Type of paper:Â | Case study |
Categories:Â | Cyber security |
Pages: | 5 |
Wordcount: | 1111 words |
The Health and Human Services reached a deal with Blue Cross Blue Shield of Tennessee to 1.5 million dollars for failing to adhere to the Health Insurance Portability and Accountability Act and security guidelines (Ali et al., 2013). The case by BCBST had security issues relating to confidentiality, integrity, availability, and privacy. BCBST would have prevented the security issue if it had adhered to security requirement by Health Insurance Portability and Accountability Act. The case involved the theft of unencrypted computer drives that contained electronically protected health information of individuals.
Confidentiality of the electronic information was at risk since the drives were not encrypted meaning that unapproved people whole gain entree to the electronic data intentionally or not. The absence of encryption means that system breach through hacking would grant admission to unsanctioned persons or malicious software. The privacy of the information was at risk since owing to lack of sufficient physical protection and encryption of the computer hardware the information could be accessed physically or remotely by unauthorized people. The availability of the electronic information was breached as the BCBST did not conduct requisite administration checks to ensure that the information is available to authorized people when requested on ultimatum as the physical drives had been stolen and the integrity of the electronic protected health information is not altered, this was not entirely adhered to as the lack of encryption and adequate physical protection meant that the information could be tampered with by unsanctioned persons.
BCBST was mandated by law to adhere completely to the HIPAA regulations. These regulations and requirements are meant to ensure the safety and security of electronic protected health information. The HIPAA regulations would ensure the safety of the electronic protected health information regarding providing administrative safeguards, physical safeguards and physical safeguards (Anna, 2003). The HIPAA regulations include the mandate of the BCBST to ensure the confidentiality, integrity, and availability of all electronic protected health information they generate, collect, retain or transfer. They are also obligated to recognize and safeguard against practically expected dangers to the security or integrity of the information, protect against sensibly expected, impermissible usages or leaks of the data and ensure acquiescence by their personnel to that the HIPAA requirements are fulfilled and enforced to the latter as this would have controlled access to both physical and remote electronic protected health information as the drives would have been encrypted eliminating access even if they were stolen. Notably, this would have ensured privacy, confidentiality, and integrity of the information even in the event of the drives being stolen as the information would be inaccessible.
BCBST undertook some measures after the security breach which was aimed to correct and prevent future security risks. Some of the steps employed by BCBST were adequate in avoiding future security breaches while other measures were not sufficient in providing a system that is not able to be breached again in the future. It put an extra physical level of fortification to its servers to prevent unauthorized physical access, it also encrypted all its laptops and computers and was considering encryption of all stationary data to prevent unauthorized access. The organization also restructured its security system by appointing a chief security officer whose mandate included coordination of all security functions of the organization to ensure better enforcement of security regulations and better monitored physical access control. The BCBST also put in place processes to preselect vendors who accomplish methods like mailing. Also, it also reevaluated the length of the period which it would allow data storage by the law. BCBST also put in place adequate measures to guarantee that its customer service is well qualified to tackle queries and pressing issues that relate to breaches of security.
The security issues emanating from breach are meant to be addressed and allayed by implementing and adhering to the HIPAA laws. The HIPAA laws provide technical safeguards, administrative safeguards and physical safeguards of electronic protected health information (Anna, 2003). The administrative safeguards require that the organization puts into place a security management process that analyses possible perils to the electronic protected health information, entitle a security personnel whose responsibility is to develop and implement its safety regulations and have an Information Access Management which is consistent with the Privacy Rule standard restricting the use and release of protected health information to what is necessary to the Security Rule needs a covered organization to implement guidelines and measures for authorizing access to electronic protected health information (Hill & Lynn 2000). Also, there should be labor force teaching and supervision through proper approval and regulation of staff members in accordance to its security policies and application of necessary disciplinary action on members who don't adhere to the regulations besides performing an episodic valuation of the degree of its policies and measures adhering to the security rule.
Physical Safeguards must also be put in place in the form of controlling access to the facility by regulating physical access and permitting all access. The organization must also have in place regulations relating to the handling of the electronic devices and equipment regarding their movement, removal or reuse. In addition to administrative and physical safeguards, the organization must ensure and implement technical safeguards which entail regulating the right of use through employing technical regulations that grant the right of entry to permitted individuals only. It must also conduct audit controls on both hardware and software to monitor access to the system (Hill & Lynn 2000). The entity must also ensure control of integrity by having procedures that would ensure there is no wrong variation and modification of the electronic protected health information and ensure that there is adequate security for electronic protected health information being conveyed over a network.
Strict adherence to HIPAA laws which ensures that physical safeguards, administrative safeguards, and technical safeguards are implemented is the only sure way to eliminate confidentiality, privacy, integrity and availability issues that may arise when access to electronic protected health information is accessed by unauthorized people. The organization must ensure that its staff is well trained on the HIPAA laws and ensure that they implement them. It is the mandate of the organization to follow the laws to the latter and report any cases of breaches to the relevant authorities to avoid negative publicity and heavy court fines.
References
Ali, N. A., Khalifa, O., & Manaf, A. A. (2013). ICT in Telemedicine: Conquering Privacy and Security Issues In Health Care Services. Electronic Journal of Computer Science and Information Technology: eJCIST, 4(1).
Annas, G. J. (2003). HIPAA regulations-a new era of medical-record privacy?. New England Journal of Medicine, 348(15), 1486-1490.
Hill, D. W., & Lynn, J. T. (2000). U.S. Patent No. 6,088,804. Washington, DC: U.S. Patent and Trademark Office.
Cite this page
Case Study: HIPAA, CIA, and Safeguards, Free Essay for Everyone. (2022, Apr 28). Retrieved from https://speedypaper.com/essays/case-study-hipaa-cia-and-safeguards
Request Removal
If you are the original author of this essay and no longer wish to have it published on the SpeedyPaper website, please click below to request its removal:
- Free Essay with Tricks for Getting Inspired to Write
- Essay Example on Facilities Management
- Fast Food Essay Examples
- Why Is Trade School a Good Alternative to College? Free Essay
- Healthcare Essay Sample: Patient Safety Event
- Essay Sample about Business Law-Agreements
- Paper Example: Multi-Agency Meeting
Popular categories