What Can We Learn about Healthcare IT Risk from HITECH? Risk Lessons Learned from the US HHS OCR Breach Portal

Date
2021-01-05
Authors
Schmeelk, Suzanna
Dragos, Denise
Debello, Joan
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
3993
Ending Page
Alternative Title
Abstract
The healthcare system in the United States has a sophisticated and an industry-unique set of legal requirements. At the Federal level, healthcare entities, which capture personal identifying information (PII) and also financially bill customers, are under two major laws Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The HITECH law requires public notifications of healthcare breaches consisting of 500 or more individuals. The notifications are posted to the US Health and Human Services (HHS) Office of Civil Rights (OCR) Breach Portal for the public to review. This research analyzes the previous year of data posted to the HHS OCR portal to gain empirical insights into healthcare IT risks. As risk informs budget, insurance allocations, and best practices, the real-live evidence analysis gives strong indicators of where stronger mitigating controls should be incorporated into the organizational Information Systems (IS) and overall healthcare infrastructure.
Description
Keywords
Unintended Consequences of IT Implementations in Healthcare, data breach, health and human services (hhs), office of civil rights (ocr), penetration testing, risk assessments
Citation
Extent
7 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 54th Hawaii International Conference on System Sciences
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.