1-2 Worksheet: risks and practice determining potential areas of noncompliance with HIPAA privacy and security regulations

Question:Risk Assessments

In this worksheet, you will rank risks and practice determining potential areas of noncompliance with HIPAA privacy and security regulations.

Submit your assignment here. Make sure you’ve included all the required elements by reviewing the guidelines and rubric.

Don't use plagiarized sources. Get Your Custom Essay on
Need an answer from similar question? You have just landed to the most confidential, trustful essay writing service to order the paper from.
Just from $11/Page
Order Now

1-1 Discussion: Vulnerabilities in the Flow of Information



Risk Assessment Vulnerability Name Threat Source Departments Impacted Noncompliance Likelihood of Occurrence Impact Severity Risk Level Recommended Best Practice
Unencrypted data Malware, ransomware, phishing The HIM department


HIPAA requires that all data be encrypted when it is at rest (being at rest means being under storage on a disk or drive) High Medium High Use AES 256-bit encryption, which has been cited as a very strong and robust standard for encryption that is availed to computer users commercially

Ensure all the plain text passwords are in cipher text form; encrypt the plain text with keys

Security logging failure Low instances of logging and monitoring the systems HIM and IT department The healthcare facility is supposed to collect information, handle the information closely and regulate the manner of handling this information. High Medium Medium The medical facility needs to audit its logs frequently and properly; there is a need to compile, store and assess the logs
Sharing of PHI information The hard drives of the company were stolen by outsiders IT Department The question of non-compliance comes from the violation of the privacy rule; the identifiers of patients reach players who are not concerned with the health of the patient. Patient information needs to be kept within the facility and be used by those who are in charge of the health of the patient Low Medium Medium Requires setting up physical security in which to place the hard drives and prevent them from getting into the hands of external personal

Modified from HIMSS Security Risk Assessment Guide/Data Collection Matrix with permission of HIMSS.


Highest Priority Vulnerability


The highest priority vulnerability to address for compliance with HIPAA


The highest priority vulnerability is the use of unencrypted data concerning patients in storage drives. The data stolen may end up in the hands of those who may want to cause actual harm to the patients identified by stolen information. For instance, those that took information regarding patients from BlueCross BlueShield of Tennessee (BCBST) used the information for activities other than promoting the health of the patient. if this information finds its way into the hands of an individual who does not care about the well-being of the listed individuals, they may cause more damage than using the information for marketing.


Use your risk assessment to justify why this is the highest priority:

There are three risks present in the scenario. From the risks that are present, the stolen unencrypted data presented the highest risk priority and impact severity considering that not much is known concerning the possible use of the data stolen from the facility