Steven Baardsen
SEC440
Professor Freund
Information technology security, by nature, deals with the handling of sensitive information in both a physical and cyber aspect in regards to specified rules, procedures, regulations, laws, and acts, such as HIPAA, that have already been established. In this paper, I will write from the aspect of a security engineer for a hospital group based in Cincinnati, OH. The group that I am a part of has just acquired a small hospital in Alba, IA. The hospital is currently utilizing a paper form system, except for the insurance billing. The company CSO has asked that I draft a memo that gives an overview of what will be necessary to bring this small hospital …show more content…
This includes safeguarding the patients’ physical and electronic sensitive information, or protected health information (PHI), from any unauthorized personnel. All health care institutions are expected to enforce HIPAA rules to ensure the efficiency of the health care system, which will safeguard the administrative, physical, technical, and electronic processes (Jani, 2009). The first chapter of the HIPAA act, Title 1, describes how to enforce the group health and personal health plans. Each patient can be restricted from a health plan for one year after enrollment, or eighteen months if the patient was late for enrollment. Long term plans are excluded. Patients who already have a health care plan prior to the exclusion would have their plan reduced or eliminated. Health care fraud and abuse is covered in Title 2 of the HIPAA and is an attempt to simplify rules regarding who is responsible for processes involving any breach of …show more content…
This also means that specific measures will need to be taken in order to safeguard electronic protected health information, or ePHI. All data being transferred on an open network will be secured with encryption and only authorized personnel will be allowed to utilize the computers. The encryption protocol that we will use will be the secret key in order to render any intercepted data as useless to a hacker (Armstrong et al., 2005). Data integrity will be confirmed by the use of a check sum, digital signature, and double-key methods. All data being transferred on a closed network will invoke access controls. The data receptionist will confirm and authenticate who the person is that is transferring data with the usage of passwords, two way hand shaking, token systems, or even calling the person. In the event, that the access controls fail than we will want to decide on an encryption system to