Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
The increasing use of electronic health record (EHR) systems, health information exchange (HIE) networks, and cloud computing significantly increases the exposure of sensitive medical information to loss of confidentiality, integrity, and availability due to data-related attacks, such as medical identity theft or insider threats (Ponemon Institute, 2011).
Although an organization may have the means to purchase the best firewall technology, deploy the hardest encryption standards, and implement multi-factor authentication schemes, it still needs the complement of enlightened workforce members who understand what measures they can take to help reduce security risks.
This case study is of a small insurance business providing both health and non-health related products which are separated by divisions. HIPAA regulations impact approximately half of the user base in the business.
There are a number of challenges presented to healthcare facilities as they begin the shift to implementing Information Security. One of these is that they have often been among the first to adopt new technologies.
Healthcare organizations are facing increasing regulatory burdens, and the latest to demand response is HIPAA Security. One major aspect of HIPAA Security is the disaster recovery plan, which seeks to restore appropriate access to information after a major calamity.