What Can We Learn about Healthcare IT Risk from HITECH? Risk Lessons Learned from the US HHS OCR Breach Portal

Date

2021-01-05

Contributor

Advisor

Department

Instructor

Depositor

Speaker

Researcher

Consultant

Interviewer

Narrator

Transcriber

Annotator

Journal Title

Journal ISSN

Volume Title

Publisher

Volume

Number/Issue

Starting Page

3993

Ending Page

Alternative Title

Abstract

The healthcare system in the United States has a sophisticated and an industry-unique set of legal requirements. At the Federal level, healthcare entities, which capture personal identifying information (PII) and also financially bill customers, are under two major laws Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH). The HITECH law requires public notifications of healthcare breaches consisting of 500 or more individuals. The notifications are posted to the US Health and Human Services (HHS) Office of Civil Rights (OCR) Breach Portal for the public to review. This research analyzes the previous year of data posted to the HHS OCR portal to gain empirical insights into healthcare IT risks. As risk informs budget, insurance allocations, and best practices, the real-live evidence analysis gives strong indicators of where stronger mitigating controls should be incorporated into the organizational Information Systems (IS) and overall healthcare infrastructure.

Description

Keywords

Unintended Consequences of IT Implementations in Healthcare, data breach, health and human services (hhs), office of civil rights (ocr), penetration testing, risk assessments

Citation

Extent

7 pages

Format

Geographic Location

Time Period

Related To

Proceedings of the 54th Hawaii International Conference on System Sciences

Related To (URI)

Table of Contents

Rights

Attribution-NonCommercial-NoDerivatives 4.0 International

Rights Holder

Local Contexts

Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.