Patton-Fuller Community Hospital Risk Assessment & Security Audit

Patton-Fuller Community Hospital Risk Assessment & Security Audit
Risk assessment and threat assessment should go hand-in-hand.The outcome of the risk assessment and threat assessment should provide recommendations that maximize the protection of confidentiality, integrity and availability while still providing functionality and usability. The purpose of a risk assessment is to ensure sensitive data and valuable assets are protected. An organization should take a hard look at who has access to sensitive data and if those accesses are required. The security audit should monitor the companies systems and users to detect illicit activity.The security audit should include searches for security events and the abuse of user privileges, along with a review of directory permissions, payroll controls, accounting system configurations, ensure backup software is configured, and backups are completed as required, review network shares for sensitive information with wide-open permissions. During the security audit, a report of offices should be conducted to ensure security policies and procedures are followed.
Security Management Currently, PFCH has a Chief Compliance Officer in place to ensure the hospital meets all laws and regulations regarding patient privacy. The CCO is responsible for developing, implementing, and maintaining a system-wide Corporate Compliance program. The COO also oversees the Security Officer, the Director of Medical Records and the Director of Q.A. / Risk Management. In addition to the COO, PFCH has a director of Information Technology on staff to manage and evaluate all business cases the impact the infrastructure of the hospital. The COO works with the Security Officer, director of Medical records, and the director of Q.A. and Risk Management to manage the information