Curk University Hospital Risk Analysis
One of the most important issues in relation to moving UCC’s patient information to the cloud is privacy and security. Cork University Hospital (CUH) must be aware of the data regulations within Ireland and all storage must adhere to the laws upheld by the Data Protection Commissioner. Before implementing the system, a risk analysis should be conducted. Compare the current security measures against legal requirements. The analysis will highlight high priority threats and vulnerabilities.
The sensitivity of the personal information stored must be considered at all stages of developing all elements of the EHR, especially when it comes to privacy and security. A trusting relationship between CUH and the vendor is essential for a smooth transition …show more content…
At the outset, make the physical system inaccessible to unauthorised users. Identification and verification must be required for all users of the system. This can be done using user passwords or personal identification numbers (PINs). Procedures for automatic shutdown routines when the system has a confirmed breach. The next phase in conjunction with monitoring the system is identifying what each work station is used for. This allows the system administration to specify privacy settings and distinguish the capabilities of each work station.
Through auditing and monitoring the users of the systems CUH can identify weaknesses and detect security breaches or attempts. CUH must regularly audit all users of the systems. All employees must be aware of the punishments, i.e. suspension that will be enforced if the compliance regulations and policies are not followed.
Along with controlling who access the system, the administration must control the media and devices. CUH is advised to construct a security plan that includes the disposal of data. Any hardware that is being disposed of or recycled during the transition, must be formatted of all data. All the repossessed hardware must be monitored by the administration in CUH. All data must be backed
The sensitivity of the personal information stored must be considered at all stages of developing all elements of the EHR, especially when it comes to privacy and security. A trusting relationship between CUH and the vendor is essential for a smooth transition …show more content…
At the outset, make the physical system inaccessible to unauthorised users. Identification and verification must be required for all users of the system. This can be done using user passwords or personal identification numbers (PINs). Procedures for automatic shutdown routines when the system has a confirmed breach. The next phase in conjunction with monitoring the system is identifying what each work station is used for. This allows the system administration to specify privacy settings and distinguish the capabilities of each work station.
Through auditing and monitoring the users of the systems CUH can identify weaknesses and detect security breaches or attempts. CUH must regularly audit all users of the systems. All employees must be aware of the punishments, i.e. suspension that will be enforced if the compliance regulations and policies are not followed.
Along with controlling who access the system, the administration must control the media and devices. CUH is advised to construct a security plan that includes the disposal of data. Any hardware that is being disposed of or recycled during the transition, must be formatted of all data. All the repossessed hardware must be monitored by the administration in CUH. All data must be backed