Security Risk Assessment in Electronic Health Record System

Abstract

This paper identifies and quantifies the risks of security breaches associated with Electronic Health Record (EHR) in healthcare organizations. This study analyzes data from the Data Breach Disclosure Report published by US Department of Health and Human Services (HHS) to determine actual rates of types of breaches, the volume and the average cost of each type of breach. We also propose a procedure to derive rates of breach types and the calculation of SLE (Single Loss Expectancy) to quantify and assess the security risk associated with EHR.