SEC440 Week 7
16 Oct 2014
TO: Company Chief Security Officer
FROM: Security Engineer
DATE: 16 Oct 14
SUBJECT: HIPAA Security Compliance for Alba, IA Hospital
Any patient that is seen by a physician within the United States is to be protected by the “Health Insurance Portability and Accountability Act” or HIPAA, which was passed into law in 1996 (Jani, 2009). All health care facilities dealing with any protected health information (PHI) are to ensure that all physical/electronic processes are safeguarded from any third party entity or unauthorized personnel according to HIPAA. All health care data to include any medical insurance …show more content…
In conjunction with ensure that all data transfer is encrypted, we must also ensure that our network is also secure. Firewalls will be implemented on the network, to include our network gateways, in order to protect our confidentiality of sensitive information and network infrastructure from any unapproved access. All traffic, inbound and outbound, will be routed through the firewall to make sure that all packets are filtered to block any malware and to block any packets from any IP addresses that are deemed unauthorized and on the block list.
Administrative Measures For any HIPAA policy to fully work, the policy must have full support of the administration. Administration must completely back the policy that is set in place and implement it entirely to ensure that we are fully compliant with the Act. Administration will also appoint individuals specifically will have any access to patient medical information. This access will only apply to medical staff personnel, such as nurses, doctors, and medical technician; that have a need to know on patient information and must be used only for a medical reason. Administration must also ensure that annual training in conducted to ensure that all personal are trained on a regular basis on HIPAA. It is also the responsibility of administration to come up with procedures on how to deal with the release of patient information to third party entities such as insurance companies and government officials.