SEC440 Week 7 Essay - 1041 Words

Health Insurance Portability and Accountability Act (HIPAA) Compliance By Christopher Knight SEC 440 16 Oct 2014 TO: Company Chief Security Officer FROM: Security Engineer DATE: 16 Oct 14 SUBJECT: HIPAA Security Compliance for Alba, IA Hospital Any patient that is seen by a physician within the United States is to be protected by the â€Å"Health Insurance Portability and Accountability Act† or HIPAA, which was passed into law in 1996 (Jani, 2009). All health care facilities dealing with any protected health information (PHI) are to ensure that all physical/electronic processes are safeguarded from any third party entity or unauthorized personnel according to HIPAA. All health care data to include any medical insurance†¦show more content†¦The hospital accounting department will also be off limits except only for those personnel that are authorized. Extra vigilance must be place on all medical record rooms, since the hospital still has paper medical records. All medical staff will receive training so that they understand the importance of HIPAA. This policy will guarantee that we have controls in place in regards to accessing patient information and staff access is monitored. Other physical safeguards that will also be in place include visitor sign-in, proper destruction of electronic media that may contain PHI and 100% shred policy on all paperwork. All contractors that might be working at the hospital will only have access to the part of the facility where their work will be conducted and will escorted at all times while performing their duties. Technical Measures With the introduction of information technology advancement into the hospital health care system, we must embrace in this technology and must ensure that we have a more efficient and secure system. This will allow us to create measures that will allow us to protect electronic protected health information (ePHI). All data that is being transmitted on any open networks will be protected from any cyber attackers or unauthorized personnel. In order to protect this data, any ePHI data will be sent by encrypting the data to ensure that in the event that it is intercepted it