Policy_Paper_Draft POL311 - MxA1

docx

School

Excelsior University *

*We aren’t endorsed by this school

Course

311

Subject

Political Science

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by BrigadierClover1569

Policy Paper M5A1 POL311

Healthcare is a critical field that has an impact on every citizen. This paper addresses the need to address the regulatory requirements regarding the protection of healthcare data. The cybersecurity threat landscape is continually changing and the personal information is increasingly becoming a target for many hacking groups or nation state threats. Currently most organizations deal primarily with HIPPA regulations for protection of patient data. While the requirements It is critical the US put decisive controls in place to ensure the private and sensitive healthcare data is protected at the same level or better than we protect our financial data. This would apply to genetic information, treatment history and any other relevant medical information that is maintained for individuals. We can not continue to allow medical information to sit on the sidelines and wait for attackers to exploit an individual’s medical information. Many states have been pursuing more stringent regulations regarding financial data to include Ney York’s CYR 500, which was an industry first in cybersecurity regulation pertaining to financial data (Department of Financial Service, 2019). Additionally, the EU has implemented the GDPR this reform has made sweeping changes to the way that companies handle personal data. As a result, it is time that we develop a set of recommended security baseline controls that must be implemented across all medical support facilities and companies. This policy should allow flexibility to reflect the needs of individual organizations and strict enough to ensure that security requirements surrounding medical data are

controlled at the same expected level that many states and global regulations have defined for PII, financial data and Payment card data. The US must ensure the protection of citizen health data. The health industry maintains a significant amount of private and sensitive healthcare data, we must ensure that minimum expected controls are in place so health data is protected at the same level that we protect our financial data. We cannot continue to allow medical organizations to sit on the sidelines and wait for attackers to exploit an individual’s medical information. Current regulations around the protection of healthcare data need reform to advance the expectations for protection. Updating regulations to current international protection standards will cause a radical shift in the medical industry. Other industries have had significant regulatory reform to ensure enhance protection of data. Support Claim one ( Perakslis, 2014 ) ( Healthit.gov, 2019 )

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

HIPPA is the current standard in the medical industry. HIPPA applies the Security Rule test The Security Rule requires covered entities to maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e- PHI. Specifically, covered entities must ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit; Identify and protect against reasonably anticipated threats to the security or integrity of the information; Protect against reasonably anticipated, impermissible uses or disclosures; and ensure compliance by their workforce. “confidentiality” to mean that is not available or disclosed to unauthorized persons. The Security Rule's confidentiality requirements support the Privacy Rule's prohibitions against improper uses and disclosures of PHI. The Security rule also promotes the two additional goals of maintaining the integrity and availability of e-PHI. Under the Security Rule, “integrity” means that e-PHI is not altered or destroyed in an unauthorized manner. “Availability” means that e-PHI is accessible and usable on demand by an authorized person. HHS recognizes that covered entities range from the smallest provider to the largest, multi-state health plan. Therefore the Security Rule is flexible and scalable to allow covered entities to analyze their own needs and implement solutions appropriate for their specific environments. What is appropriate for a

particular covered entity will depend on the nature of the covered entity’s business, as well as the covered entity’s size and resources. Support Claim Two ( Eugdpr.org, 2019) (Department of Financial Services, 2019) (Sun, Wang, Soar, Rong, 2012) Updating regulations to current international protection standards will cause a radical shift in the medical industry to include regulatory reform like GDPR, NYDFS Cybersecurity reform. Cybersecurity has evolved at a rapid pace and other industries are making efforts to keep pace. The healthcare industry has not made Support Claim Three ( Eugdpr.org, 2019) (Department of Financial Services, 2019) Other industries have had significant regulatory reform to ensure enhance protection of data. Identify all cybersecurity threats, both internal and external to meet the following requirements Employ defense infrastructure to protect against those threats. Use a system to detect cybersecurity events, respond to all detected cybersecurity events, work to recover from each cybersecurity event, fulfill various requirements for regulatory reporting, Consumer protection on disclosure

Policy Design, Program development, Third party security, training requirements, limit access, data encryption, and annual certification. Conclusion The time for healthcare protection reform come. We must ensure that the healthcare industry meets the same expected controls as other industries. We can not allow medical organizations to perform only the controls that they see necessary or sufficient to protect patient data. A robust and uniform set of expectations must be implemented. References Department of Financial Services. (2019). FAQs: Cybersecurity Filing . [online] Available at: https://www.dfs.ny.gov/industry_guidance/cyber_faqs [Accessed 22 Mar. 2019]. Eugdpr.org. (2019). GDPR FAQs – EUGDPR . [online] Available at: https://eugdpr.org/the- regulation/gdpr-faqs/ [Accessed 22 Mar. 2019]. Healthit.gov. (2019). Health Information Privacy Law and Policy | HealthIT.gov . [online] Available at: https://www.healthit.gov/topic/health-information-privacy-law-and-policy [Accessed 24 Mar. 2019]. Kruse, C., Frederick, B., Jacobson, T., & Monticone, D. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology And Health Care , 25 (1), 1-10. doi: 10.3233/thc-161263

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

Perakslis, E. (2014). Cybersecurity in Health Care. New England Journal Of Medicine , 371 (5), 395-397. doi: 10.1056/nejmp1404358 Sun, L., Wang, H., Soar, J., & Rong, C. (2012). Purpose Based Access Control for Privacy Protection in E-Healthcare Services. Journal Of Software , 7 (11). doi: 10.4304/jsw.7.11.2443-2449