The Delaware Health Information Network (DHIN) has completed a risk assessment and analysis from Best Practice Partners (BPP). DHIN’s system includes all of the state’s acute care hospitals, federally qualified health centers (FQHCs), and skilled nursing facilities, and houses over 1.6 million patient records. No major issues were found.
Risk assessments examine an organization’s practices regarding the protection of data and its existing network, including the “risk of the confidentiality, availability and integrity of information and information systems.” Because networks can include offsite data storage or include outside vendors and business associates (BAs), providers should be aware of all users and devices that handle protected health information (PHI).
Analyses are required to meet Stage 1 Meaningful Use, but should also be performed as a step toward protecting against data breaches. By undergoing a risk analysis, an organization may find flaws or weak points in its security controls and provide an opportunity to repair these issues. BPP’s assessment utilized National Institutes of Standards and Technology (NIST) standards to inspect DHIN’s privacy and security, as well as state and federal laws.
Specializing primarily in healthcare provider services including IT optimization, consulting, and training, BPP also partners with other field experts during analyses in a federated partnership model. BPP worked with Reclamere, Inc. to perform DHIN’s analysis.
“Although we were confident our network was (and remains) secure, we asked Best Practice Partners to conduct a thorough review to determine if adjustments could be made that would enhance the privacy and security of the information we store,” said Dr. Jan Lee, DHIN CEO, in a public statement. “The exercise prompted several constructive discussions regarding industry best practices and will lead to additional improvements in our approach to system security.”