Health Care and Life Sciences: Risk Assessment

Health Care and Life Sciences: Risk Assessment.



Any topic (writer’s choice)

Type of paper:

Excel sheet risk assesment


Health Care and Life Sciences

Format or citation style:


Pages: 3

Deadine: 10hrs

Identify eighteen (18) areas of risk which are/should be a “top priority” for a medical practice with the following description: The hypothetical physician practice to be used for your assignment is a medium sized pediatric practice consisting of (5 physicians/owners, two billers, 1 practice manager, 2 nurse practitioners and three front desk personnel).  The practice maintains its own computer server on-site (the server contains EHR and Practice Management software and is backed up to tape on a local tape drive) and uses workstations throughout the practice.  The practice uses a cloud based email system and has a laptop based EKG system.  The practice handles has contracted with an outside IT company for “major issues,” but otherwise handles its day-to-day IT support and has implemented HIPAA Privacy Rule requirements as required in April 2003.  Additionally, the practice facility has a security system installed ( alarm system, motion detectors, etc.).

Please provide examples and/or provide resource support for the assignment. 

USE THIS FORMAT  This assignment may be submitted using the column headers/format of  the “Sample Physician Practice RA” tab of the HIMMS SAMPLE Risk Assessment Plan

This is just an example please fill out this excel sheet with your own example

of Occurrence
Recommended Best Practice ControlComments
Unauthorized and malicious outsiders or insidersHIPAA Privacy Rule policy manual purchased in 2003MediumHighMediumProgressive reviews and application of required regulatory privacy and security standards (HIPAA Privacy and Security Rules, Omnibus Rule changes, etc.). Development of compliance plans with help from outside expertise ratherthan self-dependecyProgram update facilitate system efficiency and safety of PHI
UsersNoneHighHighHighDelegation of duties to ensure tracing back of leaked information and oversight personnel to look out for inside adversaries, use of encryted transfer media, institution of oicies on data editing, storage or deletion. Promotion of data security where access to crucial data can only be aauthorized by more than one individual.Systems should be screened for any deletions, downloads or transfers. Emplyees should be bared from using personal emails for transfer of official information.
Adversarial insider or outsiderPassword lenths set at a minimum of six charactersMediumMediumMediuminstitution of standards where passwords are set at a minimum of 10 characters that strictly include upper and lower case characters and a number or special character. unsuccessfull logins after four trials should block the account and recovery of such accounts should be done through administration office. when changing, verification platforms such as email verification before fiinal changing should be consideredEmployees shoud be  aleted on the need to create strong passwords and change them regularly
Unauthorized and malicious outsiders or insidersThose with authorized access to PHI have predescribed Personal Identification credentials MediumMediumMediumEstablishment of strong login credentials only known to specific users. There should be regular system audit to establish any intrusions and suspecious activitiesThe access frequency to crecial information should be limited. It will help identify any unauthorized access from outsiders
Authorized and malicious outsiders or insidersNoneLowMediumLowImplement policies that  allows access only on location in the facility and deactivate dormant account after a specified time periodA user might continue accessing information, corrupting it or  simly intruding the privacy of the employees hence the need to limit and regain access authority after termination
Unauthorized and malicious outsiders or insidersNoneLowHighLowImplement the “logout” policy after leaving working station, encryptions on crucial documents and secure storage of hard devicesAdvanced encryption of ssystems to deny access to outsiders and locking of hard dives reduce the suspectibility of intrusions
hardware or sysem failure, disaster incidents NoneHighMediumMediumEnsure that incidents recovery and data backup plans are follwed strictly. Regular system updates and testing to gauge capabilities and identify possible loopholes. Regular and effective media backup for reinstallation and program reinstatements.An efficient user interface ensures effective interactions and executions with the system
Unauthorized and malicious outsidersWAP 2 prootocola are used for wireless networksMediumHighMediumMake upgrades o the protocols and Anti-malware software, include VPNs, avoid transfer of information over public Wi-Fi,Upgrades and enaction of strong access credentials gives intruders less chances of getting into the system
Due to natural disasters or accidentsComputer systems are backed up by tapes tape on a local tape driveMediumHighMediumConduct sytems audit and anaalysis to identify weaaknesses, ensure that all critical data is included in the Data Backup Plan. The back up plan should be also backed up and the media stored off site to avoid destruction during disastersThe facility holds cruciaal  information from different patient and its destruction might lead to massive losses while some distres are not prevenntable, there is always the need to secure it in other places for effective recovery
Unauthorized and malicious outsidersA single security guardLowHighLowInstalation of security systems such as no alarm system, motion detectors and security cameras, proper grills on windows and doors for enhanced securityAdversaries might forcebly or using employees intrude the facilities with motive intentions to take up the PHI. Therefore, apart from security personnel, security systems should also be installed
Accidents, Malicious insider or aoutsiders,Shreders and bins for disposable drivesLowHighLowDocuments should be well shredded and burnt. If burning is impossible, the documents and drives should strictly be assigned to a trusted disposal institution from whom any retracing of the information can be traced to.While the facilitty might perieve that the respective PHI has been fully destroyed only to realize there was no full erasure. Therfore, the facility should do it disposal part but still consider a trusted disposal institution to eliminate such chances
Ill-intentioned individuals or accidental accessNoneMediumHighMediumAdvanced encryption too  secure the information from aaccess to the contractors, strict supervision to ensue they don’t access devices with the respective informationThe encryption protects information from ‘normal’ individuals while supervised working conditions help prevets experts from intrution into the database
Malicious outsiders and insidersNoneLowHighLowEnact regulations on the use of mobile devices in the workplace, either company’s or personal. they should have security controls that prohibitss access from outsiders and tiimed sessionspersonal mobile devices are most vulnerable given that the employees could capture information and leave with them from the facility
Accidental or environmentalOffices kept clean free from dump and dust;  daily cleaningMediumMediumMediumProper placement of equipment away from dump areas, protect them when cleaning and avoid spillageWhenever the equipment are soiled, it might take time before reparing which delays the customer service process. Some informtio might be lost also
Unsuspecting or ignorant insidersSytems that logs out after 20 minutes of inactivityHighMediumMediumEmployee training and awareness on the need to protect information through the provided policies and guidelinesemployees should be informed on the need to take measures to protect institutional PHI
Malicious outsiders and insidersThere are system and equipment checks whenever problems occurLowMediumLowEquipments and machines should be replaced approriately and regulary insteadof waiting untill they are disfunctional or brokenContinuous machine replacement ensures the equipment is up-to-date hence safer 
Malicious outsiders and insiders, technologicalInstaled Anti-virus and operating system softwareMediumHighMediumRegular checks and reviews of OS to update on the advanced ones; the anti-virus and anti-malware programs should be upgraded and updated with special considerations to prvent further ontrusion from non-genuine updatesSecurity and Anti-malware programs should be installed and updated to reduce intrusion vulnerbilities
Malicious insiders and outsidersInformation encryption and firewallsLowHighLowInstallation of advanced anti-malware, filters to check on incoming messages and strict usage of secure networksinstallation of diagnostic tools would help  identify unauthorized access, information editing, transfer or erasure enhancing its security

Browse more products here

Order Here

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.