This website uses cookies to ensure you have the best experience. Learn more

Hipaa, Cia, And Safeguards Essay

1940 words - 8 pages

The Health and Human Services (HHS) settled a case with Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million for violating the Health Insurance Portability and Accountability Act (HIPAA) and security rules. There are security issues with BCBST in regard to confidentiality, integrity, availability, and privacy. There are also security requirement by HIPAA which could have prevent the security issue if it has been enforced. There are correction actions taken by BCBST which were efficient and some may have not been adequate. There are HIPAA security requirements and safeguards organization need to implement to mitigate the security risk in terms of administrative, technical, and physical safeguards.
On 5 October 2009, computer equipment from a network data closet was stolen from BCBST. The items stolen were 57 unencrypted hard drives which contained over 300,000 video recording and over one million audio recordings. According to Whitman & Mattord (2010), confidentiality, integrity, and availability makes up the C.I.A triangle which is the basis of Committee on National Security model for information security, an industrial standard, (Whitman & Mattord, 2010). Confidentiality can be a synonym for encryption but also means only the people with the correct permission can access the information. One of the major security issue is the hard drives were not encrypted. The hard drives should be encrypted to prevent people from reading the information the computer. Software can be purchased which will encrypt files on hard drive with such as Folder Lock, SensiGuard, Secure IT, and more. There are open source encrypting software which are free for use which could have been used. If the hard drives were not needed, the data should have been destroyed and not left in a data closet. If the data needed to be saved for a period of years, then the hard drives should have been locked up. Integrity is making sure the data is accurate and that changes are made by a person with the appropriate permission. With the data being video recordings and audio recording, the information should be correct unless if hard drives have been damaged or corrupt which could be done by hard drives going bad or someone wanting to damage the drives. Availability is the security goal of the information being reliable and able to be accessed. With the hard drives being in the closet, hard drives are not available for use when the company has moved to another location and there are no staff in the building. For anyone to access the drives, the staff would have to go to the old facility and go into the closet and get the drive needed and connect it into a computer to pull the information needed. The server was not responsive on October 2nd and was not checked until October 5th. BCBST should have checked the server when it was alerted on the 2nd instead of waiting until the 5th. Privacy is the control and use of disclosure of personal information. There are major privacy issues with...

Find Another Essay On HIPAA, CIA, and Safeguards

Conversion to Electronic Health Records Essay

953 words - 4 pages , integrity and accessibility of electronic health information. Adherence to administrative, physical and technical safeguards helps attain these goals. Breach of HIPAA standards carries significant penalties. Transition from paper medical records to an EHR system creates complex, technical issues throughout the entire health care industry. Manufacturers must continually develop and update software to comply with evolving standards. Furthermore

Health Insurance Portability and Accountability Act (HIPAA)

1793 words - 7 pages For the past several years, particularly since compliance with the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA) went into effect on April 14, 2003, health care professionals have become especially concerned with the privacy laws and their effect on the provision of health care. Causing further concern is how this rule complements or contradicts the rule for the Protection of Human Subjects, otherwise known as

Civil Liberties

1223 words - 5 pages appropriate in some limited circumstances, it should be done with strict safeguards. These safeguards include protecting information about U.S. persons from disclosure to the CIA, requiring a court approval for disclosure, limiting disclosure to foreign intelligence information as defined in the Foreign Intelligence Surveillance Act, limiting disclosure to foreign governments, and requiring that disclosed information be marked to indicate how it

Electronic Health Record

1282 words - 5 pages issues. In 1996, U.S. Congress enacted a non-for-profit organization called Health Insurance Portability and Accountability Act (HIPAA). This law establishes national standards for privacy and security of health information. HIPAA deals with information standards, data integrity, confidentiality, accessing and handling your medical information. They also were designed to guarantee transferred information be protected from one facility to the next

Oversight of MK-ULTRA and PRISM

3293 words - 13 pages As technology continues to advance at lightning speed, the world as we used to know it is beginning to disappear. Publically available data has replaced much of the espionage tactics that the CIA depended on after WWII and into the Cold War. Information that used to take years to obtain through covert missions is now readily available on social media, commercial databases, or through Signals intelligence (SIGINT). As the world becomes

Massachusetts General Hospital

1369 words - 6 pages Massachusetts General Hospital The internal control breach that involved Massachusetts General Hospital missing records did turn up the regulatory and enforcement heat in the Health Insurance Portability and Accountability Act (HIPAA). The requirements of HIPPA provide clear guidelines that require all health care providers, in the United States, to give insightful protection of the private patient information. This protection should be done

Civil Nuclear Cooperation Initiative with India

1568 words - 6 pages IAEA to supervise its nuclear reactors, India is demonstrating to other nations around the world that they are being a responsible nation that is working towards ending the use of nuclear weaponry. “India has agreed to separate its military and civilian nuclear programs over the next eight years, placing 14 of its 22 reactors under permanent international safeguards, as well as all future civilian thermal and breeder reactors” (Donnelly and Serchuk

Compensation and Benefit Management

1373 words - 5 pages agrees to pay $1.7M in HIPAA penalties: what this tells you. Venulex Legal Summaries, 1. D’Aquino, M., & Williams, L. U.S. Department of Labor , (2013). Us labor department sues to restore $4.9 million to pension funds of iowa iron casting foundry and michigan manufacturer (13-1090-ATL). Retrieved from website: http://www.dol.gov/opa/media/press/ebsa/EBSA20131090.htm Jurrens-Sudkamp, E. (2009). Cobra's Gross Misconduct Exception: Strategies for

Advancing Technology and the Nurse's Role

977 words - 4 pages , Sensmeier & Brokel, 2009, p.5). The nurses at the Ohio Bureau of Workers’ Compensation (OBWC) practice in the non-clinical setting. They review claim files for diagnosis and provide clarification when a medical opinion is needed. Information for injured workers, employers, and providers is collected and housed in a large database called Version 3 (V3). Workers’ Compensation is exempt from the HIPAA standard but injured worker privacy and

Legacy Information Systems

1794 words - 7 pages knowledge of legacy application tools, non-existent documentation, and the capacity to enrich or modify security safeguards (NASCIO, 2008). Modernizing or replacing legacy systems has given rise to a reduction of expenditures and risks. However, these benefits are not realized without the understanding and selection of an appropriate migration strategy. There are two objectives for this research, to analyze information security risks associated with

Communication and Technology in the Business Organization

1660 words - 7 pages information security and privacy laws have been enacted and international security standards have been created. One major law enacted in the United States is the Health Insurance Portability and Accountability Act, or HIPAA. This law sets guidelines for companies within the healthcare industry. HIPAA, among other things, defines who can have access to personal information as well as what physical and technical safeguards must be in place to protect

Similar Essays

The Health Insurance Portability And Accountability Act (Hipaa)

771 words - 4 pages transferred or stored (ie. Emails, voice mails, medical files, or through verbal communication). Information that contains phone numbers, addresses, social security numbers, birthdates, finger prints, or any other identifying measure is considered PHI. The Security Rule Standards explain how organizations working under HIPAA compliance requirements, ensure Confidentiality, Integrity, and Availability (CIA) of a patient’s electronic Protected Health

Hippa Essay

1530 words - 6 pages Surname 6NameProfessor's nameUnit codeDateHIPPA DISCLOSUREIntroductionThe Health Insurance Portability and Accountability Act was enacted by government in 1996 following several predicaments that faced health care privacy, coverage, fraud and security in USA). Before HIPAA there was not only real consistency, but also confusion as to which rules were applicable. (ALL THINGS MEDICAL BILLING, 2011, para. 3). With privacy, there were many

Patients' Rights And Access To Medical Records

1010 words - 4 pages medical personnel and others acquired by law. In July 1999, the Health Care Financing Administration (HCFA), introduced a new Patient's Rights Condition of Participation (CPO) that hospitals must meet to be approved for, or to continue participation in the Medicare and Medicaid programs. The Health Insurance and Accountability Act of 1996 (HIPAA) addresses the security and privacy of health data and also issues standards for electronic health

An Evaluation Of Security Acts And Models

1936 words - 8 pages data. Some of the most well-known, not to mention the expansive impact, of such legislation includes the Federal Information Security Management Act (FISMA), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), and the Sarbanes-Oxley Act (SOX). In addition to these acts, several framework models and proven metrics have been developed to assist organizations in complying with these federal mandates