SEC440 Week 7
16 Oct 2014
TO: Company Chief Security Officer
FROM: Security Engineer
DATE: 16 Oct 14
SUBJECT: HIPAA Security Compliance for Alba, IA Hospital
Any patient that is seen by a physician within the United States is to be protected by the “Health Insurance Portability and Accountability Act” or HIPAA, which was passed into law in 1996 (Jani, 2009). All health care facilities dealing with any protected health information (PHI) are to ensure that all physical/electronic processes are safeguarded from any third party entity or unauthorized personnel according to HIPAA. All health care data to include any medical insurance …show more content…
Administrative Measures For any HIPAA policy to fully work, the policy must have full support of the administration. Administration must completely back the policy that is set in place and implement it entirely to ensure that we are fully compliant with the Act. Administration will also appoint individuals specifically will have any access to patient medical information. This access will only apply to medical staff personnel, such as nurses, doctors, and medical technician; that have a need to know on patient information and must be used only for a medical reason. Administration must also ensure that annual training in conducted to ensure that all personal are trained on a regular basis on HIPAA. It is also the responsibility of administration to come up with procedures on how to deal with the release of patient information to third party entities such as insurance companies and government officials.