.
