¶ … Wide Web Consortium and HIPAA Applicable Rules In the contemporary business environment, compliance and security standards have become the crucial factors to a successful business and assist in gaining the confidence of top global clients. The W3C (World Wide Web Consortium) is one of the standards, which develops the interoperable technologies that include guidelines, specifications, tools and software to assist the Web achieving its full potential. Moreover, the W3C is a forum for commerce, communication information, and collective understanding primarily aimed to pursue its mission through development of Web guidelines and standards. Since 1994, the W3C has launched a publication of over 100 standards referred as W3C recommendations. The W3C also engages in software development, outreach, education, and serve as an open forum for Web discussion. To assist Web reaching its full potential, fundamental Web technologies allow the software and hardware accessing the Web to allow the technologies working together. Thus, W3C is synonymous to Web interoperability and seeks to avoid Web fragmentation and market fragmentation by publishing Web protocols and languages. (Reay, Dick, & Miller 2012).

Essentially, the W3C set the guidelines for the web accessibility, and the mission of the W3C is to assist people globally developing technologies for humanity. The basic principles of the W3C are to improve human communication through the development world wide web no matter their geographical locations, cultural background, and native language. In the contemporary IT environment, accessibility of Web has grown immensely. People are now using the smartphones, mobile phones, interactive television systems, personal digital assistants, kiosks and some domestic appliance to access the Web. The vision of the W3C is to share knowledge through a rich Web platform to allow people sharing information through social networking and wikis. Thus, the W3C standards have been able to support the personalized Web experiences through design principles and strong architecture. (World wide web consortium, 2015).

Despite the benefits associated with the application of the W3C, the rise of electronic commerce, mobile devices such as personal computers, tablet, wireless network and wireless medical devices have raised a new concern for data integrity and security. (Luxton, Kayl, & Mishkind, 2012). Presently, increased number of healthcare organizations are using the world wide web to access the patient information and transfer it across the network systems. However, transfer of patients' data is beset by risks because hackers can hijack patients' information across the network system. Thus, the W3C is aware of the threat associated with the threat of the patient's privacy and points out that data security is an effective tool to secure patient's information. (Reay, Dick, & Miller, 2012).

Luxton, Kayl, & Mishkind (2012) contribute to the argument by pointing out that protection of patient's data has been the principal concern of telehealth platform. Since some protected health information are sometimes stored in the mobile devices, and patients may use these devices to transfer their data to providers over the network systems. By consequence, security threats can occur when patients' data are being transferred over the network system, which can jeopardize their data and the integrity of the entire network systems.

Thus, "secure handling of data is very critical to assure compliance with the Health Information Portability and Accountability Act of 1996 (HIPAA)" (Luxton, Kayl, & Mishkind, 2012, p 284). To assist healthcare providers adhering to the current standards, the ATA (American Telemedicine Association) has provided a level of guidance that healthcare providers could employ to be consistency with the HIPPAA. The guideline specifies that health information should be secured using the AES (Advance Encryption Standard).

The U.S. government enacted the "Health Insurance Portability and Accountability Act in 1996" (Luxton, Kayl, & Mishkind, 2012, p 284) that mandates an establishment of national standards for the electronic healthcare transactions. The HIPPAA privacy rule assists in regulating the transmission of protected health records operated by entities such as doctors, hospitals, and insurance companies. Moreover, the HIPAA forbids the disclosure of patient's health data except to organizations and individuals acting certain functions on behalf of patients. The Title II of HIPAA provides guidelines, policies, procedures for maintaining the security and privacy of individual health information. The Title II also set criminal and civil penalties for violation of patients' health information. Moreover, Title II creates a standard for dissemination of healthcare information. However, the HIPAA privacy rule reveals that entities may disclose patients protected health data for law enforcement purposes as being required by law. Moreover, a protected health information may be disclosed to health care providers to facilitate healthcare operations, payment, and treatment. Apart from these authorizations, any other disclosure of healthcare protected information should require written authorization.

Typically, hackers have taken the advantages of the network system and web technology to access the protected information without authorization. More importantly, people have taken the advantages of the web technologies to violate the HIPAA rules. For example, 6% of HIPAA privacy violation has been through the web technology. In 2011, Virginia Tricare Management recorded the largest loss of data through the web technology which affected 4.9 million people.
Thus, W3C suggests that organizations are required to integrate effective security protocols to protect their network systems to abide by the HIPAA rules. Luxton et al. (2011) suggest current standards that organizations should employ to abide by the HPIAA rules. Typically, organizations are required to provide high-level security for the health information using the encryption technology. Moreover, it is very critical to safeguarding the health information using the authentication protocols to prevent an unauthorized access to patients' data. Since the exchange of health information is presently being carried out through the internet, healthcare organizations are to use different data transfer encryption systems such as TLS (transport layer security), SSL (secure sockets layer), 128-bit asymmetric cryptography systems and secure 256-bit encryption technology to protect patient information.

"HIPAA specifies 128-bit encryption; thus, these systems must have this minimum level of encryption and preferably without the need for outside encryption or firewall devices. Software-based encryption can allow sessions to be securely conducted from any Internet connection, thus allowing users in a home or in any other location where Internet access is available. Furthermore, these systems must also be transparent and seamless to the user, and consumers and healthcare providers must feel confident that their information is secure." (Luxton, Kayl, & Mishkind, 2012, p 285).

However, the development of wireless technology has become a concerned to healthcare organizations because people are sharing their health information across the wireless network system. Kim & Solomon (2014) believe that credit card numbers, social security numbers and other sensitive information can be transferred across the network systems. However, this information is to be protected through an effective security system to comply with the HIPAA privacy rules.

However, data transmission across the wireless network such as Wi-Fi has become a source of concern because it is easier to monitor the unencrypted data and health information. In essence, organizations are required to use the Wi-Fi Protected Access to secure health information to abide by the HIPAA privacy rules. Kim & Solomon (2014) argue that organizations that intend to comply with the HIPAA privacy rules should observe the key concepts of information security that include CIA (Confidentiality, integrity, and availability). Moreover, the integrity of the information system is very critical in the contemporary IT environment. Application of enhancing access control and security awareness policy are the effective tools to enhance confidential of data. Moreover, organizations should implement the vulnerability assessment, monitoring, vulnerability management, and enhance asset protection policy to enhance data integrity.

ANSI / FERPA

"The American National Standards Institute (ANSI)" (ANSI, 2016 p 1) promotes the U.S. standards and assure a protection of the environment and assure health and safety of consumers. The ANSI also oversees the promulgation and creation of different guidelines that affect businesses. Additionally, ANSI engages in the accreditation to make organizations conforming to standards. However, the "Family Educational Rights and Privacy Act (FERPA)" (FERPA, 2016 p 1) provides the rules for the protection of the information of students and family. Thus, FERPA rules attempt to safeguard the safety of student and families to protect their information. It is critical to understand that compliance to AINSI requires abiding by the FERPA rules because families and students also constitute some percentages of consumers, which AINSI aims to safeguard their health.

Conclusion

In the United States, healthcare organizations are required to comply with the standards and applicable laws. The paper discusses the WC3 laid down standards in the application of the web technology. The study suggests that an effective method to comply with the HIPAA rules during application of web technology is to integrate effective security system that will protect patient's data.

Reference

ANSI, (2016). United States National Standards. USA.

Barth, A. Datta, A. Mitchell, J.C. et al. (2006). Privacy and Contextual Integrity: Framework and Applications. IEEE Symposium on Security and Privacy (S&P'06).

FERPA (2016). Family Educational Rights and Privacy Act. USA.

Kim, D., & Solomon, M. G. (2014). Fundamentals of information systems…