For this assignment, you will need to review the Case Study presented and perform an audit to assess if there are any gaps related to regulations, internal policies and procedures to identify any areas where the organization’s data security is leaving them vulnerable to virtual attacks. You will need to utilize the CIA triad principles to assist you in making recommendations to protect patient health information, along with a strategy to prevent future security breaches from occurring.
Expand AllPanels Collapse AllPanels
Case Study
Action Plan
Steps you will complete as part of your audit:
1. Assess the Health Center’s policies and procedures for managing user access to their electronic health record system. Ask yourself, are there clear policies for assigning and revoking user access rights based on job roles?
2. Review and assess the quality and frequency of security updates to the Health Center’s electronic health record. Did you observe protocols in place for performing updates and applying patches as needed?
3. Assess the encryption methods in place for protecting patient health information. Are you confident that both data at rest and data in transit are sufficiently encrypted using current systems in place?
Your deliverable method can be either in the form of a half-page to full page report or PowerPoint slides that outline your findings from the audit, including any identified compliance issues, an assessment of current security measures, and strategies you are recommending improving current data protection and regulatory compliance.
Note: If you utilize your textbook or any references to support your recommendations, provide a reference list.
Action
Select the Start Assignment button to begin.
Once you have uploaded your file, select Submit Assignment.
Rubric
M1 A Case for Securing Healthcare Data