Case Study 1: HIPAA, CIA, and Safeguards
Due Week 2 and worth 120 points
This assignment consists of two (2) sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.
Health Information Technology (HIT) is a growing field within health services organizations today; additionally, health information security is a major concern among health organizations, as they are required to maintain the security and privacy of health information. The Department of Health and Human Services (HHS) provides extensive information about the Health Insurance Portability and Accountability Act (HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more information about HIPAA requirements. In March 2012, the HHS settled a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million. Read more about this case at www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.html. As an IT security manager at a regional health services organization, your CIO has asked for the following: an analysis of this incident, an overview of the HIPAA security requirements necessary to prevent this type of an incident, and a briefing for management on the minimum security requirements to be HIPAA complaint.
Section1: Written Paper
1. Write a three to five (3-5) page paper in which you:
a. Describe the security issues of BCBST in regard to confidentiality, integrity, availability, and privacy based on the information provided in the BCBST case.
b. Describe the HIPPA security requirement that could have prevented each security issue identified if it had been enforced.
c. Analyze the corrective actions taken by BCBST that were efficient and those that were not adequate.
d. Analyze the security issues and the HIPAA security requirements and describe the safeguards that the organization needs to implement in order to mitigate the security risks. Ensure that you describe the safeguards in terms of administrative, technical, and physical safeguards.
e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; references must follow APA or school-specific format. Check with your professor for any additional instructions.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required page length.
Section 2: PowerPoint Presentation
2. Create a six to eight (6-8) slide PowerPoint presentation in which you:
a. Provide the following on the main body slides:
i. An overview of the security issues at BCBST
ii. ...
Case Study 1 HIPAA, CIA, and SafeguardsDue Week 2 and worth 120.docx
1. Case Study 1: HIPAA, CIA, and Safeguards
Due Week 2 and worth 120 points
This assignment consists of two (2) sections: a written paper
and a PowerPoint presentation. You must submit both sections
as separate files for the completion of this assignment. Label
each file name according to the section of the assignment it is
written for.
Health Information Technology (HIT) is a growing field within
health services organizations today; additionally, health
information security is a major concern among health
organizations, as they are required to maintain the security and
privacy of health information. The Department of Health and
Human Services (HHS) provides extensive information about
the Health Insurance Portability and Accountability Act
(HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy,
for more information about HIPAA requirements. In March
2012, the HHS settled a HIPAA case with the Blue Cross Blue
Shield of Tennessee (BCBST) for $1.5 million. Read more
about this case at
www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagr
mnt.html. As an IT security manager at a regional health
services organization, your CIO has asked for the following: an
analysis of this incident, an overview of the HIPAA security
requirements necessary to prevent this type of an incident, and a
briefing for management on the minimum security requirements
to be HIPAA complaint.
Section1: Written Paper
1. Write a three to five (3-5) page paper in which you:
a. Describe the security issues of BCBST in regard to
confidentiality, integrity, availability, and privacy based on the
information provided in the BCBST case.
2. b. Describe the HIPPA security requirement that could have
prevented each security issue identified if it had been enforced.
c. Analyze the corrective actions taken by BCBST that were
efficient and those that were not adequate.
d. Analyze the security issues and the HIPAA security
requirements and describe the safeguards that the organization
needs to implement in order to mitigate the security risks.
Ensure that you describe the safeguards in terms of
administrative, technical, and physical safeguards.
e. Use at least three (3) quality resources in this assignment.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your written paper must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; references must follow
APA or school-specific format. Check with your professor for
any additional instructions.
· Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required page length.
Section 2: PowerPoint Presentation
2. Create a six to eight (6-8) slide PowerPoint presentation in
which you:
a. Provide the following on the main body slides:
i. An overview of the security issues at BCBST
ii. HIPAA security requirements that could have prevented the
incident
iii. Positive and negative corrective actions taken by BCBST
iv. Safeguards needed to mitigate the security risks
Your PowerPoint presentation must follow these formatting
requirements:
· Include a title slide, four to six (4-6) main body slides, and a
conclusion slide.
The specific course learning outcomes associated with this
3. assignment are:
· Summarize the legal aspects of the information security triad:
availability, integrity, and confidentiality.
· Use technology and information resources to research legal
issues in information security.
· Write clearly and concisely about information security legal
issues and topics using proper writing mechanics and technical
style conventions.
With a specific end goal to comprehend the parts and elements
of laws one must comprehend the ideas of law and how it
influences organizations and society. Law is characterized as
the standards and regulations built in a group by some power
and material to its kin, whether as enactment or of custom and
arrangements perceived and authorized by legal choice.
State and local courts are made by a state. Federal courts are
created under the U.S. Constitution to choose debate including
the Constitution and laws went by Congress.
The contrasts in the middle of federal and state courts are
characterized mostly by ward. Ward alludes to the sorts of cases
a court is approved to listen. State courts have expansive ward,
so the cases singular natives are well on the way to be included
in-, for example, thefts, criminal traffic offenses, broken
contracts, and family debate. The main cases state courts are not
permitted to hear are claims against the United States and those
including certain particular federal laws: criminal, antitrust,
chapter 11, patent, copyright, and some oceanic cases. Federal
court purview, by complexity, is constrained to the sorts of
cases recorded in the Constitution and particularly
accommodated by Congress. Federal courts listen to Cases:
including infringement of the U.S. Constitution, between
nationals of distinctive states if the sum in contention surpasses
$75,000 and Insolvency, copyright, patent, and sea law cases.
Most criminal cases include infringement of state law and are
attempted in state court, yet criminal cases including federal
4. laws can be attempted just in federal court. We all know, for
instance, that burglary is a wrongdoing, however what law says
it is a wrongdoing? Overall, state laws, not federal laws, make
theft a wrongdoing. There are just a couple of federal laws
about burglary, for example, the law that makes it a federal
wrongdoing to victimize a bank whose stores are safeguarded by
a federal office.
Federal courts may hear cases concerning state laws if the issue
is whether the state law abuses the federal Constitution.
However, state courts handle by a wide margin the bigger
number of cases, and have more contact with general society
than federal courts do. In spite of the fact that the federal courts
hear far less cases than the state courts, the cases they do hear
tend all the more regularly to be of national significance.
Judicial review is the way to go, major to the US arrangement
of government, that the activities of the official and
authoritative branches of government are liable to review and
conceivable negation by the judicial branch. Judicial review
permits the Supreme Court to take a dynamic part in
guaranteeing that alternate branches of government submit to
the constitution. Judicial review was built in the excellent
instance of Marbury v. Madison, 5 US 137 (1803).
The U.S. government has set numerous business regulations set
up to secure representatives' rights, ensure nature and consider
organizations responsible for the measure of force they have
around here determined society. Some of these regulations
emerge more essentially than the others due to their significance
to each U.S. worker and purchaser.
Laws relating to promoting and publicizing get under way by
the Federal Trade Commission exist to ensure purchasers and
keep organizations legitimate about their items, as indicated by
Business.gov. Each business in the nation is obliged to conform
to reality in-promoting laws and could confront claims for
infringement
Among the regularly changing regulations in business are job
laws. These laws relate to least wages, advantages, wellbeing
5. and wellbeing consistence, work for non-U.S. nationals,
working conditions, approach opportunity livelihood, and
protection regulations- -and spread the biggest zone of subjects
of every last one of business regulations. A few business
regulations emerge as the overwhelming hitters among the
others. The Fair Labor Standards Act, connected by the Wage
and Hour Division, set the lowest pay permitted by law for
specialists in the United States. The Employee Retirement
Income Security Act guarantees that representatives get the
retirement arrangement choices and health awareness
advantages to which they are entitled as full-time workers.
There are likewise a few obliged advantages, including
unemployment protection, Workers' Compensation Insurance
and worker Social Security aid. The Immigration and
Nationality Act guarantees that just U.S. subjects and people
with work visas can be contracted, and each business must
continue document I-9 qualification shapes for relevant
representatives.
The carbon footprint of organizations on nature is controlled by
the Environmental Protection Agency nearby state offices. The
EPA upholds natural laws went by the government through
instructive assets, continuous examinations and nearby
organization responsibility. The Environmental Compliance
Assistance Guide exists to help organizations -little and
expansive alike- -attain to natural agreeability, and serves as an
instructive asset more than a master.
Delicate data is typically gathered from representatives and
clients amid enlisting and business exchanges, and protection
laws keep organizations from unveiling this data unreservedly.
Data gathered can incorporate government disability number,
location, name, wellbeing conditions, MasterCard and bank
numbers and individual history. Not just do different laws exist
to keep organizations from spreading this data, however
individuals can sue organizations for uncovering delicate data.
The Safety and Health Act of 1970 guarantees that
superintendents give protected and sterile workplaces through
6. continuous investigations and an evaluating scale. An
organization must meet particular models with a specific end
goal to stay in business.
The parts and elements of law give tenets and rules to pretty
much everything one could experience, both socially and
professionally. The law gives not just decides to those things
that are not adequate, yet gives the methods by which to secure
one's self or test shameful acts. In a world that is constantly
developing through populaces while apparently contracting in
size, without these tenets and regulations there would be a blast
in criminal activities and expanded outrages..
References
Bushman, M. (2007). The Role and Functions of Law in
Business and Society. Retrieved on April 14, 2015, from
http://www.associatedcontent.com/article/139783/the_role_and_
functions_of_law_in_business.html
Melvin, S. P. (2011). The legal environment of business: A
managerial approach: Theory to practice. New York, NY:
McGraw-Hill/Irwin