Technology Risk Assessment In Healthcare Facilities

Cooper, Todd; Fuchs, Ken

doi:10.2345/0899-8205-47.3.202

Cited by 6 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The exchange process of health information has a set specification provided by the meaningful use criteria, which requires the exchange process to be recorded by the organizations when the encryptions are being enabled or inhibited [14, 23]. The Health Insurance Portability and Accountability Act (HIPAA) designed a method for the use of cryptography to ensure security [16]. HIPAA expanded its security and privacy standards when the US Department of Health and Human Services (DHHS) created the Final Rule in 2003 [20].…”

Section: Resultsmentioning

confidence: 99%

“…The ISO/IEC 80001 was created to improve safety, effectiveness, and data system security, in turn recognizing a 10-step process of basic risk management, the initial five specifically outlining risk assessment. These five steps are to: identify initial hazards, identify cause and effect situations from these hazards, estimate the potential harm, estimate the probability of harm, and then evaluate overall risk [16]. As modern technology advances, healthcare organizations are going to continue to be targeted for security breaches.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Security Techniques for the Electronic Health Records

et al. 2017

View full text Add to dashboard Cite

The privacy of patients and the security of their information is the most imperative barrier to entry when considering the adoption of electronic health records in the healthcare industry. Considering current legal regulations, this review seeks to analyze and discuss prominent security techniques for healthcare organizations seeking to adopt a secure electronic health records system. Additionally, the researchers sought to establish a foundation for further research for security in the healthcare industry. The researchers utilized the Texas State University Library to gain access to three online databases: PubMed (MEDLINE), CINAHL, and ProQuest Nursing and Allied Health Source. These sources were used to conduct searches on literature concerning security of electronic health records containing several inclusion and exclusion criteria. Researchers collected and analyzed 25 journals and reviews discussing security of electronic health records, 20 of which mentioned specific security methods and techniques. The most frequently mentioned security measures and techniques are categorized into three themes: administrative, physical, and technical safeguards. The sensitive nature of the information contained within electronic health records has prompted the need for advanced security techniques that are able to put these worries at ease. It is imperative for security techniques to cover the vast threats that are present across the three pillars of healthcare.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Security Techniques for the Electronic Health Records

et al. 2017

View full text Add to dashboard Cite

show abstract

“…There is an increase in the use of devices that are attached to medical IT networks, including medical devices and wireless mobile technologies (Cooper & Fuchs, 2013). While all medical devices require jurisdictional approval, for instance, the US has the Federal Drug Administrations (FDA) and Australia has the Therapeutic Goods Administration (TGA), they are rarely tested from a cybersecurity systematic perspective upon integration into a medical IT network.…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge?

Anderson

Williams

2018

Computer Standards & Interfaces

View full text Add to dashboard Cite

This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain. Highlights  An analysis of technical guidance for cybersecurity of ISO 80001-2-8 is presented  ISO 80001-2-8 technical security controls have significant gaps in areas  ISO 80001-2-8 presents an effective baseline for cybersecurity of medical devices

show abstract

“…However, HDOs face challenges when implementing the requirements of this standard . These challenges include the following: HDOs vary in size and in terms of the capability of their risk management processes HDOs provide care in different regulatory environments meaning that the implementation of the requirements of the standard will vary depending on the regulation of the region in which the HDO provides care. Effective performance of risk management activities requires interaction between different stakeholder groups to understand the context of the HDO and manage identified risks accordingly . HDOs may be unprepared for the organisational changes that are required to facilitate this level of interaction among stakeholders who typically operate in silos . …”

Section: Introductionmentioning

confidence: 99%

The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks

MacMahon

McCaffery

Keenan

2016

J Software Evolu Process

View full text Add to dashboard Cite

Medical devices are increasingly designed for incorporation into a hospital's IT network allowing devices to exchange critical information. However, connecting devices in this way can introduce risks potentially negating the benefits to patients. While the IEC 80001-1 standard has been developed to aid Healthcare Delivery Organisations (HDOs) in addressing these risks, HDOs often struggle to understand and implement the requirements. The MedITNet framework has been developed to allow HDOs to assess the capability of their risk management processes against the requirements of IEC 80001-1. MedITNet provides a flexible assessment framework enabling HDOs to gain a understanding of the requirements of the standard and to improve risk management processes by determining their current state and highlighting areas for improvement. This paper examines the challenges faced by HDOs in the risk management of medical IT networks and explains the components of the MedITNet framework and how the framework addresses these challenges. The use of Action Design Research (ADR) in the development and validation of MedITNet are also discussed focusing on a pilot implementation of the assessment method and expert review of the overall framework. The changes to the framework and its components as a result of the validation process are also discussed.

show abstract

Technology Risk Assessment In Healthcare Facilities

Cited by 6 publications

References 0 publications

Security Techniques for the Electronic Health Records

Security Techniques for the Electronic Health Records

Cybersecurity and medical devices: Are the ISO/IEC 80001-2-2 technical controls up to the challenge?

The MedITNet assessment framework: development and validation of a framework for improving risk management of medical IT networks

Contact Info

Product

Resources

About