Classification of Assets and Access Control Sections of the Information Security Document for General Hospital
Michelle M. Fulop
University of Cincinnati
HI7030 Module 3 Section 3
March 25, 2018 Classification of Assets and Access Control Sections of the
Information Security Document for General Hospital
Introduction
After reviewing and identifying the potential risks identified in the business operations of General Hospital, security controls can be implemented to regulate the user’s view and application of organizational information resources. Selectively restricting practices, and who has access to those practices, ensures that the hospital complies with regulatory mandates and that the management of information systems is responsibly upheld. Access management in healthcare is crucial with the increased incidence of information security breaches and illegal and fraudulent access of ePHI. In order to maintain a high level of adherence to industry standard regulations, user roles and access privileges must be
…show more content…
The classification differentiation is necessary so that the right amount of security protection can be applied in order to maintain the confidentiality, integrity, and availability of healthcare information. To determine the correct classification of assets one has to determine how each resource is owned and controlled by the hospital, and its application, nature, and use. Correctly identifying and classifying the information asset is critical in determining the potential risks associated with not protecting them adequately. Different classifications require distinctly different security measurement techniques and incorrect classification may lead to threats, vulnerabilities, and breaches in protected healthcare