Our website is a unique platform where students can share their papers in a matter of giving an example of the work to be done. If you find papers
matching your topic, you may use them only as an example of work. This is 100% legal. You may not submit downloaded papers as your own, that is cheating. Also you
should remember, that this work was alredy submitted once by a student who originally wrote it.
This coursework "Risk Assessment for Non-profit Hospital" gives a detailed analysis and interpretation of the risk assessment of a non-profit hospital. From the analysis of my findings, it is inherently evident that healthcare information system security threats are increasing tremendously. …
Download full paperFile format: .doc, available for editing
Extract of sample "Risk Assessment for Non-profit Hospital"
Risk Assessment for nonprofit hospital Introduction This paper gives a dwtailed analysis and intrpetation of the risk assessment of non-profit hosptial in respect to what is already contained in the literature. From the analysis of my findings, it is inherently evident that healthcare information system security threats are increasing tremendously. It shows that there are several factors, other than virus attack, which are critical, are not yet dealth with. Non-profit organizations also lack technological toosl and financial resources to address these issues adequately. In my study, I also explored the most prevalent threats that affect the hospital information system currently.
The study was conductd in medical record department, X-ray department and information technology department. During the study, 18 threats were identified basing on the ISO/IEC 27002 (ISO 27799:2008). The research showed that the most prevalent attack is coursed by actions of human negligence and error. The increase in the use of mobile application softwares in hospital has also heigthen the security risk to hospital data.
Interpretation
The outcome of the research shows that the helth information system threats can be classified into two major categories. The first category is those threats related to propagation and spread of malcious programs to the information system. These include:
Vulnerabilities found on the homepage of HP System Management.
MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code
Vulnerabilities on Microsoft Windows SMB Remote Code Execution (958687)
Apache Tomcat Manager Common Administrative Credentials
Firebird DataBase Server fbserver.exe p_cnct_count Value Remote Overflow
The ways in which these threats propogates can be looked at in details as follows
Use of mobile devices
Today’s society has been hit by massive use of mobile devices. The types and the number of mobile devices use by nurses, physicians, specialist and administrators have drastically grown. The ability of users to access the information via the networkk expose the health information to network related security threats such as eaves dropping and denail of services. In addition, the software used by these devices is upgraded regularly. The software updates alsway comes with malicious programs such as operating systems, which can be detrimental to the information system.
Threats associated with medical embedded devices
With the increase in the use of smartphones and tablets computer with Wi-Fi and wide area network capabilities and embedded features such as a system for monitoring patients, medical scanners and imaging devices, the bandwidth used in communicating is trained and hences exposs the information to network threats.
Desktop to server virtualization
Research has shown that more than 80% of organizations have moved to virtualization in the way they run their applications. Virtualization softwares are used to achieve this. They enable serves to run a variety of applications using limited hardware devices. The strategy is cheaper and energy saving. However, virtualization strategy exposes hospital information to more threats than desktop environment. This is because the communication is via the network or the internet.
Spreading of malware programs vai social media
Platfforms used in socializing such as youtube, twitter and facebook have attracted many users. The employees in the hopsital environment are not exceptional. They use the smartphone and tablets meant for hospital uses for theirpersonal use such as accessing social media. Unknowingly, the malware program can propagate via the social media and infect their application in their hospital devices. This is one of the theat that was found in MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028). The individuals who develop malware programs are programming experts who have advanced knowledge in compuitng environment. This implies that to block malware parmanently is impossible regardless of installing anti-malware programs.
The second category is those related to human errors and negligence. These are threats that target the user accounts. The vulnerabilities involving this type of threat are;
Default Password (password) for root Account
MS04-007: ASN.1 Vulnerability Could Allow Code Execution (828028) (uncredentialed check)
MS04-011: Security Update for Microsoft Windows (835732) (uncredentialed check)
MS04-035: WINS Code Execution (870763) (uncredentialed check)
MS05-046: Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution
MS09-039: Vulnerabilities in WINS Could Allow Remote Code Execution (969883) (uncredentialed
Oracle Database, April 2007 Critical Patch Update
Oracle Database, October 2009 Critical Patch Update
Oracle Database, October 2012 Critical Patch Update
There are different factors that bring about these threats. It can be a contribution of the employees themselves or hackers. There are many instances where the employees in hospital misuse their access privilage right. For example, an employee working in the finance department might try to access patient’s information illegally. The rights of such an employee do not go beyond the processing of the data. Since such employees do not know the regulastions governing the exposure of patient information, the information can get into the hands of unauthorized people who have malicious intentions.
On the other hand, hackers tend to take advantage of the employees negligence to access the information. For instance, a nurse leaves her tablet computer containing patient’s information open and goes out. The hacker comes in and find steals the information from the tablet (Briner 2010). In some instances, hackers can launch an attack to the hospital information system for malicous gain such as monetary gain or revenge. Such hackers tend to couse denail of services to the hopsital.
Conclusion
According to this report, improvements in healthcare risk assessments are crucial to address security and privacy risks. Current challenges to the confidentiality and security of health information are identified and recommendation of security measures that are strong and comprehensive should be implemented. The outcome of the above risk assessment clearly shows that the major threats that affect hosptila data are hacking and malicious program attacks. There are different methods through which these two threats are propagated. The malware related attacks are as a result of technological developments while the hacker related attacks targets the user accounts.
The hospital’s information system is a critical asset to the organization. Lose of hospital data can have fatal impacts on the care quality and patient safety because such a condition affects the availability, integrity, and confidentiality of data. In addition, such troubles would cause hospital to incur huge financial losses.
The researchers should deliberate more on the technology to ensure that the departments of health take full advantage. The suitability of the system should also be adjusted to fit different needs of different hospitals. This can be achieved by increasing the pilot that is able to run for a longer time. This will eliminate the suitability issues.
There is an issue with the reimbursement of the individual who carries out and implement security measures. Most people who carry out these projects are not paid. This will kill the spirit of wanting to research more on the field. Most agencies do not have a laid down strategy for reimbursing the telemedicine reimbursing
The rate at which technology is taking over the operations of different daily undertakings makes it cumbersome to predict the future trends in security of hospital information system. The future evaluation of security is very complex. As it expands, there should be a way of solving the reimbursement issues.
Considering the benefits and cost of implementing telemedicine, it is crucail for a hospital to ensure the security of its information system. Research shows that there a lot of changes in the medical field. There is a huge shift to the use of technology in hospitals. The implementation of telemedicine still faces a lot of challenges.
There has been a drastic rise in the demand for telemedicine services. Consequently, the technology has also led to ithe introductionof different telemedicine devices such as those for managing weight, monitoring blood and rehabilitation (Manser, 2010). The key challenge that proves to be costly to the health service providers is how to apply them in the sector. Practical application has proven to be an uphill task.
The privacy of medical information is very critical. As such, the health care providers should invest heavily in the security of the information system used to provide telemedicine services. It is very evident that the cost that is incurred in ensuring maximum information security is high. Some organization invests lies in the system functionality at the expense of the security of critical medical information.
Reference
Briner, M., Kessler, O., Pfeiffer, Y., Wehner, T & Manser, T. (2010). Assessing hospitals clinical risk management: development of a monitoring instrument. Cengage laerning.
Read
More
Share:
CHECK THESE SAMPLES OF Risk Assessment for Non-profit Hospital
A Case Study on Operations Management “National General hospital (NGH)” Kingdom of Saudi Arabia (KSA) Case Study Outline This study will cover the various aspects of operations management of ‘National General hospital' situated in a city of Saudi Arabia.... This hospital has a core objective to provide all types of essential health services to its patients.... Moreover, the hospital is a service-oriented organization that aims to provide all kinds of healthcare services to the people living in the vicinity of the facility....
Due to these changes the various aspects of hospital accounting, reporting and control systems are all impacted.... This dilemma adds complexity to other aspects such as motivation, compensation, and evaluation of performance by hospital managers.... Most notable is the move of the focus of competition from non price factors like quality to price-and-cost based competition, showing a major alteration to not only the revenue functions but also financial risk....
arnet General hospital employs quality management system in its organization and provision of healthcare services for the reasons mentioned below: This hospital has the intention of increasing its levels of efficiency through reduction of health related wastes such as poor use of drugs, wrong storage, and time wastage when handling patients, paperwork, and procurement issues when it comes to acquiring medicines.... his hospital also employs quality management, especially total quality management, to ensure that it creates system synergy so as to bring together the internal needs and external ones to avoid conflicting goals' pursuit thereby having a comprehensive approach to healthcare provision....
In modern healthcare settings, risk factors are impulsive and hence comprehensive risk assessment programs are essential to meet the challenges.... According to the current day concept, risk assessment is not simply a precaution but a preventive healthcare approach that mitigates the impacts of a number of risk factors (The National Patient Safety Agency, 2007).... Why risk assessment It has been stated that 'each technical advance brings new security holes' (Rogers, 2011, p....
To a certain extent, autonomous physicians have various 'advantages' at a given hospital which allows them to facilitate medical services within the respective facility.... Physicians provide some services on behalf of the hospital.... The stringency between the notion of the hospitals as a 'doctor's workplace', pertinent to medical regulation, and the hospital as an autonomous corporation with its own locus of control and an array of operations has buffed and diminished for a major part of the twentieth century (Stevens, 1989)....
A private non-profit hospital can certainly make a profit – these profits simply would be used in infrastructure improvements or the purchase technologically advanced equipment, as opposed to paying the profits to shareholder or owners.... for-profit hospital will not require accreditation from the Joint Commission on Accreditation of Health care Organizations (JCAHO) but the Running head: Ethics For-profit versus non-profit ethics in healthcare Here Your and School Here Monday, October 06, 2008 This author discusses a change in status from for-profit to private non-profit children's hospital in the health care industry....
The paper 'Performance Management System in a Network of Hospitals " is a good example of a management case study.... Issues that are vital to persons at a nationwide level may include productivity and performance measurement in hospitals.... A number of health care organizations in the United Kingdom are escalating their awareness with regards to the benefits....
This paper ''Community Health Needs Assessment and American hospital Association'' tells that The purpose of this analysis is to examine the effect of Community Health Needs Assessment as established by the Patient Protection and Affordable Care Act of 2010.... The analysis includes five cases of the Kaiser Foundations hospital and an assessment using principles established in the American hospital Association.... The public health problem address is the health disparities found in the United States health care system, and the way to reduce them using the Community Health Needs assessment, required by the Patient Protection and Affordable Care Act of 2010 among tax-exempt hospitals....
14 Pages(3500 words)Report
sponsored ads
Save Your Time for More Important Things
Let us write or edit the coursework on your topic
"Risk Assessment for Non-profit Hospital"
with a personal 20% discount.