Any repository of personal information is an attractive target for identity theft and misuse. Since an EMR/EHR is a valuable diagnostic tool to clinicians, the integrity and availability of the repository is paramount to delivering accurate and effective healthcare. Thus, a key objective is to rigorously protect the repositories of Personal Health Information (PHI) data using administrative, physical and technical security measures.

Kevin Mitnick, a notorious hacker in the late 1990’s and arguably the most wanted computer hacker in the world, said:

“A company may have purchased the best security technologies that money can buy, trained their people so well that they lock up their secrets before going home at night, and hired building guards from the best security firm in the business. That company is still totally vulnerable.”

A technical-only view of security typically results in intrusions at the hands of people like Kevin Mitnick. At GRA, we believe that early in a project’s security life cycle, a holistic view of security is necessary to ensure appropriate controls are in place. Random events, insiders or outsiders may exploit weaknesses in governance, security management, administrative, personnel, physical or technical security controls and gain unauthorized access and misuse valuable assets.

Security Assurance Services

GRA’s Security Assurance Services assist organizations to identify and review their information security to verify that the PHI and other sensitive information is adequately protected.

If you’d like to learn more about GRA’s Security Assurance Services, a downloadable PDF is available.

GRA’s Privacy and Confidentiality Policy is available for download Here.