Relevant Regulations for Information Security - Assignment Example

Relevant Regulations for Information Security s March 21, Relevant Regulations for Information Security Information Technology in the 20th and the 21st centuries has exponentially risen and has been terrific in improving lives generally. Technological advancement has seen communications made easier through the internet, mobile phones, fax and the likes. Interaction has been made easier, while making the world look like a global village. Businesses have not been left behind however, with technology bringing about exquisite innovations and this has made business operation easier. Emerging trends like globalization has been characterized by virtual teams, more efficient communications in the business and coordination and overall running of businesses has been admittedly made easier (Cuff, 2014). Innovation can generally be defined as changing or creating more effective and efficient processes, products and ideas that increase the likelihood of business succeeding. For the business, innovation could mean implementing new ideas, creation of more dynamic products and improving the already existing products. Businesses that employ technology create more effective and efficient work processes and have better performance and productivity (Brotby, 2009). Technology can catalyze the growth and success of the business and enable the adaptation of business in the marketplace. For a business to compete strongly in the market, the ability to come up with new strategies, products or even services play an important role in ensuring that the business forge onwards. This creativity is usually deemed to produce products of higher quality, smarter and more enticing to the clients (Cuff, 2014). In this study, however, we discuss the impact of technology as far as regulation for information security is concerned. In the healthcare security, technology has an undisputable crucial role to play, otherwise known as the Electronic protected health information (ePHI). However, ePHI is run by the HIPAA (Health Insurance Portability and Accountability Act), which specifically focuses on safeguarding it (Khansa, Cook, James & Bruyaka, 2012). All the entities covered by the HIPAA, which includes a number of federal agencies must comply with the security regulation; which primarily deals with the safeguarding of the confidentially, integrity and the presence of ePHI as outlined in the security rule or regulation. Some of the regulations covered by the HIPAA for information security are outlined below (Khansa, Cook, James & Bruyaka, 2012). The first one is the security standards or the general rules. This is an explanation of all the requirements that all covered entities must meet, establishes the flexibility of approach as well as identifying standards and the implementations specifications. Additionally, it is in the general rules where decisions a covered entity must make in regards to addressable implementations specifications are outlined. Second, there are the Administrative safeguards which are defined in the regulation as the administrative actions and policies and procedures that used to manage the selection, development, the implementation and the maintenance of the stipulated security measures for the protection of electronic health information (Box & Pottas, 2013). Physical safeguards are another regulation for HIPAA which can be defined as the physical measures and procedures followed to safeguard a covered entity’s electronic health information from unauthorized access. Technical safeguards are other regulations on the HIPAA and are the technology and the policy that are used to protect the covered entity’s electronic health information from illegal accessibility (Fetzer & West, 2008). Apart from these four regulations, there are also organizational requirements which include contracts and other arrangements such as the memoranda of understanding and the requirements for group health plans. Furthermore, policies and procedures and documentation requirements are other regulations for HIPAA. These are the written policies, procedures, actions, activities and assessments of the security rule and are an important component as far as the HIPAA is concerned (Brotby, 2009). Review and Description of the Regulations Although the various relevant regulations for information security in the healthcare have been mentioned in the above section, this section will endeavor in explaining and giving more information for each one of the regulation. To begin with, the study identified general security standards and rules as one of the regulations. This is where the general information and the requirements of the security are outlined, in detail and requires maintenance of measures pertaining to security to continue enhancing reasonable and ideal protection of electronically protected healthcare information. The responsibilities and the roles that the covered entities should play in the course of security implementation are found here and the issue of addressable implementations is covered in this regulation. It is in this very regulation where flexibility of approach and the standards of implementation are identified. In fact, this is the summary of all other regulation of the HIPAA. It is therefore a very crucial regulation in the HIPAA (Shoaf, 2003). The other regulation is the administrative safeguards, which are the administrative procedures, actions, policies and the like. This is to imply that, this regulation covers the administrative obligations as far as the HIPAA is concerned and it is in this regulation where security measures are selected, that is to say, the measures concerning the security breaches; the implications and the punishment of the perpetrators are found (Johnston & Warkentin, 2008). The criteria for implementing these measures as well as the implementation of the same are contained in this regulation. It is the “processing factory” of the HIPAA so to say as all the crucial activities are done here. Some of the key activities of administrative safeguards are identifying the relevant information systems, conducting the risk management, implementing the risk management program; among other tasks. It is evident that it is a crucial component (Brotby, 2009). On the front of physical safeguards, this regulation covers the physical measures to be taken in the event of the covered entity’s health information is compromised or by the environmental and natural perpetrators. Moreover, procedures to protect the covered entity’s electronic information systems and the corresponding buildings and equipment from unauthorized physical intrusion are found in this regulation. It covers the tangible front in the management of the healthcare information. Ultimately, it can be considered very crucial as it outlines the procedures for dealing with physical hazards to the electronically managed healthcare information (Cooper, Collmann & Neidermeier, 2008). The technical safeguards deals with the technology and the procedures and policies to be applied in safeguarding the health information and ways of accessing it. This regulation is typically concerned with the technological issues as far as the whole issue of information safeguarding is concerned. It is responsible for the technical health of the appliances to ensure that access and retrieval of the healthcare information is as easy as possible; while also maintaining the computers and the general IT systems used for the storage, transfer, access and access of the healthcare information (Conklin & McLeod, 2010). One of the most important things in the HIPAA is the presence of organizational requirement. This regulation is amazingly crucial in ePHI because all the standards for the business associate contracts are found here, amongst other arrangements. An important document like the memorandum of understanding is found in this very regulation, between the covered entities and business associates. Organizational requirements are very vital in the HIPAA especially in keeping the memoranda of association and other necessary arrangements between the parties involved and therefore it should be regarded a crucial regulation in the information regulation security in the healthcare (Box & Pottas, 2014). Policies and procedures and documentation requirement is the last segment that will be discussed in this study. This regulation requires that the implementation of appropriate policies and reasonable procedures comply with the set standards, the set implementation specifications and other requirements of the HIPAA. More importantly the written documentations about the information security which includes the policies, assessments, procedures and even activities concerning the rule are found in this regulation. Additionally, any updates on the rule, the retention or the availability of the rule are catered for by this regulation. In other words, this regulation seeks to substantiate the rule in a manner that it can be retrieved easily due to the availability of the documentation (Conklin & McLeod, 2010). In conclusion, technology has been magnificent in the lives of people in the society. Besides making life easier and evolving businesses and all the activities in general, technology has also been instrumental in medicine and the security of the pharmaceutical globally. As discussed in this paper, technology has made the information security possible and now the healthcare information about the patients, diseases and the flow of drugs can be monitored without constraints. The ePHI under the stewardship of HIPAA has made this endeavor of keeping, protecting and retrieving healthcare information the easiest of tasks than before. References Box, D., & Pottas, D. (2013). Improving Information Security Behaviour in the Healthcare Context. Procedia Technology, 9, 1093-1103. doi:10.1016/j.protcy.2013.12.122 Box, D., & Pottas, D. (2014). A Model for Information Security Compliant Behaviour in the Healthcare Context. Procedia Technology, 16, 1462-1470. doi:10.1016/j.protcy.2014.10.166 Chung, W., & Hershey, L. (2012). Enhancing Information Privacy and Data Sharing in a Healthcare IT Firm: The Case of Ricerro Communications. Journal Of Information Privacy And Security, 8(4), 56-78. doi:10.1080/15536548.2012.10845666 Coleman, J. (2004). Assessing information security risk in healthcare organizations of different scale. International Congress Series, 1268, 125-130. doi:10.1016/j.ics.2004.03.136 Conklin, W., & McLeod, A. (2010). Information security foundations for the interoperability of electronic health records. IJHTM, 11(1/2), 104. doi:10.1504/ijhtm.2010.033278 Cooper, T., Collmann, J., & Neidermeier, H. (2008). Organizational Repertoires and Rites in Health Information Security. Cambridge Q. Healthcare Ethics, 17(04). doi:10.1017/s0963180108080560 Cuff, E. (2014). The Effect and Importance of Technology in the Research Process. Journal Of Educational Technology Systems, 43(1), 75-97. doi:10.2190/et.43.1.f Fetzer, D., & West, O. (2008). The HIPAA Privacy Rule and Protected Health Information. Academic Radiology, 15(3), 390-395. doi:10.1016/j.acra.2007.11.008 Johnston, A., & Warkentin, M. (2008). Information privacy compliance in the healthcare industry. Information Management & Computer Security, 16(1), 5-19. doi:10.1108/09685220810862715 Khansa, L., Cook, D., James, T., & Bruyaka, O. (2012). Impact of HIPAA provisions on the stock market value of healthcare institutions, and information security and other information technology firms. Computers & Security, 31(6), 750-770. doi:10.1016/j.cose.2012.06.007 Krag Brotby. (2009). Information Security Governance. John Wiley & Sons Shoaf, H. (2003). Health Insurance Portability and Accountability Act (HIPAA). Plastic Surgical Nursing, 23(2), 75-77. doi:10.1097/00006527-200323020-00009 Read More