What Can We Learn about Healthcare IT Risk from HITECH? Risk Lessons Learned from the US HHS OCR Breach Portal

Schmeelk, Suzanna; Dragos, Denise; DeBello, Joan E.

doi:10.24251/hicss.2021.485

Cited by 3 publications

(3 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Research at large has studied risk management of medical information [7][8][9][10], but not specifically as related by different HIPAA-covered domains. Recent research [6,7,11] explores potential concerns for each legally covered segment based on selfreport to the US Government as required by the HITECH Act. In the sector-specific threat probability-specific research [6,7,11] over a one-year interval, the research showed that different the different domains may indeed have different sources of concerns and issues.…”

Section: Risks In Hipaa-covered Entitiesmentioning

confidence: 99%

“…Recent research [6,7,11] explores potential concerns for each legally covered segment based on selfreport to the US Government as required by the HITECH Act. In the sector-specific threat probability-specific research [6,7,11] over a one-year interval, the research showed that different the different domains may indeed have different sources of concerns and issues. For example, healthcare providers and business associates have reportedly different higher probability of concerns to alleviate than health plan entities, as shown in Figure 2 [6].…”

Section: Risks In Hipaa-covered Entitiesmentioning

confidence: 99%

“…Risk assessment automation has been proposed in the form of automated penetration testing frameworks [9][10][11][13][14][15][16][17][18][19]. Testing frameworks and automated tools are extremely useful for detecting known bugs and vulnerabilities.…”

Section: Automating Risk Assessmentsmentioning

confidence: 99%

See 2 more Smart Citations

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Schmeelk¹

2022

Computer-Mediated Communication

Self Cite

View full text Add to dashboard Cite

Data breaches are occurring at an unprecedented rate. Between June 2019 and early October 2020, over 564 data breaches affected over 36.6 million patients as posted to the United States Federal government HITECH portal. These patients are at risk for having their identities stolen or sold on alternative marketplaces. Some healthcare entities are working to manage privacy and security risks to their operations, research, and patients. However, many have some procedures and policies in place, with few (if any) centrally managing all their infrastructure risks. For example, many healthcare organizations are not tracking or updating all the known and potential concerns and elements into a centralized repository following industry best practice timetables for auditing and insurance quantification. This chapter examines known and potential problems in healthcare information technology and discusses a new open source risk management standardized framework library to improve the coordination and communication of the aforementioned problematic management components. The healthcare industry would benefit from adopting such a standardized risk-centric framework.

show abstract

Section: Risks In Hipaa-covered Entitiesmentioning

confidence: 99%

Section: Risks In Hipaa-covered Entitiesmentioning

confidence: 99%

See 1 more Smart Citation

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Schmeelk¹

2022

Computer-Mediated Communication

Self Cite

View full text Add to dashboard Cite

show abstract

Top Reported Data Security Risks in the Age of COVID-19

Schmeelk

Thakur

Ali

et al. 2021

2021 IEEE 12th Annual Ubiquitous Computing, Electronics &Amp; Mobile Communication Conference (UEMCON)

View full text Add to dashboard Cite

An Examination of Threats and Countermeasures Relating to Healthcare Cyber Risks: The Case of Kenyatta National Hospital

Okongo Ario,

T. Anyango,

John

2024

International Journal of Innovative Science and Research Techno

View full text Add to dashboard Cite

Background Africa has seen an exponential increase in internet penetration and ICT affordances since the turn of the twenty-first century. Healthcare institutions are scrambling to put in place the appropriate safeguards to protect their patients' data from unauthorized access since the need to protect private information has become critical, particularly for cybercriminals eyeing the data of medical patients. This thesis investigates cyber security threats and countermeasures in healthcare, with a focus on Kenyatta National Hospital (KNH). Given Africa's increased internet use and the critical need to protect patient data from cybercriminals, the study explores how data protection and cyber security influence healthcare delivery at the hospital.  Key Objectives To examine cyber threats and countermeasures employed by KNH as well as analyzing the impact of Kenya's Cybercrime Act.  Results The survey at Kenyatta National Hospital shows strong cybersecurity measures, with 89% having dedicated resources and 88% using computers regularly. Regarding the Kenya Cybercrime Act, 74% know how to detect and report hacks, though 8% have encountered malware and 12% lack basic malware knowledge. 78% have anti-virus software, and 63% verify email attachments, while knowledge of social engineering and email scams is limited, revealing a need for further education. The second objective looked at the impact of Kenya Cybercrime Act, as a local data protection laws on supporting patient- healthcare system at Kenyatta National Hospital. A significant majority, 74%, are aware of when their computer is hacked or infected and know whom to contact in such cases. The results also show that 79% of respondents have never encountered a virus or trojan on their computers. When opening email attachments, 63% of respondents always verify that the attachment is from a known and expected source. Knowledge of social engineering attacks is limited, with only 18% of respondents aware of these threats and 82% unfamiliar with them. Regarding email scams, 51% do not know what an email scam is or how to recognize one, underscoring a need for further training. Finally, while 85% of respondents believe their computers are not valuable to hackers, 15% recognize their potential as targets, reflecting differing perceptions of risk and emphasizing the need for ongoing cyber security education.

show abstract

What Can We Learn about Healthcare IT Risk from HITECH? Risk Lessons Learned from the US HHS OCR Breach Portal

Abstract: The healthcare system in the United States has a sophisticated and an industry-unique set of legal requirements. At the Federal level, healthcare entities, which capture personal identifying information (PII) and also financially bill customers, are under two major laws

Cited by 3 publications

References 2 publications

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Risk in Healthcare Information Technology: Creating a Standardized Risk Assessment Framework

Top Reported Data Security Risks in the Age of COVID-19

An Examination of Threats and Countermeasures Relating to Healthcare Cyber Risks: The Case of Kenyatta National Hospital

Contact Info

Product

Resources

About