Paper_Draft POL311 - M5A1

docx

School

Excelsior University *

*We aren’t endorsed by this school

Course

311

Subject

Political Science

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by BrigadierClover1569

Policy Paper M5A1 POL311

Currently most organizations deal primarily with HIPPA regulations for protection of patient data. The portion of HIPPA that is most relevant to organizations is the application of the Security Rule test. The Security Rule requires organizations to maintain reasonable and appropriate administrative, technical, and physical safeguards ensuring that PHI (Public Health Information) is protected. Additionally, they must ensure the confidentiality, integrity, and availability of all patient data created, received, maintained or transported to parties; identify and protect against threats to the security or integrity of the information; Protect against inappropriate use or disclosures and ensure compliance by their all employees ( Perakslis, 2014 ) . “Confidentiality” is a term that means it is not available or disclosed to an unauthorized individual. The Security Rule from HIPPA supports the Privacy Rule's prohibitions against improper uses and disclosures of PHI. The Security rule also supports maintaining integrity and availability of PHI. Under this rule, “integrity” means that PHI is not modified in an unauthorized manner or by an unauthorized individual. “Availability” means that data is accessible and usable on demand by an authorized individual. Orginizations that are covered by HIPPA range from the smallest provider to the largest, multi-state health care providor. Therefore, the Security Rule is considered flexible and scalable to allow medical providers and companies to analyze their own needs and implement the necessary controls as appropriate. The issues that arises is what a particular covered entity deems appropriate is based on the organizations own risk assessment ( Healthit.gov, 2019 ) . Many states have been pursuing more stringent regulations regarding how PII and financial data is handled. One such example includes Ney York’s CYR 500, which was an industry first in cybersecurity regulation pertaining to financial data (Department of Financial Service, 2019). Another regulatory achievement was the release of the EU’s GDPR, this reform

has made sweeping changes to the way that companies handle personal data ( Eugdpr.org, 2019). With NYDFS CYR 500 there are many controls that financial organizations must implement if they meet the minimum organization sizes. Some of the additional protections that organizations must enforce are as follows: they must employ defensive infrastructure to protect against threats; use a system to detect cybersecurity events and alert on events, respond to all detected cybersecurity events, work to recover from each cybersecurity event, requires reporting of all incidents that cause breach of data, additional consumer protection on disclosure, policy design, Program development, Third party security, training requirements, limit access, data encryption, and annual certification (Department of Financial Services, 2019). As we can see many organizations have been required implement a more specific set of controls. These controls mimic those provided by GDPR, with additional protections for how consumers are able to ensure that they control the data they provide to organizations ( Eugdpr.org, 2019). Most individuals would agree that medical information is significantly more private that financial data in most cases. So why has no one made the effort to ensure that the same protections afforded to financial data are enforced for health data. Ensuring that all organizations that handle Updating regulations to current international protection standards will cause a radical shift in the medical industry.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

References Department of Financial Services. (2019). FAQs: Cybersecurity Filing . [online] Available at: https://www.dfs.ny.gov/industry_guidance/cyber_faqs [Accessed 22 Mar. 2019]. Eugdpr.org. (2019). GDPR FAQs – EUGDPR . [online] Available at: https://eugdpr.org/the- regulation/gdpr-faqs/ [Accessed 22 Mar. 2019]. Healthit.gov. (2019). Health Information Privacy Law and Policy | HealthIT.gov . [online] Available at: https://www.healthit.gov/topic/health-information-privacy-law-and-policy [Accessed 24 Mar. 2019]. Kruse, C., Frederick, B., Jacobson, T., & Monticone, D. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology And Health Care , 25 (1), 1-10. doi: 10.3233/thc-161263 Perakslis, E. (2014). Cybersecurity in Health Care. New England Journal Of Medicine , 371 (5), 395-397. doi: 10.1056/nejmp1404358 Sun, L., Wang, H., Soar, J., & Rong, C. (2012). Purpose Based Access Control for Privacy Protection in E-Healthcare Services. Journal Of Software , 7 (11). doi: 10.4304/jsw.7.11.2443-2449