Reference no: EM13753175
Scenario:
During a routine audit of an electronic health record (EHR) system, a major healthcare provider discovered three undocumented accounts that appear to have access to the entire clinical and financial health record within the system. Further investigation revealed that these accounts were accessing records around the clock via remote access to the healthcare system's network. Three remote access accounts appear to have been set up at least six months prior to the creation date of the first account in the EHR. Additionally, the accounts in the EHR were originally established as standard user accounts approximately two months ago and escalated to full access over the course of two weeks.
System controls are verified to be in effect that limit access for each account to no more than 300 records per day. Over the course of the past two months it is estimated that more than 37,000 but no more than 50,000 records could have been accessed. Reports are being run to determine which patient accounts were accessed, but the reports will take more than two weeks to identify the record identification numbers and then take longer than 60 days to compile the usernames and addresses. An audit of other systems that contain sensitive information revealed no other unauthorized access.
Audit files that would normally identify the creator of the accounts overwrite themselves after two weeks in the systems that provide remote access and the EHR. No one in senior management has any reason to suspect that it was an inside job, but based on the short duration for log retention there is no way to eliminate that possibility either.
Task:
Create a legal analysis by doing the following:
A. Create three organizational policy statements that may have prevented the security breach.
1. Justify each organizational policy statement based on a nationally or internationally recognized standard (e.g., ISO/IEC, NIST).
B. When you use sources, include all in-text citations and references in APA format.
Compute the cost that should be assigned to land
: On January 1, 2014, Blair Corporation purchased for $500,000 a tract of land (site number 101) with a building. Blair paid a real estate broker's commission of $36,000, legal fees of $6,000, and title guarantee insurance of $18,000. The closing state..
|
Contribution margin ratio and net operating income
: Michaels Company segments its income statement into its East and West Divisions. The company’s overall sales, contribution margin ratio, and net operating income are $640,000, 60%, and $64,000, respectively.
|
Analyze historical development of the southern colonies
: Analyze and contrast the historical development of the Southern Colonies 1603-1783. In your answer include historical themes, reasons for colonial implementation.
|
Kudler fine foods it security report and presentation
: Learning Team Instructions- Draft the security considerations for each phase of the systems development process.
|
Create three organizational policy statements
: Create three organizational policy statements that may have prevented the security breach
|
Prepare flip companys statement of cash flows
: The following is selected information from Flip Company for the fiscal years ended December 31, 2014: Flip Company had net income of $1,225,000. Depreciation was $500,000, purchases of plant assets were $1,250,000, and disposals of plant assets for $..
|
Elect straight-line-cost recovery
: Jack acquires a new seven-year class asset on September 20, 2013, for $80,000. He placed the asset in service on October 5, 2013. He does not elect to expense any of the asset under SS179 or elect straight-line, cost recovery. He takes additional fir..
|
Identify an mis management issue
: Consult your text, lectures, and or Google searching for MIS management issues. Once you identify an MIS management issue you are ready to get started. Do not hesitate to contact me for questions
|
Determine the tax basis of the furniture at the time of sale
: Tom purchased and placed in service used office furniture on January 3, 2014, for $40,000. Tom's accountant depreciated the furniture using straight-line depreciation over 10 years for financial reporting purposes. The accountant also used the same d..
|