Assessing Security Incidents

Software Helps Measure the Impact
Healthcare organizations need to improve the methods they use to objectively assess the severity of a security incident and whether it should be reported, says David Parks, a privacy officer and attorney.In an interview, Parks, operating counsel and regulatory compliance and privacy officer at Alegent Health:
  • Describes why the eight-hospital system decided to serve as a beta site for a security risk assessment and reporting application to help with HITECH Act compliance;
  • Outlines how the application is helping the organization objectively measure the risk involved in security incidents and track all cases;
  • Notes that security incidents at Alegent so far have involved primarily internal cases of non-malicious negligence;
  • Warns that incidents involving paper records, verbal communication, blog posts and social media comments pose serious potential risks;
  • Describes the organization's use of breach prevention technologies, including data loss prevention software, encryption of mobile devices and social media and Internet monitoring tools.

Parks, an attorney who has worked at Alegent and its affiliated organizations since 1994, was originally educated as a medical technologist and clinical laboratory scientist. He holds certification in healthcare privacy and security from the American Health Information Management Association.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.