Implementing Information Security in Healthcare
eBook - ePub

Implementing Information Security in Healthcare

Building a Security Program

  1. 312 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Implementing Information Security in Healthcare

Building a Security Program

About this book

Implementing Information Security in Healthcare: Building a Security Program offers a critical and comprehensive look at healthcare security concerns in an era of powerful computer technology, increased mobility, and complex regulations designed to protect personal information. Featuring perspectives from more than two dozen security experts, the book explores the tools and policies healthcare organizations need to build an effective and compliant security program.

Topics include information security frameworks, risk analysis, senior management oversight and involvement, regulations, security policy development, access control, network security, encryption, mobile device management, disaster recovery, and more. Information security is a concept that has never been more important to healthcare as it is today. Special features include appendices outlining potential impacts of security objectives, technical security features by regulatory bodies (FISMA, HIPAA, PCI DSS and ISO 27000), common technical security features, and a sample risk rating chart.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Implementing Information Security in Healthcare by Terrell Herzig,Tom Walsh in PDF and/or ePUB format, as well as other popular books in Business & Business General. We have over one million books available in our catalogue for you to explore.

Information

Publisher
HIMSS Publishing
Year
2020
Print ISBN
9781938904349
eBook ISBN
9781000285253
Topic
Business
Subtopic
Business General
Index
Business

Chapter 1

The Importance of Information Security in Healthcare

By Terrell W. Herzig, MSHI, CISSP
Today, computers and the Internet are pervasive. We work with computers as a matter of our employment; we attend classes online; we use them for research, entertainment, shopping, banking, and social interactions. We carry laptops, tablets, and smartphones everywhere we travel. There is hardly anything we do today that does not involve interaction with a computing device.
While this technology enables us to be more productive—accessing a mass of information with a mere click of the mouse—it brings with it a host of security concerns. If the information on these systems is accessed inappropriately, lost, stolen, or is rendered inaccessible, the consequences could be disastrous. We may discover that our bank accounts have been depleted or our identities have been stolen. Our employers could lose millions of dollars, face prosecution, incur regulatory fines, and lose customer loyalty.
Technology continues to change at a rapid rate, with consumer devices leading the way on an almost-daily basis. Security typically takes a back seat during such drives of innovation and our ability to secure ourselves progresses slowly. This has resulted in a rapid rise in the number of reported incidents and breaches.
Information security is a concept that has never been more important to healthcare than it is today. The advent of more powerful computer technology and increased mobility means we can leverage this rise in technology to treat patients faster, more consistently, and with better outcomes, all while reducing cost. As healthcare moves from traditional brick-and-mortar infrastructures to health information exchanges, home healthcare, and accountable care organizations, mobility and access to information assets will be key to delivering patient care. Securing confidential information will not only be of importance to our patient populations, but to the success of your healthcare organization.
Information security is about protecting our assets. What kinds of assets need protecting? The answer is: a very broad range. While this would obviously include physical items with inherent value and value to the business, it will also include things such as intellectual property and intangible assets such as data, software, and source code. In today’s information-rich environment, we find many of our logical assets at least as valuable as our physical assets. Finally, no discussion of assets would be complete with-out mentioning our most important organizational asset—people. We can’t conduct business or treat patients without them.
While we can certainly secure systems, information security must always balance security with the value of the asset and usability of a system. For example, surrounding a hospital with rows of razor wire, attack dogs, and armed guards might contribute to the security of the hospital, but it certainly would not be inviting to patients seeking treatment.
So when do we achieve that ideal balance of security and risk management to cost and usability? First and foremost, security should never overvalue the cost of the assets we are trying to protect. This means we must consider the intangible value of assets, the cost of replacing the asset if it is lost, and establish reasonable levels of protection for the value of the asset.
In healthcare finding this balance point can be particularly challenging. We could look at the threats to our assets and ask ourselves questions. For example:
  • Can others scan our systems from the Internet?
  • Do we authenticate with passwords?
  • Do we keep our systems up-to-date?
  • Do we understand how our systems can be exploited?
  • Do we monitor our systems for attacks?
  • Do we provide a safe work environment for our employees?
  • Do we provide a safe environment in which to treat our patients?
If we attempt to answer thes...

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. About the Editors
  5. About the Contributors
  6. Table of Contents
  7. Acknowledgments
  8. A Tribute to Terrell W. Herzig
  9. Chapter 1: The Importance of Information Security in Healthcare
  10. Chapter 2: Information Security Frameworks
  11. Chapter 3: Information Security Planning
  12. Chapter 4: Risk Analysis
  13. Chapter 5: Senior Management Oversight and Involvement
  14. Chapter 6: Information Security Regulations
  15. Chapter 7: Security Policy Development
  16. Chapter 8: The Concept of Security Controls
  17. Chapter 9: Access Control
  18. Chapter 10: Network Security
  19. Chapter 11: Use of Encryption
  20. Chapter 12: Managing Mobile Devices
  21. Chapter 13: Application Security
  22. Chapter 14: Information Security Operations
  23. Chapter 15: Security Considerations in Technology Contracting
  24. Chapter 16: Business Continuity and Disaster Recovery
  25. Chapter 17: Change Control and Change Management
  26. Chapter 18: Testing Your Technical Controls
  27. Chapter 19: Auditing Your Program
  28. Chapter 20: Incident Handling
  29. Chapter 21: Information Systems Implementation
  30. Appendix A
  31. Appendix B
  32. Index