Unit 3 Assignment 1 Task 1

Improved Essays
Western Governors University
A. Security Faults
Describe three of the security faults in this scenario that caused a security breach.
1. Some accounts existed before the electronic health record(EHR) was deployed. Important steps were missed during the import of old accounts. I suggest using a clean base line for the brand new EHR system. Users should not be able to have administrator rights without a manager innerving. The security risk that is being violated is called least privilege. This makes a hacker job easy. I can solve your new user policy.
2. Remote access need to be safer. A wide open remote access to the EHR system is very dangerous. A VPN should be put in place to control which accounts have remote access to the system. You will also have to connect to a secure network to access
…show more content…
Not updating and patching a system regularly can have serve consequences. OS updates could introduce new vulnerabilities. All this need to be kept track of. I can solve this problem with a logging and auditing policy.
B. Policy Statements
After researching the national and international standards, create three policy statements that apply to the entire organization, comply with a national or international standard, and might have prevented the security breaches identified in part A.
1. New user policy:
Some of the user accounts were not implemented to the new system.
• New accounts passwords will be: HealthRecord18
• New users will be trained on how to protect their password before the account is created
• New users will also have password with at least 14 characters
• Active directory will pull new employees into the EHR overnight
2. Remote access policy:
A VPN is a major need for the remote access policy.
• VPN will not be issued to interns
• You must can to a secure network to use the VPN
• You can not access the internal network from public wifi
• Mangers will control who has VPN access
3. Logging and auditing policy:
Monitoring changes is why we need a logging

Related Documents

  • Decent Essays

    SYSTEM IMPLEMENTATION: At some fixed interval the PC Master sends request to the Wireless sensor node through the sub master for Data collection. The request send by the PC Master is in the form of frames. The frame which is transmitted by PC master will contain both the sub master id & the wireless sensor node id from where the data should be retrieved. The sub master receives the frame is then check for the wireless sensor node id…

    • 358 Words
    • 2 Pages
    Decent Essays
  • Decent Essays

    Pt1420 Unit 3 Assignment

    • 260 Words
    • 2 Pages

    In class discussions, one thing that really stood out to me was the discussion regarding the integration efforts within the Israeli society. Specifically, the author questions what kind of system is necessary in order to have smooth integration with the least amount of tension and culture conflict. The author then describes how he believes it is democratic pluralism. Which has been seen in Switzerland and Canada. Also how one had to maintain silence, as it talks about when the author explains his realization on the gravity of the ethnic problem in Israel in 1951.…

    • 260 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    Ba501 Week 1 Assignment

    • 740 Words
    • 3 Pages

    II Abstract Security is a need that is increasing at a rapid rate especially with a large organization and constant changes seem to be the norm.…

    • 740 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Legal implementation will help in avoiding certain unwanted disputes and managing the procedures in the proper direction. It is important to note that Government has also made it legal for the implementation of EHR. Once the visionary change is implemented in the routine care practice scenario, there should be a regular check on its execution. Any issues regarding anything should be reported and acted…

    • 617 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Hello Mrs. Brannen, Brooklyn is so excited to be in your class this year and starting her first year with GCA! I had a few questions I was wondering if you could answer or direct me to the person I need to speak with. I spoke with the Lead Kindergarten teacher a few weeks ago about moving Brooklyn up in math and adding her to the Latin course. The lead teacher sent Brooklyn's information over to the Advanced Learner Teacher and said she would be in contact with me but I haven't heard anything from her. Brooklyn has already completed a kindergarten curriculum, Sonlight Core A, Handwriting without tears K, Singapore Math K and Latin though a co-op.…

    • 460 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    Monitoring solutions can be used to monitor all kinds of information on the network including. According to http://www.opsview.com/why-opsview the features of opsview include being able to see the entire connected device on the network and what resources they are taking. Viewing different devices can give the system administrator more information about the status of the network. This is important because it allows the system administrator to have an up to the minute view of the overall health of the network and inspect and fix any part that is damaging the system. Having good monitoring can help prevent downtime and decrease the response time in intrusion detection.…

    • 604 Words
    • 3 Pages
    Improved Essays
  • Superior Essays

    Identify strategies to control and monitor each event to mitigate risk and minimize exposure Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. One type of a security event that might indicate supicious activity is an authentication failures found in audit logs. Audit logs contain a high volume of events so particular attention on which events that should be specifically tracked and managed require consideration. An audit log can identify patterns of activity that can signal a security a potential breach. Whether the attack was successfull or not the audit information should be stored in a central respository for future forensic refernce if ever needed.…

    • 1084 Words
    • 5 Pages
    Superior Essays
  • Improved Essays

    HIPAA Violations

    • 355 Words
    • 2 Pages

    In order to achieve interoperability there are basic security standards that must be accounted for to ensure safe and secure exchange. Without adequate safe measures in place, personal health records cannot be safely transmitted electronically. Exchanging private health information electronically between medical partners comes with inherent risk however. Those risks include violation of HIPAA regulations and threats, vulnerabilities and malware that threaten electronic health records (EHR) or mainframe servers.…

    • 355 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    During a security breach that may occur a logging system will allow Plankton to be notified of any negative events that may occur. This can enable the business to gain notification of what is happening within the network such as data being extracted or failures such as power failure or fault within hardware. This would enable the business to track the route cause of the threat. To enable this, being able to assess the environment of the business is essential, such as the assets that need to be monitored and therefore configure notifications and alerts on those assets. (Security Compass, 2018)…

    • 740 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    The above questions are essential for offering insight into the current state of EHRs. By answering the questions, the reader gets an opportunity to explore various aspects of EHRs. Some of the factors addressed are an introduction to EHRs, use of EHRs, the effectiveness of EHRs, and information on the businesses that provide EHRs in the healthcare…

    • 653 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    EHR System: A Case Study

    • 121 Words
    • 1 Pages

    In order to get authorized to access to the EHR system, one has to be an administrator or an owner. Administrators have right to modify, delete, and create new component; furthermore,…

    • 121 Words
    • 1 Pages
    Improved Essays
  • Improved Essays

    HIPAA Essay

    • 537 Words
    • 3 Pages

    As technology expands provides are using clinical applications such as computerized physician order entry (CPOE) systems, radiology, pharmacy, and laboratory systems. Even though this means health field is becoming more efficient and mobile the rise of technology use increases the potential security risks. The Security Role is designed to be flexible so a covered entity can implement new procedures, policies, and technologies. The Administrative Safeguards provisions in the Security Role require covered entities to preform risk analysis as a part of their security management…

    • 537 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    The intent of the certification program was to provide a form of consumer protection to prospective purchasers of EHRs, ensuring that EHRs were capable of meeting meaningful-use requirements. The HITECH Act tasked the ONC and the HITPC with studying technical and policy approaches to improving the security and privacy of electronic health information. Developing such solutions will probably require a multifaceted strategy that involves technical, educational, legal, and policy interventions by many public and private stakeholders. For example, most breaches of security in health information systems result from simple human error or carelessness, not from technical failings or outside hacking. The difficulty of using current EHRs constitutes a major potential barrier to their adoption and meaningful use.…

    • 882 Words
    • 4 Pages
    Improved Essays
  • Great Essays

    These nurses will be involved in the process pre implementation, during implementation and post. The nurse leadership should be representatives from each department. There should be an establishment of user groups and super users to help transition nurses on the floor during the pre-implementation and implementation phase. The super user is the savvy nurse who is comfortable with the EHR system and will be specifically trained to help people in their unit. For those who need extra help and training there should be online platforms available as well as on-demand training and webinars.…

    • 1179 Words
    • 5 Pages
    Great Essays
  • Improved Essays

    Access the healthcare information you need using only your own user ID and password. * Sign off a workstation whenever you leave it when it has medical information on it. * Do not write down any passwords or post passwords near the computer for logins. *…

    • 1016 Words
    • 5 Pages
    Improved Essays