Vincent Cooper CYB 260 Project One Milestone

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

260

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by AdmiralMorningCapybara30

Report
Vincent Cooper 2/2/2024 CYB 260 Project One Milestone Template I. Analysis of Requirements Select three fair information practice principles from the privacy statement provided by your instructor. Then fill in the blank cells in the table below. Requirements Table 1
Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Privacy Practices Notice HIPPA & Clinical Laboratory Improvement Act (CLIA) *Provider/health plan must notify the individual about the usage of their protected health information and how it is being used. It must also list ways of contacting the issuer (health provider) of the notice. *The individual must provide consent which is asked from a covered health provider who has a direct relationship with the *individual unless in an emergency. Individuals also have the right to review and get a copy of the data. Individuals have the right to amend inaccurate or incomplete information. *Individuals have the right to ask for the use and disclosure of the data to be restricted. Individuals have the right to request an alternative way to receive communications of the data. Data is kept safe and encrypted like most private health data. Health care providers must request consent before disclosing and using the individual’s personal information unless its an emergency. 2
Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Administrative Requirements HIPPA FDA OHSA MHSA *The flexibility & scalability of this principle allows covered entities to think about their needs before applying solutions that fit those needs. *Must train their workforce members on privacy policies and procedures that are necessary within their field. *A covered individual/group must make someone cover the role of privacy official to be held responsible for coming up with privacy principles and procedures as well as become a form of contact responsible for receiving complaints before providing those people with the appropriate information on the privacy practices. *Must keep the data safe in a reasonable and appropriate manner including both technical and physical protections. Must not retaliate against individuals when exercising their privacy rule rights. This also includes when they aid an HHS investigation and when they choose to oppose an act or practice that they believe their privacy rule rights are (HIPPA) are being violated. 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Fair Information Practice Principle Applicable Privacy Law or Laws Level of Compliance Safeguards Permitted Uses and Disclosures HIPPA FDA OHSA MHSA *Covered entity is permitted but not required to use and disclose an individual’s private health data without their consent when disclosing or using it directly with that individual. This also counts for treatment, payment. *Individuals have the right to agree or object. The entity (usually health provider) can use the individual’s private health info for public interest and benefit activities (usually the data is limited to strictly fit the purpose of the research and public health or health care operations. *Health care providers and other covered entities may use their professional ethics and best judgements when deciding to disclose private health data. *Information can be disclosed for law enforcement purposes, victims of abuse, neglect or domestic violence may have their information disclosed by their health provider to better aid them in their case. *Information is limited, and only necessary information is used for things like studies and surveys. *Patients must be notified if information is being disclosed. Like most private health data, information must be stored in a both physically safe and technically safe environment. II. Business Implications 4
A. Discuss the role of ethics as a business driver in this decision. How do the organizational values (as an ethical stance) align to the decision? What responsibility does the organization have pertaining to privacy? Insert your response in the box below. The Fit-vantage company was approached by the Helios Insurance Agency with a business deal. The proposal was introduced by Helios to gain access to the data generated by a recently launched fitness wearable device. The idea was not well-received by most potential buyers. I believe its important for Fit-vantage to prioritize the security of their customer’s private data that gets collected from the fitness watches. If they fail to take appropriate measures to safeguard their customer’s data, they can end up with not only lawsuits, but a bad reputation with little to no costumers. B. Discuss how your personal ethical stance aligns to the decision. How did you apply an ethical framework or decision strategy to inform your position? Insert your response in the box below. My personal ethical stance aligns with my decision because I always believe everyone deserves the right to privacy, especially when dealing with personal and health-related information. I believe personal and health-related data is one of the most important pieces of information that should be highly safeguarded. I applied an ethical framework to inform my position by going over the many possible decisions and picking ones that were more closely tailored to the two organization’s needs. I then went over the few that stuck out most to me with a closer eye before choosing the best option. C. What would you recommend the company do? Describe how you came to this decision. How did you balance differences between organizational ethics and your own personal ethics? Insert your response in the box below. I would recommend Fit-Vantage to go through with the business deal with Helios as I believe after going over the scenario, in which they discuss the importance of keeping their costumer’s data private and safe, I believe its possible for them to develop security measures and practices that align with the privacy laws. Helios should keep a record and monitor how the data is kept safe to ensure if something goes wrong, the right party is held at fault. I also believe there should be transparency with their customers regarding the fact that their information will be used and exactly how its going to be used. To keep costumers at ease, they should also inform them that the proper security measures are in place to ensure their data is being kept secure and private. 5

Related Documents

CCJS 421 - Discussion 6.pdf
CCJS 421 - Discussion 1.pdf
dad 220 mod 2 lab.docx
Project One Project Plan Project Management (1).docx
Notable Security Incident week 7 assign 1.docx
M3P Portfolio Project Ethical Scenario 1.docx
Vincent_Cooper CYB 250 Stepping Stone One.docx
3.3.docx
3.5.docx
AllenGregory-Assignment4.docx
Threat Protection & Testing Lab 3 – Running Tenable Nessus S.docx
ThreatProtectionTestingLab1RemoteCodeInjection(Samba)onMetasploitableVM.docx