StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

New Policy Statements- HIPAA - Assignment Example

Cite this document
Summary
The environment of business is undergoing a constant change and along with it the customs of working are experiencing paradigm shift (Gitman & McDaniel, 2007). Previously, information in organizations in relevance to their business operations was stored manually in the form of…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.6% of users find it useful
New Policy Statements- HIPAA
Read Text Preview

Extract of sample "New Policy Statements- HIPAA"

New Policy ments - HIPAA  Table of Contents Table of Contents 2 Introduction 3 Reviewing the Policy 4 Recommendations 4 New Policy for Permanent& Temporary Employees 5Additional Network Privileges 6Conclusion 7References 8IntroductionThe environment of business is undergoing a constant change and along with it the customs of working are experiencing paradigm shift (Gitman & McDaniel, 2007). Previously, information in organizations in relevance to their business operations was stored manually in the form of written documents.

But recently, this concept of storing information has witnessed a sea modification (Takai & Et. Al., 2011; Pozgar, 2007). Now-a-days, information in organizations is usually stored in computers. However, it was gradually recognized that even this method was not completely secured and information were accessed and misused from the computers without having the need to operate the computer physically from which the data was supposed to be accessed. Developments in technology were making the business operations and way of working easier whereas, at the same time those developments assisted in manipulating ways and misusing the information for one’s own benefit (Pesante, 2008).

Reviewing the Policy The organization or company whose policies regarding information security need to be reviewed is in the business of insurance and deals with health insurance. The review is proposed in order to make certain that it fulfills the regulatory obligations and meet up to the obligations of the associated standards as well as regulations. The company comes under the Health Information Portability and Accountability Act (HIPAA) according to which any information regarding health requires to be protected.

Taking into account the federal standards, patients should be capable of accessing information in relation to their respective medical records (HIPAA, 2007). Based on the nature of business operations, the company complies with the guidelines of HIPAA, HITECH, GLBA and PCI-DSS.RecommendationsIn spite of abiding by all the relevant regulations, the policy regarding accessing information by a fresh user and the prerequisite for passwords are becoming a grave concern for the supervisor of the company.

Although the present policy of the company ensures high level of security but still it should structure a new policy. According to the new policy the request to access information by the new user along with the personal details and signature would be initially taken down. According to the policy, access would be provided only to the particular information or area specifically requested by the new user. There should be a time limit mentioned in the policy for accessing information by a new user and once the limit is over, the access should be automatically denied by the software.

In case the user requires more time, a fresh request should be submitted again. In case of accessing any kind of sensitive information or administrator level information, manager’s approval should be made mandatory. This new policy in relation to a fresh user should be implemented in the organization.New Policy for Permanent & Temporary EmployeesAccording to the new policy the temporary employees need to abide by the same procedure applicable for new users. But a separate guideline should be framed for the permanent employees.

The guidelines would signify the implementation of a unique code provided by the organization to their permanent employees. The permanent employees are supposed to access information with the help of their respective unique codes. From the stated guidelines, it is evident that the policy regarding the permanent and temporary employees would not be the same.Additional Network PrivilegesThe policy in case of requirement for additional network privileges by the employees would involve obtaining an approval for the same from the concerned manager of the department.

Once the approval has been arranged, a temporary code would be provided to the employee for the day. According to this policy the additional network privileges would be arranged for permanent employees only.According to the new information security policy statement of Heart-Healthy Insurance a fresh user should be provided access only after meeting the above mentioned security standards laid down in the policy statement. This is essential so as to protect the information from being accessed and used for unethical reasons.

In addition, the new policy statement should clearly mention the need of the manager’s approval in case of accessing information in the administrator level. This would help controlling the access of a fresh as well as the existing users by the administration.The policy with regard to the requirements for password was considered to be quite secure but minor alterations were still needed. A new policy needs to be developed in this regard according to which, in case of rearranging a password, the user should be asked for the previous password before making changes.

In case of feeding wrong passwords for three consecutive times, access to the site should be blocked and the user should reset the password from the mail id that is registered with the company. Thus, a new policy in regard to a fresh user and password should be developed incorporating the above mentioned modifications.ConclusionThe above modifications have been recommended in order to protect the information of the company from being stolen or misused. The suggested new policy along with some modifications compared to the existing one are made in accordance with the US federal regulatory requirements as according to it a company should protect any kind of information related to its business functions and people involved.

The suggested new policy meets up to the HIPAA Security Regulations and fall under the category of Technical Security Controls. According to the US federal regulatory requirements, companies need to develop a security program that would assist in protecting the information but no particular system chiefly has been stated to be adopted. So, it completely depends on the company to adopt security systems which they think would work best and would be compliant with the law as well. ReferencesGitman, L. J. & McDaniel, C., (2007). The Future of Business: The Essentials.

Cengage Learning.HIPAA, (2007). The HIPAA Guide – Security and Privacy Policies. Home. Retrieved Online on October 10, 2011 from http://www.hipaaguide.net/Pesante, L., (2008). Introduction to Information Security. Carnegie Mellon University. Retrieved Online on October 10, 2011 from http://www.us-cert.gov/reading_room/infosecuritybasics.pdfPozgar, G. D., (2007). Legal aspects of health care administration. Jones & Bartlett Learning.Takai, T. M., (2011). Managing Information Security Risk: Organization, Mission and Information System View.

DIANE Publishing.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 words”, n.d.)
New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/business/1581441-new-policy-statements-hipaa
(New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 Words)
New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/business/1581441-new-policy-statements-hipaa.
“New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/business/1581441-new-policy-statements-hipaa.
  • Cited: 0 times

CHECK THESE SAMPLES OF New Policy Statements- HIPAA

IT Security and Sarbanes-Oxley Act

IT Security & Sarbanes-Oxley Act Course/Number Date I) Introduction Also known as the Corporate and Auditing Accountability and Responsibility Act [in the House], and the Public Company Accounting Reform and Investor Protection Act [in the Senate], the Sarbanes-Oxley Act 2002 came into being, following its enactment on July 30th, 2002....
5 Pages (1250 words) Term Paper

Healthcare Policy Analysis: HIPPA Privacy Rules

hellip; The privacy rule of hipaa has faced numerous challenges that are creating a barrier in the development process of establishing new treatment procedures in the health care industry.... The Health Insurance Portability and Accountability Act (hipaa) was passed in the year 1996 by the United States Congress and is also acknowledged as the Kennedy- Kassebaum, which is named after two of the leading sponsors who played a decisive role in introducing the legislation....
12 Pages (3000 words) Coursework

Email and Internet Usage Policies

Specific policy regarding email applies to all employees, whether administrative, health care, support or maintenance staff.... Upon orientation, which all new staff must go through, rules and regulations regarding use of the company intranet and email system are clearly spelled out, in a specific section of the employee handbook.... Instructions are also given on how to handle setting up new accounts, dealing with technical support issues and any other questions regarding the intranet or email....
4 Pages (1000 words) Essay

Hospitals Information System

Hospitals in essence deal with healthcare, attending to sick and infirm, prescribing treatments for alleviating suffering, reducing morbidity, preventing death, and effecting cure.... In the hospital environment an effective information system is like a network of nerves that… The information system in a hospital are geared to serve two major roles (i) collection, collation, information generation related to the patients for decisions taking related to diagnosis, treatments, and, (ii) information dissemination to patients about their treatment modules, scanning procedures, precautions, preventions, and costs of treatments....
10 Pages (2500 words) Essay

IT Security & Sarbanes-Oxley Act

The present term paper "IT Security & Sarbanes-Oxley Act" explores the law which derives its name from its sponsors, the then United States Senator Paul Sarbanes and Representative Michael Garver Oxley.... Reportedly, Act is sometimes informally referred to as SOX or Sarbox.... hellip; The Sarbanes-Oxley Act of 2002 sought to set enhanced standards for all American public company management, boards, and accounting firms....
5 Pages (1250 words) Term Paper

New Topic

The first component is process, where the company systematically captures and shares important knowledge (Dalkir & Liebowitz, 2011, p.... 25).... One the main challenge here is choosing… This can be mitigated by ensuring that the chosen systems and tools fit the KM needs and goals of the company. The next component of a KM strategy is February 6, The major components of a KM strategy build on an organization's process, people, and technology....
1 Pages (250 words) Personal Statement

Confidential Human Resource Records

The Health Insurance Portability and Accountability Act (hipaa) demands confidentiality of the information related to employee health insurance given by the employer.... The company is facing severe myriad of privacy issues.... The company's board of directors and management need to address those issues in the light of federal and state laws with the support of theoretical evidences....
6 Pages (1500 words) Essay

Risk Management Position in Healthcare Designated Record Set HIPAA Privacy Laws

This paper aims to analyze a case study of a doctor who breached the rules of the hipaa and was sentenced.... nbsp;… This research will begin with the statement that Privacy rules and the Health Insurance Portability and Accountability Act (hipaa) regulate what information regarding the health of an individual can be used and disclosed.... Covered entities and practitioners who do not observe the confidentiality of protected health information (PHI) are subject to penalties under the hipaa....
7 Pages (1750 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us