Security & Privacy

SECURITY AND PRIVACY
Name
Institution
Date
Question one
What are the three major areas in HIPAA Compliance?
Administrative
For an organization to be said to be compliant with the HIPAA Laws, it must have measures that have been put in place to make sure that only authorized personnel has access to the patients’ data. There also has to be measures set to make sure that the data that is contained in the system about patients is accurate to the latter. The organization should also engage the employees, those that will have access to the private data and those that will not in training program that will bring them in the know about the private policy and how it relates to them and their work. Additionally, the organization must also have a written document containing the privacy procedure to formalize it as well as require foreign members such as contractors requiring access the protected data to sign confidential agreements and meet the standards set by HIPAA for the same. In addition to this, the organization should assess its risks with regards to security and have backup plans to deal with the same. CITATION ins16 l 1033 (insured, 2016)Physical security
The HIPAA laws require that an organization have measures put in place to make sure that there are no physical threats to its information. Such threats mainly include theft of the electronic devices by either the employees or outsiders. In making sure that this is taken care of, the organization should protect the computers by limiting the easiness with which they can be disengaged from a workstation and limiting the number of people accessing more secure areas such as the monitor room.

The organization should also make sure that the employees and external persons are equipped with knowledge on how to take care of the devices as well as safely dispose of hardware and software. The information should be shielded from the public by ensuring that the monitors at the workstations cannot be viewed by the public. CITATION HHS16 l 1033 (HHS.gov, 2016)Technical
These are technological measures that ought to be in place to make sure that the organization’s networks and the computers or other electronic devices are not accessed by unauthorized persons or attacked. This can be done by the organization having encrypted versions of emails, protection against hackers and the like, protection against deletion of data and having formal documents of the technological configurations.
Question 2
Cybersecurity Laws
“The Electronic Communications Privacy Act of 1986”
This was enacted with the aim of prohibiting electronic access by unauthorized persons. CITATION Eri14 l 1033 (Fischer, 2014)Organizations can implement this by making sure that they have technological measures in place protecting the information from unauthorized personnel.
The E- Government Act of 2002
This Act was enacted to guide the IT management and initiatives of the federal government to make available information and services online and also provides requirements for cyber security, and organization can implement this by ensuring that its systems are compliant with the regulations put in place by the Act.
Cybersecurity Act of 2015
This was put in place to encourage the private sector to exchange information in cyber threats. Implementation of this can be ensured by having systems with an integration system to enable information sharing with the government.
CyberSecurity Enhancement Act of 2014
This act came into place to provide for partnership between the public and private sector to ensure that awareness of cyber security is enhanced and that people are in the know of cases of cyber threats. Organizations can implement this by putting into place measures and systems complying with the act and ensure that they take part in sensitizing the public about security threats.
Question three
Benefits of COBIT and ITIL and how they are implemented in any organization
Both COBIT AND ITIL if and when implemented as they should enable organizations to align themselves with the requirements as to compliance and protection of information and management of risks. CITATION ISA15 l 1033 (Radhakrishnan, 2015) They also help in making sure that the organization can exercise internal control over its operations. CITATION BMC15 l 1033 (Software, 2015)References
BIBLIOGRAPHY Fischer, E. A. (2014). Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws & Proposed Legislation. Congressional Research Service.
HHS.gov. (2016). “Summary of the HIPAA Security Rule.” Retrieved from HHS.gov: www.hhs.gov
insured. (2016). Healthcare In The Age of Data; Meeting the 3 Components of HIPAA Security Rules at Your Practice. Retrieved from insureon: aliedhealth.insureon.com
Radhakrishnan, S. (2015, April 6). Cobit Helps Organizations Meet Performance & Compliance Requirements. Retrieved from ISACA: www.isaca.org
Software, B. (2015, September 22). 6 Benefits of ITIL. Retrieved from BMC Blogs: www.bmc.com