11/27/19, 4:37 AMSafeAssign Originality Report
Page 1 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
2348.2349.202010-COMBINED-FULLTERM - FALL 2019 - LEGAL REG, COMPLIANCE, INVEST (ISOL-633-22) (ISOL-633-23) - COMBINED - FULL TERM
Final research paper Sai Abhishek Somagouni on Tue, Nov 26 2019, 2:52 PM
35% highest match Submission ID: 2cb1f99c-0a58-43aa-857e-eb5c37543a2c
Citations (8/8)
Running head: FINAL RESEARCH PAPER 2
Word Count: 2,177
Attachment ID: 2387595516
Final research paper.docx
35%
1 Another student's paper
2 Another student's paper
3 Another student's paper
4 Another student's paper
5 Another student's paper
6 Another student's paper
7 Another student's paper
8 Another student's paper
11/27/19, 4:37 AMSafeAssign Originality Report
Page 2 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
FINAL RESEARCH PAPER 2
College: 1 UNIVERSITY OF CUMBERLAND’S
Professor: Dr. Jason Hutcheson
Name: 2 SAI ABHISHEK SOMAGOUNI
Subject: ISOL633 – Legal Regulations, Compliance, and Investigations.
Date: 3 11/26/2019.
2 INFLUENCE OF HIPAA ON INFORMATION SECURITY GOVERNANCE
Introduction
Good health is the most desired status in life by all human beings around the world. As such, almost everybody in society has been to a medical facility to ascertain their health status. The best way for medical practitioners to keep track of health status for individual patients is through keeping health records for future reference. It follows that health records are the most sensitive pieces of information about anybody and everybody. For this reason, it is very important to ensure that health records are protected to avoid compromising the health status of individuals in society, (Hassan, et.al., 2017).
Granting access to unauthorized persons could be devastating to society. With technology advancement and development at its prime, individuals have become more aware of security risks concerning their health records. Technology has made it possible for unauthorized persons to access and compromise health records in various databases, (Anderson, 2019). 2 FOR THIS REASON, CONGRESS FORMULATED THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
11/27/19, 4:37 AMSafeAssign Originality Report
Page 3 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
(HIPAA) IN 1996. This Act defines confidential and sensitive health records as Protected Health Information (PHI). The Act also outlines the requirements for information security that must be met to ensure that health records are not compromised.
In modern-day society, information security has become a very important aspect of life especially with the development of computing and other digital technology. The number of data breaches reported in each year has been soaring up in each year as a result of hacking activities. The health sector has significantly been affected by such acts that pose security threats to all patients. Information security now comes in to safeguard confidential information. However, for information security managers to effectively safeguard confidential and sensitive information, they must rely on HIPAA guidelines to operate within the law, (Lorence & Churchill, 2005).
HIPAA influences the governance of security information such that policies formulated must be consistent with the Act. This Act is concerned with the privacy and confidentiality of patients’ health records, simplified administration, and management of data, insurance portability, and the security of all health records in various databases. All the organizations that deal with protected health information (PHI) are required to have process security, physical and network measures to ensure compliance with HIPAA requirements, (Newman & Kreick, 2015). All the stakeholders involved in the healthcare sector are required to comply with all HIPAA requirements. Failure to comply results in legal consequences to the business entities concerned.
Literature Review
Over the years, research has been conducted to identify the relationship between HIPAA and information security. Research findings indicate that HIPAA requirements significantly influence the governance of information security, especially in this digital
11/27/19, 4:37 AMSafeAssign Originality Report
Page 4 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
era. Professionals in the information security sector are required to comply with all the requirements outlined in the HIPAA Act. Rules concerning the security and privacy of personal health records have been put in place. Consequently, HIPAA is concerned with protecting health information records while at the same time allowing stakeholders, especially caregivers, to acquire modern technology, (Noyes, 2011). The world has significantly embraced technological innovations such that every aspect of life is currently utilizing technology. Case in point, medical institutions are now using digitized databases to record and store patients’ information. HIPAA does not limit the acquisition of technology by stakeholders but rather regulates the process to ensure that health records are safe.
Anderson (2019) conducted qualitative research to identify how HIPAA rules were implemented in cases of data breach in the health sector. In his research, Anderson captures how patients incur the cost of a data breach, together with having to deal with compromised confidentiality. HIPAA rules do not give clear guidelines to be followed in the event that information security is not well implemented resulting in a breach. Patients whose data has been compromised should not be subjected to extra costs due to a breach in the databases, (Anderson, 2019). If anything, the patients should be compensated and protected in a better way since a data breach exposes them to more danger. Such as so, HIPAA rules and compliance requirements should demand that stakeholders, especially information security managers, bear the cost of data breaches rather than extending this cost to patients.
In a different research, Antoniou (2018) looks into the frameworks for governing information security and the applicability of INFOSECS to various organizations. The research conducted to validate a framework developed for information security governance. Information security in the health sector is not only a technical issue that can only be handled by IT experts but also a corporate issue for many organizations, (Antoniou, 2018). Such as so, this is a critical issue that should be addressed by senior
11/27/19, 4:37 AMSafeAssign Originality Report
Page 5 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
executive managers in the corporate world. INFOSEC should, therefore, be implemented and effectively enforced across all departments within various organizations. HIPAA is among the legislations that have prompted corporate organizations to focus on improving accountability concerning information security, (Antoniou, 2018). Large corporations, especially in the health sector, consider compliance with HIPAA rules and requirements as an indicator of good corporate governance. Corporate managers have undertaken the duty of ensuring that their organizations comply with HIPAA requirements. This means that Information Security has become part of the core concerns for many organizations as a result of the HIPAA requirements.
Karasz, Eiden, & Bogan (2013) researched the impact of HIPAA security rules on general practice in the health sector. In this digital era, text messages are a common tool of communication in the health sector. Messages can easily be customized to address the specific needs of a particular client and relay accurate information. Text messages are also less time consuming and more cost-effective as a way of communication. However, the use of text messages to relay health information is limited due to the existing rules and laws governing and protecting electronic health records, (Karasz, Eiden, & Bogan, 2013). HIPAA was drafted to account for modern technologies that are applicable in the health sector especially in relaying health information. The requirements outlined by HIPAA make it difficult to draft text messaging policies as a viable way of communicating and sharing health records. The only way through which text messages can be effective for communication in the health sector is either through: removal of personal health records or relaying limited details carefully selected and analyzed for possible risks of a breach, (Karasz, Eiden, & Bogan, 2013).
Newman & Kreick (2015) conducted qualitative research to identify the impact of HIPAA and its compliance requirements on wearable technology in modern-day society. Wearable technology is all about digital devices programmed to assess and record the health status of any person who used the technology. As such, the devices enable people
11/27/19, 4:37 AMSafeAssign Originality Report
Page 6 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
to be more informed and constantly aware of their health conditions. The technology captures changes in body temperatures, heart and pulse rates, and stores this information in digital applications, (Newman & Kreick, 2015). Devices purchased by individual consumers t track their health status are now required to also comply with HIPAA requirements. For this reason, society is disadvantages because individual technology consumers find it unreasonable to ensure HIPAA compliance. This is because many people say they are responsible for sharing personal health records with their healthcare providers, (Newman & Kreick, 2015).
Analysis of Existing Research Findings
HIPAA requirements and other legislations enacted to support this Act significantly influence the governance of information security. Almost every aspect of life is dependent on technology in the current digital era. The health sector has in many ways benefitted from the technological advances and developments made in the world. For instance, health informatics, a product of modern technology, has significantly enhanced service delivery in the healthcare sector, (Karasz, Eiden, & Bogan, 2013). As much as technology is being celebrated, the increasing issues concerning information security are an indicator that things are not well. Sensitive and confidential is now more than ever at a greater risk of being compromised, (Yang, et.al., 2016). For this reason, the HIPAA requirements are enforced across all sectors concerned with patient’s information. The main purpose of HIPAA is to ensure that patients are not exposed to health risks as a result of inappropriate information security measures. HIPAA requirements do not only provide an outline for implementing information security governance but also safeguard information from being accessed by unauthorized persons.
Research Gaps
Over the years, research has been conducted to establish the relationship between
11/27/19, 4:37 AMSafeAssign Originality Report
Page 7 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
HIPAA requirements and governance of information security. Many researchers have found that HIPAA influences how information security policies are formulated and implemented. The majority of corporate entities are much concerned with compliance with HIPAA requirements to avoid legal consequences, (Antoniou, 2018). Despite the extensive research covered in this area, very little has been done about how HIPAA has affected service delivery among corporations. Does HIPAA trigger a better commitment to service delivery or does the Act negatively affect service delivery? This is just but one of the questions that future research should focus on.
Conclusion
2 IN CONCLUSION, RESEARCH FINDINGS INDICATE THAT HIPAA HAS A SIGNIFICANT INFLUENCE ON INFORMATION SECURITY GOVERNANCE. Since the Act was legislated by Congress in 1996, numerous changes have been witnessed in the INFOSEC area. Individuals have since then been very much aware of the information security risks that could compromise personal health records. In today’s society, individuals are very cautious about who and how they share personal information about health conditions, (LIdster & Rahman, 2018). HIPAA has triggered a revitalized approach to information security governance. Corporate leaders are much focused on compliance with the HIPAA requirements while at the same time on service delivery. As such, the level of information security has significantly improved as a result of HIPAA implementation. However, the Act has also had some negative impact on information security. For instance, individual tech-consumers are being subjected to similar compliance requirements as those outlined for big corporations. Utilizing wearable technology to promote health is limited by some of the HIPAA compliance requirements, (Newman & Kreick, 2015). Furthermore, effective communication tools such as text messages have been subjected to scrutiny and harsh conditions for them to be applicable in the health sector. All factors considered; health is more important than any other thing in the world. Therefore, the influence of HIPAA on information security
11/27/19, 4:37 AMSafeAssign Originality Report
Page 8 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
governance should be considered a blessing rather than a challenge, (Toapanta et.al., 2018).
References
Anderson, C. L. (2019). 2 DATA BREACHES AND ELECTRONIC PERSONAL HEALTH INFORMATION (EPHI): WHAT IS INJURY-IN-FACT AND DOES HIPAA SET A NEGLIGENCE STANDARD OF CARE? JOURNAL OF LEGAL MEDICINE, 39(3), 263-277. 4 RETRIEVED FROM HTTPS://DOI.ORG/10.1080/01947648.2019.1653695
Antoniou, G. S. (2018, April). A Framework for the Governance of Information Security: Can it be Used in an Organization. In SoutheastCon 2018 (pp. 1-30). IEEE. 5 RETRIEVED FROM HTTPS://IEEEXPLORE.IEEE.ORG/ABSTRACT/DOCUMENT/8479032
Hassan, N. H., Maarop, N., Ismail, Z., & Abidin, W. Z. (2017, July). Information security culture in health informatics environment: A qualitative approach. 6 IN 2017 INTERNATIONAL CONFERENCE ON RESEARCH AND INNOVATION IN INFORMATION SYSTEMS (ICRIIS) (PP. 1-6). IEEE. Retrieved from https://www.semanticscholar.org/paper/Information-security-culture-in-health- informatics-Hassan-Maarop/53de9e8d10dc1f0d934ac2f6e472671c046a3e71
Karasz, H. 2 N., EIDEN, A., & BOGAN, S. (2013). 2 TEXT MESSAGING TO COMMUNICATE WITH PUBLIC HEALTH AUDIENCES: HOW THE HIPAA SECURITY RULE AFFECTS PRACTICE. AMERICAN JOURNAL OF PUBLIC HEALTH, 103(4), 617-622. 7 RETRIEVED FROM HTTPS://AJPH.APHAPUBLICATIONS.ORG/DOI/ABS/10.2105/AJPH.2012. 300999
11/27/19, 4:37 AMSafeAssign Originality Report
Page 9 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
LIdster, W., & Rahman, S. S. (2018, August). Obstacles to Implementation of Information Security Governance. 8 IN 2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS/12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (TRUSTCOM/BIGDATASE) (PP. 1826- 1831). IEEE. Retrieved from https://www.semanticscholar.org/paper/Obstacles-to- Implementation-of-Information-Security-LIdster- Rahman/c1995b8e0daa07e970972a898602acc407cb99d3
Lorence, D. 2 P., & CHURCHILL, R. (2005). 2 INCREMENTAL ADOPTION OF INFORMATION SECURITY IN HEALTHCARE ORGANIZATIONS: IMPLICATIONS FOR DOCUMENT MANAGEMENT. IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, 9(2), 169-173. doi: 2 10.1109/TITB.2005.847137.
Newman, T. & Kreick, J. (2015). 2 THE IMPACT OF HIPAA ON WEARABLE TECHNOLOGY. 18 SMU SCI. & Tech. L. Rev. 429. 2 RETRIEVED FROM HTTPS://SCHOLAR.SMU.EDU/CGI/VIEWCONTENT.CGI? ARTICLE=1027&CONTEXT= SCITECH
Noyes, C. (July,2011). 2 INFORMATION SECURITY POLICIES AND GOVERNANCE TO SAFEGUARD PROTECTED HEALTH INFORMATION. RETRIEVED ON NOV 1,2019 FROM HTTPS://PDFS.SEMANTICSCHOLAR.ORG/BC4D/9E5EA7AD36655A5B74D 2F257ED638240BBC2.PDF
Toapanta, S. M. 2 T., PAREDES, S. J. 2 M., GALLEGOS, L. E. 2 M., & TREJO, J. A. O. (2018, July). 2 ANALYSIS OF HIPAA FOR ADOPT IN THE INFORMATION SECURITY IN THE CIVIL REGISTRY OF THE ECUADOR.
11/27/19, 4:37 AMSafeAssign Originality Report
Page 10 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
IN 2018 INTERNATIONAL CONFERENCE ON COMPUTER, INFORMATION AND TELECOMMUNICATION SYSTEMS (CITS) (PP. 1-5). 5 IEEE RETRIEVED FROM HTTPS://IEEEXPLORE.IEEE.ORG/ABSTRACT/DOCUMENT/8440156
Yang, T. 2 H., KU, C. Y., & LIU, M. N. (2016). 2 AN INTEGRATED SYSTEM FOR INFORMATION SECURITY MANAGEMENT WITH THE UNIFIED FRAMEWORK. JOURNAL OF RISK RESEARCH, 19(1), 21-41. 1 RETRIEVED FROM HTTPS://WWW.TANDFONLINE.COM/DOI/ABS/10.1080/13669877.2014.94 0593
CASE 3-1 YOU CAN’T GET THERE FROM HERE: UBER SLOW ON DIVERSITY
Established in 2009, Uber provides an alternative to taxicab service in 460 cities and nearly 60 countries worldwide. The trick? Their mobile application for smartphones allows riders to arrange for transportation with drivers who operate their personal vehicles. A dual rating system (drivers and customers rate each other) serves as a quality control device keeping Uber standards high. (1)
As an international technology firm, Uber has been challenged, along with other tech giants like Google and Twitter, to demonstrate that they are attuned to the specific needs of their employees, more specifically people of color and women. In Uber’s own words:
At Uber, we want to create a workplace that is inclusive and reflects the diversity of the cities we serve: where everyone can be their authentic self, and where that authenticity is celebrated as a strength. By creating an environment where people from every background can thrive, we’ll make Uber a better company—not just for our employees but for our customers, too. (2)
Yet actions speak louder than words. Uber employees describe the firm’s work environment amid some managers as Machiavellian and merciless. Many blame Travis Kalanick, Uber’s founder and former chief executive, for establishing such a negative culture. Uber’s fast growth approach to the market has rewarded employees and managers who have aggressively pushed for greater revenues and fatter profits at the seeming cost of human dignity.
For example, Uber has had its share of troubles addressing issues of sexual misconduct and workforce diversity. These issues came to light when a former employee, Susan Fowler, reported in her personal blog that she was being sexually harassed by her manager and that human resources had been informed of these infractions. (3) Susan Fowler said in her blog:
On my first official day rotating on the team, my new manager sent me a string of messages over company chat. He was in an open relationship, he said, and his girlfriend was having an easy time finding new partners, but he wasn’t. He was trying to stay out of trouble at work, he said, but he couldn’t help getting in trouble, because he was looking for women to have sex with. It was clear that he was trying to get me to have sex with him, and it was so clearly out of line that I immediately took screenshots of these chat messages and reported him to HR. (4)
Uber’s first reaction was to call Ms. Fowler’s accusations as “abhorrent and against everything Uber stands for and believes in.”(5) Ms. Fowler purported that her manager was not punished because he “was a high performer”; yet other female employees reported similar incidents with the same manager, leading Ms. Fowler to believe that HR was covering up for her manager.
Uber was in trouble as more and more scandals emerged and they quickly took the following actions: (a) apologized for some of their managers’ actions, (b) had a board member and several female executives provide testimonials on the firm’s positive work environment, and (c) began to probe workplace policies and procedures. Arianna Huffington, a board member, repeatedly labeled new employees as “brilliant jerks.” (6) Huffington said that this investigation would be different when Eric H. Holder Jr., the former United States Attorney General (as well as some others), were hired to conduct their investigation.
Uber released its first diversity report on March 28, 2017, one month after these allegations. This report indicated that women and nonwhite employees are underrepresented at the firm, not overly dissimilar from other technology-based firms. Some of the most egregious statistics include: (a) racial configuration- 6% Hispanic, 9% black, 50% white, and (b) 85% of all technology jobs are held by men, with a mere 36% of the total workforce comprised of women. (7)
Liane Hornsey, Uber’s chief human resource officer, acknowledged, “We need to do better and have much more work to do.” (8) Here are Uber’s next steps:
We’re dedicating $3 million over the next three years to support organizations working to bring more women and underrepresented people into tech. This year, our recruiting team is also embarking on a college tour to recruit talented students at colleges across the country, including a number of Historically Black Colleges and Universities (HBCUs) and Hispanic Serving Institutions (HSIs). Our employee resource groups play a huge role in all our recruiting events that are focused on hiring women and people of color at Uber.
In recruiting, we’ve updated our job descriptions to remove potentially exclusionary language, and we are running interview training to make our hiring processes more inclusive for women in tech. We’re also rolling out training to educate and empower employees, covering topics like “why diversity and inclusion matters,” “how to be an ally,” and “building inclusive teams.” Training is not a panacea but educating employees on the right behaviors is an important step in the right direction.
This is just the beginning of our efforts. Whether you’re a veteran returning from service or a person with a disability and regardless of your religious beliefs, your sexual orientation, your gender identity, or the country you call home, at Uber, we want to create an environment where you can be yourself. By deepening our commitment to diversity, we will strengthen our business and better serve our customers in over 450 cities in more than 70 countries. (9)
Only time will tell if this fast growth firm can manage its aggressive culture and diversity as it continues to expand into new marketplaces and those with differing cultures.
Questions
1. Susan Fowler’s complaint of being the target of sexual harassment by her manager would be categorized as falling under which employment law?
2. Which type(s) of harassment was Ms. Fowler exposed to?
3. What actions, if any, has Uber taken to limit their liability relative to sexual harassment charges?
4. Uber’s diversity report indicates that 36 percent of Uber’s workforce is made up of women (15% in technical jobs); 50% of Uber’s employees in the United States are white, while 9% are black and 6% are Hispanic. Are they in violation of any EEOC and Affirmative Action laws?
5. Why does diversity matter in general and more specifically to Uber?
6. What benefits and challenges does Uber derive from a more diverse workforce?
References
(1) Anderson, A. (n.d.). Uber International C.V. Hoovers. Retrieved April 4, 2017, from http://0-subscriber.hoovers.com.liucat.lib.liu.edu/H/company360/fulldescription.html?companyId=163401000000000 p.109
(2) Uber. (n.d.). How do we want Uber to look and feel? Retrieved April 4, 2017, from https://www.uber.com/diversity/
(3) Fowler, S. (2017, February 19). Reflecting on one very, very strange year at Uber. Retrieved April 12, 2017, from https://www.susanjfowler.com/blog/2017/2/19/reflecting-on-one-very-strange-year-at-uber
(4) Ibid.
(5) Patnaik, S. (2017, February 21). Uber hires ex-US Attorney General Holder to probe sexual harassment. Reuters. Retrieved April 4, 2017, from http://www.reuters.com/article/us-uber-tech-sexual-harassment-idUSKBN160041
(6) Isaac, M. (2017, March 28). Uber releases diversity report and repudiates its “hard-charging attitude.” The New York Times. Retrieved April 4, 2017, from http://www.cnbc.com/2017/03/28/uber-releases-diversity-report-and-repudiates-its-hard-charging-attitude.html
(7) Ibid.
(8) Uber slow on diversity. (2017, March 29). AM New York, p. A2.
(9) Uber. (n.d.). How do we want Uber to look and feel? Retrieved April 4, 2017, from https://www.uber.com/diversity/
Case written by Herbert Sherman, Long Island University
Influence of hipaa on information security governance
Sai Abhishek Somagouni
Source #1
Reference:
Noyes, C. (July,2011). Information Security Policies and Governance to Safeguard Protected Health Information. Retrieved on Nov 1,2019 from https://pdfs.semanticscholar.org/bc4d/9e5ea7ad36655a5b74d2f257ed638240bbc2.pdf
Credibility: Christi Noyes (Business Analyst at University of Arizona). Published by University of Arizona and approved by Dr. Linda F. Ettinger (Senior Academic Director of the University)
Recent: Yes (July 2011)
Relevance: Source deals the updated information security policies to safeguard protected health information which gives my research the updated polices on HIPAA.
Source #2
Reference:
HHS.GOV(2019). Summary of the HIPAA Security Rule. Retrieved on Nov 1,2019 from
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
Credibility: HHS.GOV website is maintained by Federal Security Agency; United States Department of Health, Education, and Welfare.
Recent: Nov 1, 2019 (Updates frequently)
Relevance: Source deals with the latest updates on the Security Rules of HIPAA which gives my research on updated security rules government proposed.
Source #3
Reference: Lorence, D. P., & Churchill, R. (2005). Incremental adoption of information security in healthcare organizations: Implications for document management. IEEE Transactions on Information Technology in BioMedicine, 9(2), 169-173. doi: 10.1109/TITB.2005.847137.
Credibility: Daniel P. Lorence is an Assistant Professor at Pennsylvania State University and Richard Churchill is a Senior Research Fellow at The Virtual Management Institute, Gettysburg, PA. The publications of the Institute of Electrical and Electronics Engineers (IEEE) constitute around 30% of the world literature in the electrical and electronics engineering and computer science fields, publishing well over 100 peer-reviewed journals.
Recent: 2005
Relevance: The Source deals with incremental adoption of information security in healthcare organizations which gives my research how healthcare organizations started using the information security and its evolution.
Source #4
Reference:
Newman,T. & Kreick,J.(2015).The Impact of HIPAA on Wearable Technology. 18 SMU Sci. & Tech. L. Rev. 429. Retrived from https://scholar.smu.edu/cgi/viewcontent.cgi?article=1027&context=scitech
Credibility: Newman,T. & Kreick,J. both are attornyes at Haynes an d Boone,LLP in Dalas,TX. Published by Southern Methodist University Dallas, Texas.
Recent: 2015
Relevance: The Source deals with the latest wearable gadgets which are influenced by HIPAA.
Source #5
Reference:
Geffert, B. T. (2004). Incorporating HIPAA security requirements into an enterprise security program. Information Security Journal: A Global Perspective, 13(5), 21-28. Retrieved on Nov 1,2019 from dx.doi.org/10.1201/1086/44797.13.5.20041101/84906.4
Credibility: Brian Geffert is Global Chief Information Security Officer (CISO) KPMGI
Recent: 2004
Relevance: It deals with Incorporating HIPAA security requirements into an enterprise security program
|
|
ISOL-633Topic Selection Worksheet |
Proposed Topic (Identify the law or regulation that you are proposing to address in your research paper regarding its influence on information security governance.)
|
Health Insurance Portability and Accountability Act (HIPAA) influence on information security governance |
Justification of Selection (In 1-2 paragraphs, justify your selection by explaining the importance of understanding the impact of the selected law or regulation.)
|
Health records are among the most sensitive pieces of information about everybody. The results of an unauthorized disclosure of health records could be devastating. As the public became aware of the potential negative consequences should this type of information be unsecure, a demand for control of disclosure became evident. As a result, the U.S. Congress addressed this concern as part of a larger initiative called the Health Insurance Portability and Accountability Act of 1996, or HIPAA. Sensitive and confidential records are now defined as Protected Health Information (PHI), and this HIPAA legislation outlines certain information security governance requirements needed to ensure that ePHI is protected.
Information security – or, INFOSEC – has become an important aspect of everyday life for the information manager. One of the major reasons for this is the pervasiveness of fraud, perpetrated by hackers, identity thieves, and even trusted employees. Information security typically employs three elements with which to formulate policy: confidentiality, integrity, and availability. These same elements are used regarding health information and play a vital role in upholding the tenants of HIPAA. The possibility of sensitive or confidential information being used in inappropriate or even unlawful ways is ever-present and measures must be taken to prevent instances as much as possible. As the backbone of a trusted information resource, information security is responsible for ensuring the security of ePHI and upholding the regulations of the established laws.
|
Available sources (Identify at least 4 sources that you will be able to use to build your research.)
· Noyes, C. (July,2011). Information Security Policies and Governance to Safeguard Protected Health Information. Retrieved on Nov 1,2019 from https://pdfs.semanticscholar.org/bc4d/9e5ea7ad36655a5b74d2f257ed638240bbc2.pdf
· Chute, C. G., Beck, S. A., Fisk, T. B., & Mohr, D. N. (2010). The enterprise data trust at Mayo Clinic: A semantically integrated warehouse of biomedical data. Journal of the American Medical informatics Association, 17(2), 131-135. Retrieved on Nov 1, 2019 from
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3000789/pdf/jamia002691.pdf
· Lorence, D. P., & Churchill, R. (2005). Incremental adoption of information security in healthcare organizations: Implications for document management. IEEE Transactions on Information Technology in BioMedicine, 9(2), 169-173. doi: 10.1109/TITB.2005.847137.
· Geffert, B. T. (2004). Incorporating HIPAA security requirements into an enterprise security program. Information Security Journal: A Global Perspective, 13(5), 21-28. Retrieved on Nov 1,2019 from http://dx.doi.org/10.1201/1086/44797.13.5.20041101/84906.4
2
DOCUMENTING & CITING: APA STYLE Document or cite the following using necessary punctuation, indentation, caps & italics.
1. Book: Writing With Precision: How to Write So That You Cannot Possibly Be
Misunderstood by Jefferson D. Bates; Publisher: Penguin Books, New York; 2000
2. Article in Fast Company (magazine): “Continental’s Turnaround Pilot” by Keith Hammonds 2001 December; pp. 96-101
3. Newspaper article from The Washington Post, no author listed: “New Drug Appears to
Sharply Cut Risk of Death from Heart Failure,” page A12 on July 15, 1993 4. Article in journal: “Chicana Feminism and Postmodern Theory” by Paula M. Moya in
Signs: Journal of Women in Culture and Society, volume 26, issue 2, Winter 2001. University of Chicago Press pp. 28-41
5. Electronic copy of printed journal article (with DOI): “Theory of Mind Function, Motor Empathy, Emotional Empathy and Schizophrenia: A Single Case Study” by Karen Addy in Journal of Forensic Psychiatry & Psychology, Vol. 18, issue 3, Sept. 2007, pp. 293- 3065 DOI: 10.1080/09670870701292746
6. Electronic copy of printed journal article (no DOI): “Perception as Abduction: Turning
Sensor Data into Meaningful Representation” by Michele Shanahan, Spring 2003, in Cognitive Science, Vol. 18, pp. 162-180. Found August 25, 2004 from http://www.cs.utexas.edu/users/pdf
7. Report on Website, organization as author: “1997 Sourcebook on Federal Sentencing Statistics” by U.S. Sentencing Commission found on Dec.8, 1999 at http://www.ussc.gov/annrpt/1997/sbtoc97.htm
8. Data posted on 2006 from the survey “National Health Disparities: Findings for Fiscal Years 2002-2006 found on October 14, 2006 from The National Institute of Health at http://www.hih.gov/about/hd/strategicplan.pdf
9. Parenthetical citation from #8 above for quote: “Age and socio-economic disparities continued to be the highest of all categories.”
10. Parenthetical citation from #3 above, page A12: “The results were consistent in five
studies.” 11. Parenthetical citation: Author—John Smith; no publishing date
Running head: ANNOTATED BIBLIOGRAPHY: INFLUNECE OF HIPAA ON 2
ANNOTATED BIBLIOGRAPHY: INFLUENCE OF HIPAA ON 2
INFLUENCE OF HIPAA ON INFORMATION SECURITY GOVERNANCE
SAI ABHISHEK SOMAGOUNI
UNIVERSITY OF CUMBERLANDS
Annotated Biblography: Influence of HIPAA on Information Security Governance
Noyes, C. (July,2011). Information Security Policies and Governance to Safeguard Protected Health Information. Retrieved on Nov 1,2019 from https://pdfs.semanticscholar.org/bc4d/9e5ea7ad36655a5b74d2f257ed638240bbc2.pdf
· This article is credible since it was published in a well-established peer reviewed journal. Christi Noyes (Business Analyst at University of Arizona). Published by University of Arizona and approved by Dr. Linda F. Ettinger (Senior Academic Director of the University)
· This article’s relevance is supported by its recent publication on July 2011.
· This article addresses policies and describes information security governance strategies designed to ensure compliance. Organizations must create a leadership committee to assess current policies, oversee policy enforcement, note the effects of internal and external influences, and maintain currency.
· This article will be used to write the updated rules which are used for current information security governance.
Newman, T. & Kreick, J. (2015). The Impact of HIPAA on Wearable Technology. 18 SMU Sci. & Tech. L. Rev. 429. Retrieved from https://scholar.smu.edu/cgi/viewcontent.cgi?article=1027&context= scitech
· This article is credible since it was published in a well-established peer reviewed journal. Newman, T. & Kreick, J. both are attorneys at Haynes and Boone, LLP in Dallas, TX. Published by Southern Methodist University Dallas, Texas.
· This article’s relevance is supported by its recent publication on July 2015.
· This article discusses what happens when the information that wearable technologies now-a-days collects is shared with health care providers? Do our devices now have to comply with the U.S. Health Insurance Portability and Accountability Act (HIPAA)? This article explores the impact of HIPAA and other federal regulations on the health information that wearable technology and other mobile applications store and transmit and when exactly the sharing of that data and the device itself are subject to regulation.
As now, they can track and retain much information to help ordinary people take charge of their health.
· This article will be used to discuss on a very important reference on the topic of my research paper, about the influence of HIPAA on the latest technologies and its information security.
Lorence, D. P., & Churchill, R. (2005). Incremental adoption of information security in healthcare organizations: Implications for document management. IEEE Transactions on Information Technology in Biomedicine, 9(2), 169-173. doi: 10.1109/TITB.2005.847137.
· This article is credible since it was published in a well-established peer reviewed journal. Daniel P. Lorence is an Assistant Professor at Pennsylvania State University and Richard Churchill is a Senior Research Fellow at The Virtual Management Institute, Gettysburg, PA. The publications of the Institute of Electrical and Electronics Engineers (IEEE) constitute around 30% of the world literature in the electrical and electronics engineering and computer science fields, publishing well over 100 peer-reviewed journals.
· This article’s relevance is supported by its recent publication on July 2005
· This article examines how industry-wide knowledge management trends may influence the degree of security program adoption in health-care organizations. Results suggest that significant non adoption of mandated security measures continues to occur across the health-care industry. Paper-based systems still prevail, and computerized settings tend to have less security measures. Implications for document management and knowledge policy are discussed.
· This article will be used to discuss about computerized settings tend to have less security measures and what are the precautions to be taken using HIPAA rules.
Karasz, H. N., Eiden, A., & Bogan, S. (2013). Text messaging to communicate with public health audiences: how the HIPAA Security Rule affects practice. American journal of public health, 103(4), 617-622.
· This article is credible since it was published in a well-established peer reviewed journal. Was published by American Journal of Public Health (AJPH).
· This article’s relevance is supported by its recent publication on April 2013.
· This article deals with using text messaging to send personal health information requires analysis of laws addressing the protection of electronic health information. Text messaging to send health information can be implemented in a public health setting through 2 possible approaches: restructuring text messages to remove personal health information and retaining limited personal health information in the message but conducting a risk analysis and satisfying other requirements to meet the HIPAA Security Rule.
· This article will be used to discuss about the HIPAA Security Rules applied on the present texting world and its changes accordingly.
Toapanta, S. M. T., Paredes, S. J. M., Gallegos, L. E. M., & Trejo, J. A. O. (2018, July). Analysis of HIPAA for Adopt in the Information Security in the Civil Registry of the Ecuador. In 2018 International Conference on Computer, Information and Telecommunication Systems (CITS) (pp. 1-5). IEEE.
· This article is credible since it was published in a well-established peer reviewed journal. Was published by the Institute of Electrical and Electronics Engineers (IEEE). The publications of the Institute of Electrical and Electronics Engineers (IEEE) constitute around 30% of the world literature in the electrical and electronics engineering and computer science fields, publishing well over 100 peer-reviewed journals.
· This article’s relevance is supported by its recent publication on July 2018.
· This article was used the deductive method and exploratory research to analyze the information of the articles reviewed. A prototype of an algorithm based on the MD5 was obtained using flowchart techniques; considering the HIPAA rules. It was concluded that the adoption of a prototype in an algorithm based on the MD5 is an alternative to improve the security of the information; in view what the password stored in the database is not the password of the real user, due to the encryption, considering the HIPAA rules; this will allow to mitigate the integrity of the information in the database of the Registry Civil of the Ecuador.
· This article will be used to discuss about a prototype in an algorithm based on the MD5 is an alternative to improve the security of the information, considering the HIPAA rules.
Anderson, C. L. (2019). Data Breaches and Electronic Personal Health Information (ePHI): What Is Injury-in-Fact and Does HIPAA Set a Negligence Standard of Care? Journal of Legal Medicine, 39(3), 263-277.
· This article is credible since it was published in a well-established peer reviewed journal. Was published by American College of Legal Medicine.
· This article’s relevance is supported by its recent publication on OCT 2019.
· This article will be used to discuss about the HIPAA supplies the standard of care in state negligence law for failing to protect the privacy of electronic personal health information (ePHI).
Yang, T. H., Ku, C. Y., & Liu, M. N. (2016). An integrated system for information security management with the unified framework. Journal of Risk Research, 19(1), 21-41.
· This article is credible since it was published in a well-established peer reviewed journal. Was published by Journal of Risk Research.
· This article’s relevance is supported by its recent publication on JAN 2016.
· The article primary goal is to design an integrated system for information security management (ISISM) that aims to use current methodologies and standards, using HIPAA rules. Because business impact analysis and risk analysis are the most important areas within this domain, we carefully select the related methods and then integrate them into a unified framework, upon which the proposed ISISM depends.
· This article will be used to discuss about the integrated system for information security management (ISISM) that aims to use current methodologies and standards, using HIPAA rules.
Get help from top-rated tutors in any subject.
Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com