Impact of Legislation on Organizations - Essay Example

Impact of Legislation on Organizations al Affiliation: Introduction The organization under review with regards to its information security program is the Department of Health and Human Services. This review concerns the analysis of the security frameworks put in place by the Department of Health and Human Services in the United States. The healthcare industry holds a lot of patient information which have to be put under constant safe keeping from unauthorized persons. The points of analysis for this particular case retrieves its items from the Executive Order (EO) 13636 Improving Critical Infrastructure Cyber security which was implemented to safeguard client information against any possible threats or data breaches .

Points of Analysis The procedures highlighted an analysed below necessitate the need for universal intelligence about risk and security management of data and information. Enactment of the EO pushes for the mandated action towards ensuring the systems put in place for public use implement a proper network security and resilience. The national data breach reporting for Department of Health and Human Services showcases the life cycle of a breach (Department of Homeland Security, 2013). This majorly entails information and content which highlights on the specific steps or criteria utilized in handling and resolving health information data breaches.

The information system also has to improve the effectiveness and efficiency of the U.S. government’s operation framework put in place to secure the critical infrastructure plus make it more resilient. The White House’s cyber security draft proposal released in May 2011 included a data breach provision which highlights on the procedures and notification requirements that should be practiced by organizations in case of a data breach. The points to be analysed with regards to the EO legislative proposal are listed below:1.

Develop a technology-neutral voluntary cyber security framework The Department of Health and Human Services in the United States are tasked with the responsibility of designing and putting in place a technological system which facilitates safe and secure data storage of client information. A neutral voluntary cyber security framework ensures that clients receive emails and notifications securely. The information security program executed but the Health and Human Services department is aimed at reducing the costs of handling data breaches (Department of Homeland Security, 2013).

Data breach management and prevention can be achieved via implementing an automatic and responsive system that discovers and handles data breaches in a timely manner. Developing and employing this form of security framework goes a long way towards protecting health organizations against malicious attacks. In turn the costs of handling data beaches are considerable reduced. 2. Increase the volume, timeliness and quality of cyber threat information sharing This is an exceptional quality expected of the health organizations which handle patient personal information in the industry.

Assembling an internal response team is advisable in the case a breach is discovered. Making public announcements followed by responding to inquiries and mail notifications is vital for the data breach management. 3. Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure This is a virtue that ought not to be compromised since ensuring the security of the national infrastructure is a vital responsibility for the Health and Human Services Department.

Notification requirements mandate that consumers should be well informed in time on issues regarding data breaches (The Experian Data Breach Resolution, 2013). Civil actions also form part of the regulations put in place to govern the operations of the industry in the case there are any laws violated, for example, release of patient personal information. Conclusion The strategies put in place to govern and address the health and human services offered with the information systems are vital when it comes to evaluating performance measures and significant risk posed on the organization and its clients.

Conclusively, the study explains on how the Department of Health and Human Services continues to see new value and positive impact in vindicating and swiftly reacting to crises. The efforts to strengthen and secure the critical infrastructure requires preparedness and implementation of risk assessments plans which facilitates security and resilience of healthcare information systems. ReferencesThe Experian Data Breach Resolution, (2013). Data Breach Response Guide. Retrieved Department of Homeland Security, (2013).

EO-PPD Fact Sheet. Retrieved