Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Protections for hardware, software, and data resources. (American Health Information Management Association, 2011, paraphrased)
V. Legal and Ethical Issues
Security professionals are held responsible for understanding the legal and ethical aspects of information security including crimes, investigation of computer crimes and specifically it is stated that certified security professionals "…are morally and legally held to a higher standard of ethical conduct." (U.S. Department of Health and Human Services, 2011)
There are four primary canons established in (ISC)2 code of ethics for credentialed security included those stated as follows:
(1) Protect society, the commonwealth, and the infrastructure
(2) Act honorably, honestly, justly, responsibly, and legally
(3) Provide diligent and competent service to principals
(4) Advance and protect the profession (U.S. Department of Health and Human Services, 2011)
Three credentials are held by information security professions include the following credentials:
(1) CISSP -- Certified Information Systems Security Professional, credentialed through the International Information Systems Security Certifications Consortium;
(2) CHS -- Certified in Healthcare Security, credentialed through
(3) CHPS -- Certified in Healthcare Privacy and Security, credentialed through AHIMA or HIMSS. (U.S. Department of Health and Human Services, 2011)
VI. HIPAA Security Rule Standards
The HIPAA Privacy Rule protects the individual's "identifiable health information (Protected health information). (U.S. Department of Health and Human Services, 2011) a Risk Analysis is stated to include: (1) Evaluate the likelihood and impact of potential risks to e-PHI; (2) Implement appropriate security measures to address the risks identified in the risk analysis; (3) Document the chosen security measures and, where required, the rationale for adopting...
Department of Health and Human Services, 2011)
It is reported that the Administrative Simplification section of the Health Insurance Portability and Accountability Act of 1996 (HIPAA, Title II) makes it a requirement that the Secretary of "HHS publish national standards for protected health information security, electronic exchange and the privacy and security of health information." (U.S. Department of Health and Human Services, 2011) it is reported that when State laws are not aligned with HIPAA regulations, the HIPA regulation are "preempted by the federal requirements, which means that the federal requirements will apply." (U.S. Department of Health and Human Services, 2011) the Security Rule sets out national standards for confidentiality, integrity and availability of e-PHI and the Department of Health and Human Services (HHS) and Office for Civil Rights (OCR) are responsible for administration and enforcement of the standards.
Summary and Conclusion
This study has identified the 10 domains of Information Security Body of Knowledge along with categories of information security and security policies and standards. The information contained in this study is useful information on health care provider information security in compliance with HIPAA.
References
Kurtz, Ronald L., and Russell Dean Vines. The CISSP Prep Guide (Gold Edition). Indianapolis, in: Wiley, 2003, p. 345.
Summary of the HIPAA Security Rule (2011) U.S. Department of Health and Human Services. Retrieved from: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
The 10 Security Domains (AHIMA Practice Brief) (2011) Retrieved from: http://www.advancedmedrec.com/images/The10SecurityDomains.pdf
Walsh, Tom. "Selecting and Implementing Security Controls." Getting Practical with Privacy and Security Seminars, AHIMA and HIMSS, 2003.
Essentially, the most successful it security systems will rely on a fragmented structure; they may look to third-party or other external local hosting service providers for data that is not as crucial to keep secret. Thus, enterprises must plan for space for "machine rooms that afford high availability and reliability to departmental server resources as well as appropriate network security for these resources" (Clotfelter, 2013, p 7).Then, for more
Second, the specific connection points throughout the network also need to be evaluated for their levels of existing security as well, with the WiFi network audited and tested (Loo, 2008). Third, the Virtual Private Networks (VPNS) and the selection of security protocols needs to be audited (Westcott, 2007) to evaluate the performance of IPSec vs. SSL protocols on overall network performance (Rowan, 2007). Many smaller corporations vacillate between IPSec
They need to know what their responsibilities are not only as individuals but also as team members and corporate employees. David cites an excerpt from a corporate security document that illustrates his point: "A security policy serves many functions. It is a central document that describes in detail acceptable network activity and penalties for misuse. A security policy also provides a forum for identifying and clarifying security goals and
The management control area of authorize processing including certification and accreditation has been defined within Coyote Systems through the use of roles-based logins and access privileges and the use of certification of role-based access to ensure security. The company has found that through the use of role-based security authentication and the defining of rights by role, the certification and accreditation audits are far more efficient in being completed, and provide
This is because it can provide and de-provide its resources dynamically, lead to a reduction of the unused capacity as well as maximize the available resources for improved efficiency. Efficient: The SaaS ERP system makes businesses to benefit from the shared hardware, familiar technologies as well as automated processes. This means that that system is able to effectively increase its peak-load capacity, provide access to organizational resources from almost everywhere
Room With a View Enterprise Risk Assessment The principle risk associated with the Data Security Coordinator and his or her role in the security plan is in properly training employees and selecting the proper service providers. Additionally, it is necessary to continually monitor and evaluate the progress of service providers to ensure that they are compliant with both enterprise and industry standards. Internally it is necessary to ensure that there is