Draft of Risk Analysis 

Cyberlaw Noncompliance

Currently ABC Healthcare does not have any enforceable guidelines in place. If employees would to break laws involving ABC Healthcare and the regulations they are bounded too, ABC Healthcare would have a hard time holding these employees accountable. There are several instances of cyberlaw noncompliance. Having a person with little to no experience (not illegal but shows poor judgement) in charge of following these cyberlaws is the root of ABC Healthcare’s noncompliance. The first instance of noncompliance is the disregard to patient’s PHI.

The regulations that are being violated, fall within two major acts HIPAA and HITECH.

HIPAA is in place to guarantee that individuals’ health information is suitably protected while allowing the flow of health information needed to provide the highest quality health care and to protect the public's welfare. HITECH was put in place to promote the adoption and meaningful use of health information technology.

Both HIPAA and HITECH have specific guidelines that protect the patient’s PHI.

Specifically the HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule (Office for Civil Rights (OCR), 2013).

Get quality help now
Writer Lyla
Writer Lyla
checked Verified writer

Proficient in: Cloud Computing

star star star star 5 (876)

“ Have been using her for a while and please believe when I tell you, she never fail. Thanks Writer Lyla you are indeed awesome ”

avatar avatar avatar
+84 relevant experts are online
Hire writer

The Security Rule protects all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information”. The law does not protect PHI transmitted verbally or in writing (Office for Civil Rights (OCR), 2013). The second violation is in regard to the patient and employee financial information.

PCI DSS would apply in this instance.

Get to Know The Price Estimate For Your Paper
Topic
Number of pages
Email Invalid email

By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

"You must agree to out terms of services and privacy policy"
Write my paper

You won’t be charged yet!

The PCI DSS is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment ('PCI Compliance Guide Frequently Asked Questions | PCI DSS FAQs,' n.d.).

ABC Healthcare is not complying with several cyberlaws and this will have an impact on IT and computing within the organization. By entering and remaining in noncompliance, ABC Healthcare is showing that it does not regard the PHI of its clients as important. It is also showing its employees that there personal information is of little importance as well. The trust ABC Healthcare had built will be in jeopardy and hopes of rebuilding that trust will diminish the longer it takes for them to respond appropriately. If ABC Healthcare did not take the appropriate precautions to protect this data, it wouldn’t be a big stretch to assume they did not have protections in place to mitigate any financial problems a breach would bring them. Transferring the risk to a third party, could have offered some financial protections. These protections could include but are not limited to insurance, warranties, or performance bonds.

Acceptable use-of-technology policies

After reviewing a few examples of IT Acceptable Use Policies, I found that SANS Institute Acceptable Use Policy is a good example of how to set internal guideline in any IT environment. If ABC Healthcare would follow these guidelines within its organization, it would have mitigated or even prevented the breach in the first place. 4.2 Security and Proprietary Information (SANS Institute, 2014) would have proved valuable to ABC Healthcare:

4.2.1 All mobile and computing devices that connect to the internal network must comply with the Minimum Access Policy.
4.2.2 System level and user level passwords must comply with the Password Policy. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.
4.2.3 All computing devices must be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended.
4.2.4 Postings by employees from a email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of , unless posting is in the course of business duties.
4.2.5 Employees must use extreme caution when opening e-mail attachments received from unknown senders, which may contain malware.

The section on unacceptable use (4.3 Unacceptable Use) is the entire list of policies ABC Healthcare should have followed in order to prevent the breach. These polices are well crafted in that they give sufficient disclaimers and proper allowances when needed. For example, the following wording is well delivered:

“The following activities are, in general, prohibited. Employees may be exempted from these

restrictions during the course of their legitimate job responsibilities (e.g., systems administration

staff may have a need to disable the network access of a host if that host is disrupting production

services).” (SANS Institute, 2014)

This gives the proper IT staff the opportunity to fulfill there day to day duties with out infringing on the guidelines.

It is a simple task to select aspects of the acceptable use-of-technology policies that I researched that I felt could be adapted to meet the needs of ABC Healthcare. Since ABC Healthcare’s policies or guidelines for employees’ usage of the computers and network are nonexistent, it is clear that any resembles of a guideline would be beneficial. In my professional opinion, I would suggest that ABC Healthcare implement the guidelines outlined by the SANS Institute Acceptable Use Policy. It would be a straight forward process in order to implement this document and make it the company’s own acceptable use-of-technology policies guideline. For the most part the only change I see that would need to be done is replacing the sections with ABC Healthcare. I would also suggest that ABC Healthcare take these guidelines with the utmost importance and convey it to there employees in the same fashion. Extensive training will be conducted from the top down in order to drive the importance of these guidelines.

Updated: Sep 26, 2024
Cite this page

Draft of Risk Analysis . (2022, Sep 06). Retrieved from https://studymoose.com/draft-of-risk-analysis-essay

Draft of Risk Analysis  essay
Live chat  with support 24/7

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment