The Health and Human Services (HHS) settled a case with Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million for violating the Health Insurance Portability and Accountability Act (HIPAA) and security rules. There are security issues with BCBST in regard to confidentiality, integrity, availability, and privacy. There are also security requirement by HIPAA which could have prevent the security issue if it has been enforced. There are correction actions taken by BCBST which were efficient and some may have not been adequate. There are HIPAA security requirements and safeguards organization need to implement to mitigate the security risk in terms of administrative, technical, and physical safeguards. On 5 October 2009, computer equipment from a network data closet was stolen from BCBST. The items stolen were 57 unencrypted hard drives which contained over 300,000 video recording and over one million audio recordings. According to Whitman & Mattord (2010), confidentiality, integrity, and availability makes up the C.I.A triangle which is the basis of Committee on National Security model for information security, an industrial standard, (Whitman & Mattord, 2010). Confidentiality can be a synonym for encryption but also means only the people with the correct permission can access the information. One of the major security issue is the hard drives were not encrypted. The hard drives should be encrypted to prevent people from reading the information the computer. Software can be purchased which will encrypt files on hard drive with such as Folder Lock, SensiGuard, Secure IT, and more. There are open source encrypting software which are free for use which could have been used. If the hard drives were not needed, the data should hav... ... middle of paper ... ...earn from other companies who have been involved with the breaches on how to protect information. Training employees on HIPAA, policies and procedures would help mitigate risks to unauthorized access to information. Meeting the requirements set by HIPAA will protect the company, the employees, and the people private information within the company computer network. Works Cited Easttom, C. (2006). Network defense and countermeasures. (p. 10). Upper Saddle River, NJ: Pearson Education, Inc. Grama, A. (2011). Legal issues in information security. (p. 170). Burlington, MA: Jones & Barlett Learning. Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning. Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 264). Boston, MA: Cengage Learning.
...ed on how to respond to information security breaches. Regardless of an organization size, there is always the risk of information breaches.
A major concern with EHR systems is patient confidentiality. Even though these systems are used with the best intentions, patient’s personal and medical information might be exposed to unauthorized personnel. An estimated 150 different healthcare professionals have access to a patient’s records during a hospitalization (Kreuser, 2007). The Health Insurance Portability and Accountability Act (HIPAA) sets a national standard for the protection of individual’s health information (“Summary of the,” 2014). With little governance, organizations can violate HIPAA regulations. The Hospice of North Idaho (HONI), which is a not-for-profit, end-of-life-care facility, breached HIPAA standards when they did not evaluate the potential risks of transmitting electronic protected health information (ePHI) while using portable devices. These actions resulted in a $50,000 fine, coupled with a two-year probation period (Lynn, 2013). According to The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, the health information of nearly 18 million people has been breached electronically from 2010-2012 (Kam, 2012). Such events cause the general public to question the privacy of EHRs, and because of these concerns, wary patients are less likely to disclose necessary health information. The Department of Health and Human Services estimated that because of a lack of trust in the ability of EHR systems to keep health information private, approximately 600,000 Americans did not seek earlier cancer treatment and 2,000,000 Americans did not undergo treatment for mental illness (Kam, 2012). As patients’ medical records are becoming computerized, the susceptibility to information being accessed by the wro...
In this case, a large health services organization (HSO) in Florida, that has a world-renowned AIDS treatment center had information breach of 4,000 HIV+ patient records, and the list was sent to newspapers, magazines, and the internet. Consequently, this issue was featured in every media vehicle in the world and as CEO, you are requested by the board of trustees to come up a better management information system (MIS) to resolve all information security issues or you will face termination. After hiring an undercover computer security consultant to help determine where the security leak came from, she quickly identifies numerous breaches in computer security and provides a report with the issues identified. The report furnished by the consultant revealed that facility had major problems with the MIS and the staff. In order to determine how to address the issues, the CEO must first answer the following questions: what law is being violated by the employees, why was this law enacted, what are the penalties for such violations, what are the penalties for sharing celebrity information, and should he be updating his resume and looking for another job (Buchbinder, 378).
The intensity and depth of an organization's security policy depends heavily on the nature of their business. A large company compared to a small company would require a different approach to their security policy. Also, the type of information that the company dea...
Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley
Management of Information Security. Boston: Course Technology. Motiwalla, L.; Thompson, J. (2011). The 'Standard' of the 'Standard'.
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 232). Boston, MA: Cengage Learning.
According to the information security governance, success is often less, due to inability to value the the organisation 's information and data. This creates the discussion on the needs for security and the resources to be assigned to this.
Whitman, M. E. & Mattord, H. J. (2011). Principles of information security. Boston, MA: Cengage Learning.
Whitman, M. E., & Mattord, H. J. (2011). Principles of Information Security. Boston: Course Technology.
Li, P. D. (2014). Information and Computer Security. International Journal of Information and Computer Security, 3-7.
In many cases, these contracts require security clearance and involve the release of national secrets to the elected company. Since many corporations have close relationships between trade and national secrets, the responsibility exists to protect information. Each organization is responsible for managing and protecting their IS security and is obligated to ensure a sound IS security plan. This plan requires companies to conduct a risk and vulnerabilities assessment to fully understand where security threats may reside. Maintaining information confidentiality is extremely important as failure to properly enforce the organization’s security plan may result in security breaches. Companies must strive to ensure they are deploying proper logical and physical security controls to combat cyber security attacks. Regardless of how close or how far removed from national secrets an organization is, every company has a responsibility to be good keepers of all information they are trusted with. Failing to keep trade secrets, intellectual property and national secrets safe could have a detrimental effect on the safety of the
Tanya Candia, IT Security: Take a Walk on the Dark Side, (09/21/2005), www.TechNewsWorld.com Part of the ECT News Network
Freedman, C. D. The Extension of the Criminal Law to Protecting Confidential Commercial Information: Comments on the Issues and the Cyber-Context. (August 01, 2013). International Review of Law, Computers & Technology, 13, 2, 147-162. http://www.tandfonline.com/doi/abs/10.1080/13600869955116#.UdhxNezkU1I
Attacks upon information security infrastructures have continued to evolve steadily overtime making the management of information security more complex and challenging than ever before (Deloitte East Africa, 2011).