Policy_Paper_M6A1 POL311

docx

School

Excelsior University *

*We aren’t endorsed by this school

Course

311

Subject

Political Science

Date

Oct 30, 2023

Type

docx

Pages

Uploaded by BrigadierClover1569

Policy Paper M2A1 POL311

Healthcare is a critical field that has an impact on every citizen. Protecting patient data is far from simple and requires many components that must be addressed. As a result, it is time that we develop a set of recommended security baseline controls that must be implemented across all medical support facilities and companies. This policy should allow flexibility to reflect the needs of individual organizations and strict enough to ensure that security requirements surrounding medical data are controlled at the same expected level that many states and global regulations have defined for PII, financial data and Payment card data. Using NYDFS cybersecurity framework and components GDPR as a baseline for the healthcare regulatory policy would be a strong move in the correct direction. With NYDFS CRR 500 as guidance, we can apply to all these controls to healthcare providers. Medical organizations must employ defensive infrastructure to protect against threats (Department of Financial Services, 2019). The successful creation of a policy that meets the deficient areas of the current HIPPA compliance mandates should include the following:  Security Risk Assessment and Policies to ensure that providers have identified possible security risk within their unique environment.  Qualified individuals for overseeing, implementing and performing security functions to ensure that all security staff have the proper education, training and experience to execute and implement proper security infrastructure.

 Penetration Testing and Vulnerability Assessments to actively seek and correct identified vulnerabilities and risk within the providers infrastructure.  Monitoring and retention of security relevant systems to ensure that investigations can be performed to identify systems affected after an incident.  Access Privileges to ensure that individuals with the need to have access to information are the only ones that do have access.  Application Security to ensure that all custom developed software is reviewed and follows proper SDLC lifecycles and secure configuration practices.  Third party providers security policy to ensure that third providers enforce proper security controls and perform due diligence  Multifactor authentication for remote access to ensure that connections to systems containing patient data are secure from simple authentication.  Encryption of Healthcare data at rest and in transit  Incident Response planning to ensure that plans have been made for handling and responding to incidents that occur. This framework should be adaptable to organizations based on their size, complexity and type of healthcare data maintained (Department of Financial Services, 2019). Coupling this with the consumer protection offered under GDPR for how their private data is handled, maintained and how it can be distributed is a bold step to

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help

ensuring that digital medical information maintains confidentiality and integrity ( Eugdpr.org, 2019). As many different sectors give carful though to the importance of cybersecurity over the last few years, we must make this effort in one critical sector that has fallen behind. This Healthcare Security and Accountability Policy is intended to ensure that patient data security is accomplished at a reasonable level for all medical providers. According to HIPPAJournal.com, In 2018 there were numerous breeches from providers such as UnityPoint Health with over 1.2 million records and CA Department of developmental health services with over a half million records. At the rate that cyber- crime continues to grow, the US must mandate minimum security requirements. It is critical we put decisive controls in place to ensure the private and sensitive healthcare data is protected at the same level or better than we protect our financial data. We cannot continue to allow medical information to sit on the sidelines and wait for attackers to exploit an individual’s medical information.

References Department of Financial Services. (2019). FAQs: Cybersecurity Filing . [online] Available at: https://www.dfs.ny.gov/industry_guidance/cyber_faqs [Accessed 22 Mar. 2019]. Eugdpr.org. (2019). GDPR FAQs – EUGDPR . [online] Available at: https://eugdpr.org/the- regulation/gdpr-faqs/ [Accessed 22 Mar. 2019]. Healthit.gov. (2019). Health Information Privacy Law and Policy | HealthIT.gov . [online] Available at: https://www.healthit.gov/topic/health-information-privacy-law-and-policy [Accessed 24 Mar. 2019]. Kruse, C., Frederick, B., Jacobson, T., & Monticone, D. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology And Health Care , 25 (1), 1-10. doi: 10.3233/thc-161263 Perakslis, E. (2014). Cybersecurity in Health Care. New England Journal Of Medicine , 371 (5), 395-397. doi: 10.1056/nejmp1404358 Sun, L., Wang, H., Soar, J., & Rong, C. (2012). Purpose Based Access Control for Privacy Protection in E-Healthcare Services. Journal Of Software , 7 (11). doi: 10.4304/jsw.7.11.2443-2449