Protections for hardware, software, and data resources. (American Health Information Management Association, 2011, paraphrased)
V. Legal and Ethical Issues
Security professionals are held responsible for understanding the legal and ethical aspects of information security including crimes, investigation of computer crimes and specifically it is stated that certified security professionals "…are morally and legally held to a higher standard of ethical conduct." (U.S. Department of Health and Human Services, 2011)
There are four primary canons established in (ISC)2 code of ethics for credentialed security included those stated as follows:
(1) Protect society, the commonwealth, and the infrastructure
(2) Act honorably, honestly, justly, responsibly, and legally
(3) Provide diligent and competent service to principals
(4) Advance and protect the profession (U.S. Department of Health and Human Services, 2011)
Three credentials are held by information security professions include the following credentials:
(1) CISSP -- Certified Information Systems Security Professional, credentialed through the International Information Systems Security Certifications Consortium;
(2) CHS -- Certified in Healthcare Security, credentialed through
(3) CHPS -- Certified in Healthcare Privacy and Security, credentialed through AHIMA or HIMSS. (U.S. Department of Health and Human Services, 2011)
VI. HIPAA Security Rule Standards
The HIPAA Privacy Rule protects the individual's "identifiable health information (Protected health information). (U.S. Department of Health and Human Services, 2011) a Risk Analysis is stated to include: (1) Evaluate the likelihood and impact of potential risks to e-PHI; (2) Implement appropriate security measures to address the risks identified in the risk analysis; (3) Document the chosen security measures and, where required, the rationale for adopting...
Department of Health and Human Services, 2011)
It is reported that the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) makes it a requirement that the Secretary of "HHS publish national standards for protected health information security, electronic exchange and the privacy and security of health information." (U.S. Department of Health and Human Services, 2011) it is reported that when State laws are not aligned with HIPAA regulations, the HIPA regulation are "preempted by the federal requirements, which means that the federal requirements will apply." (U.S. Department of Health and Human Services, 2011) the Security Rule sets out national standards for confidentiality, integrity and availability of e-PHI and the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) are responsible for administration and enforcement of the standards.
Summary and Conclusion
This study has identified the 10 domains of Information Security Body of Knowledge along with categories of information security and security policies and standards. The information contained in this study is useful information on health care provider information security in compliance with HIPAA.
References
Kurtz, Ronald L., and Russell Dean Vines. The CISSP Prep Guide (Gold Edition). Indianapolis, in: Wiley, 2003, p. 345.
Summary of the HIPAA Security Rule (2011) U.S. Department of Health and Human Services. Retrieved from: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
The 10 Security Domains (AHIMA Practice Brief) (2011) Retrieved from: http://www.advancedmedrec.com/images/The10SecurityDomains.pdf
Walsh, Tom. "Selecting and Implementing Security Controls." Getting Practical with Privacy and Security Seminars, AHIMA and HIMSS, 2003.
