Enter Name of School Here
The ABC Healthcare company is facing a great deal of challenges. The regulatory environment has become more restrictive, the stakeholders are demanding more flexible options and access to the systems; yet there are worms and viruses that are becoming extremely damaging as well. Throughout this case study, we will analyze five various issues. The first issue we will discuss is the technical and security recommendations which would protect both internal and external aspects for the overall network. The second issue is to understand the legal compliance of such components as system monitoring, logging in and auditing. The third issue would be the ways to effectively identify or authenticate the users who might need to access the ABC healthcare network. The fourth issue will discuss how the system would recover from attacks or failures. The final issue would address the user account management system and its characteristics.
Overall Technical and Security Recommendations
In order to ensure the security requirements for the ABC Healthcare network from both external and internal perspectives, the focus must be placed upon the HIPAA standards for the Security rules which mandate that the healthcare organizations should have contracts, or policies in place to protect both the internal and external entities, including the patient information. These security requirements could consist of technical safeguards which are built into the healthcare system to not only protect the information, but who also have access to it. This could mean both internal and external users of the ABC Healthcare network have limited access to certain features such as the “emergency access procedures, unique user identification protocols, encryption or decryption characteristics and automatic log-offs” (Davis, 2016). By utilizing these security features, the ABC Healthcare Network would remain within legal compliance and still protect the company, stakeholders and patient’s information. Other options the company could pursue are individual authentication, in which the entity would have to possess proof of their identity to access anything, or even to log onto the internet. This is crucial because by implementing this method, the company would be guarding against unauthorized access that would be potentially being transmitted over the network. This will be discussed in greater detail later in this case study.
System Monitoring, Logging and Auditing
The ABC Healthcare Network would be required to formulate a compliance team to monitor all of the system logging and this team would conduct random audits as well. This team would procced to analyze the information and make the appropriate recommendations according to the procedures, or policies of the healthcare network. The goal of the compliance team, however would be to detect any unauthorized access towards the patient information, establish a work environment and culture that adheres to responsibility and accountability, detect any new threats to the companies networking and technical system, identify any potential present and future problems and address the necessary regulatory or accreditation requirements (Walsh & Miaoulis, 2014).
Identify and Authenticate Users
As previously mentioned, all of the external and internal employees must show proof of their company identification to access any of the system software’s, company data, patient files or the internet. Other approaches that are recommended is a process called a perimeter identification. This consist of understanding and controlling the boundaries of the trusted access to the company information system on both a logical and physical scale. By controlling the access, internal and external employees, including the stakeholders would be able to have the information to successfully perform their jobs and limit the usage of utilizing other websites or downloading non-work related materials which causes viruses or worms such as file sharing, pornography among other websites employees might access during a slow period on the company’s time. Additionally, every employee would have a unique account identifier with an encrypted password, or pin code with a special token number. Both of these special components must be entered into the system before accessing any of the company data so if there is an issue, then ABC Healthcare would know exactly who the problem began with.
Recovery from Unexpected Events
In case of the technical system of ABC Healthcare should fail due to an unexpected event, then there should be a series of policies set in place for backup and recovery options. All staff members must be fully trained and informed of the duties during the recovery process in case of a power failure during a working shift. Additionally, it is recommended that a copy of the recovery plan for the network is safely stored in a sister company, or somewhere not on the premises (Mullen, 2010). There should always be backup schedules at the same time every day and it must be tested for the ability to decide whether it has the capability to restore the system data accurately and efficiently. However, there is always the possibility for floods and hurricanes despite all of the steps previously listed, but if this were the case, then all of the system data should already be on a backup media disk.
User Account Management and Other Security Improvements
For our final issue, the user account management process could be much easier if it is connected to the human resources department. The actions of every employee must be able to be traced immediately and there is no other department such as human resources that would have the most updated information on each and every employee throughout the organization. This is especially important when employees are terminated because their access must be deactivated and not doing so creates a severe security breach for the ABC Healthcare organization.
References
Davis, J. (2016). How Do I Ensure Security in Our System? Hrsa.gov. Retrieved 4 August 2016, from http://www.hrsa.gov/healthit/toolbox/HIVAIDSCaretoolbox/SecurityAndPrivacyIssues/howdoiensuresec.html
Mullen, T. (2010). Best Practices for the Healthcare Environment. Cybersecurity. Retrieved 5 August 2016, from https://www.healthit.gov/sites/default/files/basic-security-for-the-small-healthcare-practice-checklists.pdf
Walsh, T. & Miaoulis, W. (2014). Privacy and Security Audits of Electronic Health Information (2014 update). Journal of AHIMA, 85(3), 54-59. Retrieved from http://library.ahima.org/doc?oid=300276#.V6PEF63K2x4