A Framework for Evaluation of Risk Management Models for HIPAA Compliance for Electronic Personal Health Information used by Small and Medium Businesses using Cloud Technologies

Luna, Raymond Brett

A Framework for Evaluation of Risk Management Models for HIPAA Compliance for Electronic Personal Health Information used by Small and Medium Businesses using Cloud Technologies

Files

LUNA-MASTERSTHESIS-2018.pdf (4.51 MB)

Date

2018-07-18

Authors

Luna, Raymond Brett

Publisher

East Carolina University

Abstract

Our societal quest for collaboration and openness has always been in direct conflict with our desire to maintain our personal privacy. Those conflicting goals are more prominent than ever for healthcare, due to its rapid Digital Transformation and coupled with risk related to the exploitation of Protected Health Information (PHI) that is processed on cloud-based technologies by healthcare Small and Midsize Businesses (SMB). Healthcare SMBs are at higher risk because they often have limited resources to identify and assess risk. This study focused on this issue through an exploratory inquiry using survey statistics, scholarly research, regulatory requirements, and best practices to develop a framework that can be used by healthcare SMBs to evaluate and select a risk assessment model. As illustrated in this study, the selected model can be leveraged to identify and assess risk associated with PHI that is processed in the cloud. This study included four key phases: confirmation of risk for PHI in the cloud, an investigation of HIPAA requirements and best practices for risk assessment, an evaluation of risk assessment models, and a risk assessment model selection process. As a result, healthcare SMB entities with limited resources can improve their ability to achieve HIPAA compliance through risk assessment and contribute to improvements for the overall patient care experience.