Policy and Compliance (Tracey)

1923 Words4 Pages
bulb-icon

Recommended: Essays on hipaa privacy rules

Policy and Compliance (Tracey)
Organizations develop regulations, standards and practices for securing their data. These standards enforce access security practices and policies set forth by government agencies and adopted by organizations, of these include DoD and National Security Agency. (Goodrich & Tamassia, 2011). By implementing these standards, a company or agency may be allowed to store and transfer sensitive content. Of these government regulations and standards includes; Federal Information Processing standardization (FIPS) 140 which is a set of standards requiring cryptographic modules used by government organizations. (Goodrich & Tamassia, 2011). National Institute of Standards and Technology (NIST 800 series) is based on a standard practice of computer security policies, procedures, and guidelines, which maintains cost effectiveness and efficiency. Other standards include Health Portability and Accountability Act (HIPAA), a standard for healthcare providers and employers to maintain patient privacy and Protected Health Information (PHI) which sets a standard for protecting personal information.
Data protection and access controls are applied as part implementing government policy regulations, this will address privacy of data concerns noted by Jacket-X employees. As a publicly traded company, Jacket-X must also adhere to SOX regulations.
Observations (Tracey)
Jacket-X has grown, and in an effort to keep up with growing demands and the need for increased security they are now implementing an identity management system, however this has raised concern over privacy for their employees. (Cyberspace and Cybersecurity: Interactive Case study II). Jacket-X recently recently became a publicly traded company, th...

... middle of paper ...

... Case study II. Video posted in University of Maryland University College NSCI 170 6981 online classroom, archived at: http://webtycho.umuc.edu
Eddy, N. (2012). Businesses Lack Confidence in Data Security: Report. Eweek, 1.
Goodrich M.T., Tamassia, R. (2011). Fundamental Concept. Holcomb, J. (Eds.), Introduction to Computer Security (pp. 445-483).
Lenn, L. E. (2013). Sarbanes- Oxley Act 2002 (SOX) -10 years later. Journal Of Legal Issues & Cases In Business, 21-14.
Li, C., Peters, G. F., Richardson, V. J., & Weidenmier Watson, M. (2012). THE CONSEQUENCES OF INFORMATION TECHNOLOGY CONTROL WEAKNESSES ON MANAGEMENT INFORMATION SYSTEMS: THE CASE OF SARBANES-OXLEY INTERNAL CONTROL REPORTS. MIS Quarterly, 36(1), 179-204.
Orin, R. M. (2008). Ethical Guidance and Constraint Under the Sarbanes-Oxley Act of 2002. Journal of Accounting, Auditing & Finance, 23(1), 141-171.

Show More
Related

  • Carmella Iacovetta The Power of the Profile

    1520 Words  | 4 Pages

    The reality is in 2013 most American lives are being logged at every step from being filmed as they buy a soda at 7-11 or doing your homework at the computer lab at a community college. And, although many have heard about this intrusion, many do not most know the extent of this information and its impact when it is combined in a profile. This profile is used in background checks for top security clearances that the Office of Personnel Management (2013) requires to obtain this credential. Today, all people that have top security clearances are at risk to be targeted in ways that are deviant and often passive. To understand the profile is used to supply background checks, a history of the former company ChoicePoint will be explained to show this security threat of this now defunct company has contributed to this risk.

    Read More

  • HIPAA: Privacy and Security Rules The Computer, the Nurse and You

    1452 Words  | 3 Pages

    How would you like to keep track of your personal health information record in your computer at home? The electronic data exchange was one of the goals of the government to improve the delivery and competence of the U.S. healthcare system. To achieve this plan, the U.S. Congress passed a regulation that will direct its implementation. The Department of Health and Human Services is the branch of the government that was assigned to oversee the HIPAA rules. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a national public law in the United States that was created to improve health insurability, prevent insurance abuse and to protect the privacy and security of a person’s health information.

    Read More

  • Internal Controls and the Sarbanes-Oxley Act

    782 Words  | 2 Pages

    A Guide to the Sarbanes-Oxley Act of 2002 (2006). Retrieved December 16, 2009 from www.soxlaw.com

    Read More

  • The Technological Feasibility of HIPAA Requirements

    3082 Words  | 7 Pages

    Introduction The Health Insurance Portability and Accountability Act of 1996, or HIPAA, is a law designed “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. ”1 HIPAA mandates that covered entities must employ technological means to ensure the privacy of sensitive information. This white paper intends to study the requirements put forth by HIPAA by examining what is technically necessary for them to be implemented, the technological feasibility of this, and what commercial, off-the-shelf systems are currently available to implement these requirements. HIPAA Overview On July 21, 1996, Bill Clinton signed HIPAA into law.

    Read More

  • Between a Rock and a Hard Place: The Erosion of Privilege and the Duty of Confidentiality

    2032 Words  | 5 Pages

    A possible flaw of Sarbanes-Oxley is it failed to put up any resistance in thwarting the financial crisis. While the degree to which fraudulent behavior can be traced to the roots of the Great Panic of 2007 will likely be up for eternal debate, it might be telling that Sarbanes-Oxley effectively did nothing. It seems this could indicate that stronger incentives for whistleblowers (such as Dodd-Frank and perhaps other whistleblower protection regimes) are very necessary given the extreme social costs. This conclusion may be hasty, however, given the short time period between the enactment of Sarbanes-Oxley and the crash. Not only is the status of Sarbanes-Oxley still in flux over a decade later, but one has to consider the substantial learning and switching costs associated with a regime with such a substantial ruach. Certainly, this is not to say that additional protections may in fact be necessary given the putative reluctance of lawyers to report fraud, but Sarbanes-Oxley likely needed more time to really crystalize and provide some level of predictability before it can be declared a bust.

    Read More

  • Massachusetts General Hospital

    1281 Words  | 3 Pages

    The Institute of Internal Auditors. "Internal Auditing's Role In Section 302 and 404 of the U.S Sarbanes-Oxley Act of 2002." The Institute of Internal Auditors (2004): 1-13.

    Read More

  • Accounting Fraud, the Investor and the Sarbanes Oxley Act

    1981 Words  | 4 Pages

    Throughout the past several years major corporate scandals have rocked the economy and hurt investor confidence. The largest bankruptcies in history have resulted from greedy executives that “cook the books” to gain the numbers they want. These scandals typically involve complex methods for misusing or misdirecting funds, overstating revenues, understating expenses, overstating the value of assets or underreporting of liabilities, sometimes with the cooperation of officials in other corporations (Medura 1-3). In response to the increasing number of scandals the US government amended the Sarbanes Oxley act of 2002 to mitigate these problems. Sarbanes Oxley has extensive regulations that hold the CEO and top executives responsible for the numbers they report but problems still occur. To ensure proper accounting standards have been used Sarbanes Oxley also requires that public companies be audited by accounting firms (Livingstone). The problem is that the accounting firms are also public companies that also have to look after their bottom line while still remaining objective with the corporations they audit. When an accounting firm is hired the company that hired them has the power in the relationship. When the company has the power they can bully the firm into doing what they tell them to do. The accounting firm then loses its objectivity and independence making their job ineffective and not accomplishing their goal of honest accounting (Gerard). Their have been 379 convictions of fraud to date, and 3 to 6 new cases opening per month. The problem has clearly not been solved (Ulinski).

    Read More

  • Enron Scandal: White Collar Crimes

    819 Words  | 2 Pages

    Congress to shield shareholders and the overall population from bookkeeping mistakes and deceitful practices in the venture, and in addition enhance the precision of corporate divulgences. (Rouse, n.d.)The Eron scandal was one of the reason for the establishment for Sarbanes Oxley Act. Now, all businesses are required to obey with the Sarbanes Oxley Act. The demonstration is not an arrangement of business practices and does not determine how a business ought to store records. It characterizes which records ought to be put away and for to what extent. Best rehearses demonstrate that companies safely store all business records utilizing the same rules set for open bookkeepers. (Rouse, n.d.)The third control alludes to the kind of business records that should be put away, including all business records and interchanges, including electronic correspondences. (Rouse, n.d.)

    Read More

  • Health Insurance Portability and Accountability Act

    1793 Words  | 4 Pages

    The Standards for Privacy of Individually Identifiable Health Information, better known as the Privacy Rule, that took effect in April 2003 for large entities and a year later for small ones, was established as the first set of national standards for the protection of health information. This rule was issued by the U.S. Department of Health and Human Services to meet the requirement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Privacy Rule was born out of a need for health information to be appropriately protected yet still allowing the health information to be shared to ensure quality health care and to protect the public’s health and well being. It allows for the protection of the privacy of the patient and yet it also permits vital uses of information.

    Read More

  • Accounting profit and True Profit

    996 Words  | 2 Pages

    ...urvey of ethical behavior in the accounting profession. Journal of Accounting Research, 9 (2), pp. 287-306.

    Read More

  • Corporate Fraud: Sunbeam Corporation and Chainsaw Al

    1949 Words  | 4 Pages

    Brooks, L., Dunn, P. (2012) Business & Professional Ethics for Directors, Executives & Accountants. 6th Edition. Thompson South-West.

    Read More

  • HIPPA and the Privacy of Medical Records

    1335 Words  | 3 Pages

    The Security Rule of the HIPAA law affects technology the most in a Healthcare or Human Service organization. The Security Rule deals specifically with Electronic Protected Health Information (EPHI). The EPHI has three types of security safeguards that are mandatory to meet compliance with HIPAA regulations. Administrative, physical, and technical. There is constant concern of different kinds of devices and tools because of their vulnerability: laptops; personal computers of the home; library and public workstations; USB Flash Drives and email, to name a few. These items are easily accessible for those attempting to breach security. Workers of the healthcare area have complet...

    Read More

  • HIPAA's Role in Protecting Patient Privacy

    1118 Words  | 3 Pages

    Health information opponents has question the delivery and handling of patients electronic health records by health care organization and workers. The laws and regulations that set the framework protecting a user’s health information has become a major factor in how information is used and disclosed. The ability to share a patient document using Electronic Health Records (EHRs) is a critical component in the United States effort to show transparency and quality of healthcare records while protecting patient privacy. In 1996, under President Clinton administration, the US “Department of Health and Human Services (DHHS)” established national standards for the safeguard of certain health information. As a result, the Health Insurance Portability and Accountability Act of 1996 or (HIPAA) was established. HIPAA security standards required healthcare providers to ensure confidentiality and integrity of individual health information. This also included insurance administration and insurance portability. According to Health Information Portability and Accountability Act (HIPAA), an organization must guarantee the integrity, confidentiality, and security of sensitive patient data (Heckle & Lutters, 2011).

    Read More

  • A Corporate Code of Ethics is Not Enough

    2353 Words  | 5 Pages

    Brooks, Leonard J. Business & Professional Ethics for Directors, Executives, & Accountants. Mason: Thompson South-Western, 2004. p227.

    Read More

  • Corporate Network Management

    1882 Words  | 4 Pages

    Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.

    Read More

More about Policy and Compliance (Tracey)

Open Document