A Framework for Evaluation of Risk Management Models for HIPAA Compliance for Electronic Personal Health Information used by Small and Medium Businesses using Cloud Technologies

ECU Author/Contributor (non-ECU co-authors, if there are any, appear on document)
Raymond Brett Luna (Creator)
Institution
East Carolina University (ECU )
Web Site: http://www.ecu.edu/lib/

Abstract: Our societal quest for collaboration and openness has always been in direct conflict with our desire to maintain our personal privacy. Those conflicting goals are more prominent than ever for healthcare , due to its rapid Digital Transformation and coupled with risk related to the exploitation of Protected Health Information (PHI) that is processed on cloud-based technologies by healthcare Small and Midsize Businesses (SMB). Healthcare SMBs are at higher risk because they often have limited resources to identify and assess risk. This study focused on this issue through an exploratory inquiry using survey statistics , scholarly research , regulatory requirements , and best practices to develop a framework that can be used by healthcare SMBs to evaluate and select a risk assessment model. As illustrated in this study , the selected model can be leveraged to identify and assess risk associated with PHI that is processed in the cloud. This study included four key phases: confirmation of risk for PHI in the cloud , an investigation of HIPAA requirements and best practices for risk assessment , an evaluation of risk assessment models , and a risk assessment model selection process. As a result , healthcare SMB entities with limited resources can improve their ability to achieve HIPAA compliance through risk assessment and contribute to improvements for the overall patient care experience.

Additional Information

Publication
Thesis
Language: English
Date: 2018
Keywords
Business Associates, Covered Entities, Data Breach, Defense in Depth (DiD), Electronic Protected Health Information (ePHI), Healthcare Stakeholders, HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, Internet of Things (IoT), Protected Health Information (PHI), Risk Analysis, Risk Factor, Risk Management, Small and Midsize Business (SMB), SMBE&A
Subjects

Email this document to

This item references:

TitleLocation & LinkType of Relationship
A Framework for Evaluation of Risk Management Models for HIPAA Compliance for Electronic Personal Health Information used by Small and Medium Businesses using Cloud Technologieshttp://hdl.handle.net/10342/6940The described resource references, cites, or otherwise points to the related resource.