Explores the history, economic principles and legislative and regulatory influences of the Health Insurance Portability and Accountability Act (HIPAA).
Abstract This paper explains that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) required that the Secretary of Health and Human Services (HHS) propose federal standards protecting the privacy of individually identifiable health information by August 21, 1997. The paper then provides historical background information on the Act and points out that with everything, there is a cost associated with it and this includes the HIPAA. The paper then examines these costs by applying economic principles to the Act and explains that these principles help predict how overall cost will be impacted. The paper also discusses the legislative and regulatory influences of HIPPA. The paper concludes that the instillation of this act has had a great economic impact upon our nation's federal budget.
Table of Contents:
Historical Background
Economic Principles
Legislative and Regulatory Influences
Conclusion
From the Paper "Human resources as well as fiscal resources are needed to meet the demands associated with HIPAA compliance. Human resources are the staff assigned to task related to HIPAA compliance; these resources include consultants, policy developers, information technology staff and any additional staff required to ensure compliance. The fiscal resources are the funds or revenue available and allocated for implementation and maintenance of HIPAA compliance. The availability of these resources will impact the degree of compliance an organization will be able to maintain in relation to HIPAA."
Abstract The paper focuses on five unmet needs of the healthcare community that are driving the greater application and adoption of IT-based strategies that ensure compliance witht he Health Information Portability and Accountability Act (HIPAA). The paper details the various IT strategies and how they assist medical practices to fulfill the requirements of the HIPAA standards and regulations.
Outline:
Introduction
Background
Conclusion
From the Paper "Giving employees the freedom to gain control over their medical records regardless of their employer is one of the greatest benefits of the Health Information Portability and Accountability Act of 1996 (HIPAA) (Kibbe, 2005). The HIPAA Act, which formally went into effect in Aril 21, 2005 and concentrates on defining standards for administrative, technical and physical security procedures (Miller, 2006). The HIPAA Act required healthcare organizations to fundamentally re-order and re-define the processes they used for capturing, analyzing, recording and archiving healthcare records. The strategies healthcare organizations are relying on are not incremental, yet more strategic in focus, creating Enterprise Content Management (ECM) frameworks (Secor, Laplante, 2006)."
This paper discusses that the area of computer and Internet security is one of a continual ratcheting up on the side of government and software developers in response to accentuated and growing threats.
Abstract In this article, the writer notes that the Internet's growth and adoption continues to completely transform business models and permanently change how both people and organizations communicate, transact, serve and collaborate with one another. The writer points out that as the Internet has now become a platform that enables electronic commerce, there has been an exponential rise in all forms of security breaches and theft of both data and funds over the Internet. The writer discusses that the continual ratcheting up in terms of sophistication and expertise on the criminal side of this equation demands greater and greater focus from many global government agencies globally and a concerted strategy of cooperation between the worlds' leading companies in software, Internet and electronics communications security.
Table of Contents:
A Brief History of Internet and E-mail Security Vulnerability of Systems
Hackers: Who They Are and Why They Do It
Analysis of Security Concerns
Phishing
Viruses
Worms
Pop-ups
Drive-by Downloads
Malware
Trojan Viruses
Identify Theft
Credit Card Security Dangerous Locations on the Internet
Origination of Security Problems
Protection Strategies
Ad-ware
Encryption
Firewalls
Passwords
Spyware Removers
Internet Company Strategies for Protection
Solutions to Internet Security Challenges
Summary and Conclusions
From the Paper "In addressing security concerns either on a system or network it's critical to realize that no security measures or products will completely secure a network and alleviate the risks of vulnerability. What both individuals and organizations must do is balance the need for security and minimizing vulnerabilities on the one hand while ensuring a high level of system performance on the other. Too much of a focus on security and alleviating vulnerabilities in systems leads to difficult-to-use interfaces, an over-abundance of passwords, and sluggish system and network performance due to the many security controls in place. At much higher levels of security there is an accompanying higher level of inconvenience for users, further reducing job satisfaction and productivity. When there are too many system security measures in place often users look to circumvent them, making both systems and networks even more vulnerable. What needs to specifically be accomplished is a balance between high levels of security on the one hand, and enough flexibility to allow users to complete tasks on their systems and the network on the other."
Abstract This paper describes a virtual website, similar to KaZaA in the file-swapping aspect, but instead of music, provides first-rate Hollywood-caliber movies, from which members have the opportunity to download specialized encryption software to their system. The author points out that website security for the Internet and internal networked environments has three basic objectives: confidentiality, integrity, and availability. The paper states that the website will require various software tools, such as encryption and database software, firewalls, routers and other hardware, but the keys to security are reputable vendors, who are reliable with support and well-trained, and knowledgeable network administrators and personnel.
Table of Contents
Introduction
Define the Website
Basic Threats, Risks, and Security Requirements
Corporate Policies
Secure Assets
Mechanisms
Conclusion
From the Paper "Whatever the case, our website security aspirations will be very difficult to achieve. In the modern world, a high school kid with a failing average could easily gain unauthorized access to an insecure network or website environment. The real problem is that many people know exactly what they are doing because today's adolescents have grown up with technology and they understand it. Couple this with the fact that whole nations and industries have become computer crime intruders such as what has occurred in China. Network security engineers have to be on the lookout for many attacks."
Abstract This paper shows how important database security is for protecting companies against risks, such as cracking, worms, viruses, web site defacement, unauthorized disclosure of confidential information, and more. The paper also outlines the minimum steps that must be taken to ensure effective security against these crimes.
From the Paper "A recent report by the Computer Security Institute (CSI) and the Federal Bureau of Investigation (FBI) reveals that of 508 companies surveyed, mostly large corporations and government agencies, 90 percent detected computer security breaches within the past twelve months (Savage, 2003). Eighty percent acknowledged financial losses due to these computer breaches. And the 223 respondents that quantified their financial damages suffered a total loss of $456 million. These statistics show the dire need for database security in both large and small companies."
Abstract The paper discusses the ethics of the medical care non-disclosure agreement between doctor and patient, which ensures that patients have the freedom to be absolutely honest with their physicians. Frequently the lives of patients depend upon the assurance of confidentiality, which ensures that patients will release all the information necessary to be treated in a targeted and effective way. The paper highlights that the American Medical Association has provided guidelines for doctor-patient confidentiality and its maintenance, particularly as relevant to computer databases. The paper discusses the general guidelines for the relationship between physicians and their patients, along with the maintenance of their confidentiality levels.
From the Paper "To provide optimal protection of privacy, the computerized medical database should be online to the terminal only when computer programs with the necessary authorization, and specifically requiring the data, are in use. No person or entity outside of the clinical facility should have access to any online computerized database with medical records of patients who can be identified via the program. This ensures continued doctor-patient confidentiality, which belongs to the patient according to standard medical ethics, as well as the law."
Abstract This paper examines how the violation of the Constitution of the United States, which is formally termed as ?non-compliance?, has been seen throughout the history of the United States and how, specifically, it has occurred during times of war during civil disturbances, with the use of extrajudicial force used to supercede the ordinary process of law. It looks at how one such instance occurred during the Civil War and how the violations, which have occurred during the "War on Terrorism", are some of the most blatant violations of constitutional ideals and principles ever witnessed.
Outline
Statement of Thesis
Introduction
Preamble to the United States Constitution
Definitive of the Language in the Preamble
Historical Incidents of Non-Compliance What Does the Constitution Say?
Conclusion
From the Paper "Although it is understandable for some restrictions during war time in order to keep citizens safe and the country secure it is evident that since September 1, 2001, that the non-compliance to the Constitution which is evidenced by the implementation of the Homeland Security Act and the Patriot Act that the all inclusive powers of the government in spying on citizens is too broad of a scope of powers to be vested in a government of a democracy."
Abstract This paper explains that the expansion of teleworking employment arrangements in the federal government has significant implications on organizations' data security and information technology operational strategies. The paper points out that telecommuting security concerns are an important area of study due to the sheer number of teleworkers, the rapidly changing information technology and the increase in remote access. The paper reveals several different solutions for the telework security problem; however, the most reasonable solution seems to be increased awareness and training regarding this problem. The paper also includes a section paraphrasing and summarizing source material and an extensive working annotated bibliography.
Outline:
Executive Summary
Literature Review
Recommended Solutions
Paraphrasing and Summarizing Source Material
Working Annotated Bibliography
From the Paper "Of course, with every argument there is a counter-argument, and not all of the literature reviewed reports that teleworkers cause a greater threat to security. In fact there are some reports, such as one described by Sternstein (2007) that Federal teleworkers are actually less of a security threat than traditional office Federal workers. The report Sternstein is referring to comes from the Telework Exchange and explains that the reasons security threats are reduced via telework is that materials are not being physically transferred from place to place to place."
Tags: leakage, breaches of confidentiality, geographical distance, remote access, banning
Abstract The goal of this paper is to analyze four security management mistakes commonly made by businesses and other organizations: failure to thoroughly investigate new employees, failure to enforce written policy, overemphasized reliance on technology, and ignorance of new vulnerabilities. In line with the comprehensive approach to security management analysis established by P.J. Ortmeier in his book "Security Management: An Introduction", the author of this paper also attempts to address multiple facets of the issue of security. Thus, the first section of the paper, which examines failure to adequately investigate new hires, provides an overview of the legal consequences of this problem, as well as indicates possible causes of this failure and suggests several remedies. The second section, which analyzes organizations' failure to enforce written security policy, also attempts to provide a thorough examination by supplying the rationale for the establishment and enforcement of such policy, as well as a concrete, practical examples. The third part of the paper analyzes organizations' improper reliance on technology by examining how it affects the three facets of securityidentified by Ortmeier - physical environment, personnel security, and information safety. Finally, the last part of the paper deals with the issue of failing to identify and properly address new vulnerabilities by similarly examining the consequences of this failure for physical, personnel, and information safety. The paper concludes with an assessment of the role of proper security management for the successful operation and growth of businesses and other organizations.
Outline:
Introduction
Security Pitfall #1: Failure to Thoroughly Investigate New Employees
Security Pitfall #2: Failure to Enforce Written Security Policy
Security Pitfall #3: Improper Reliance on Technology
Security Pitfall #4: Failure to Identify and Properly Address New Security Threats
Conclusion
From the Paper "Proper assessment and investigation of potential employees is a major part of personnel security management (Ortmeier, Ch. 6; Perkins, 2006, p. 15). However, mismanaged personnel hiring can also negatively affect company's legal affairs, information security, and even physical safety. Thus, according to John Bentivoglio, "A well-considered background check policy that can identify potentially dangerous persons before they are hired can serve the dual goals of creating a safer workplace for employees and the public while also shielding (the organization) from liability for negligent hiring" (Bentivoglio, 1995, p.65). In other words, every company should thoroughly screen the backgrounds of all potential hires in order to avoid potential future lawsuits. Such suits can and do arise due to the fact that, in most states, employers can be held liable for negligently hiring workers who pose danger to coworkers or to the public. "
Abstract In this article, the writer looks at the Health Insurance Portability and Accountability Act (HIPAA), in terms of laws and regulations in the healthcare industry designed to create greater accountability through legislation. Since HIPAA is very large in scope, this report and research deals with the HIPAA Security Rule, as a more detailed part of the HIPAA that has representative legal cases. Specifically, the current research looks at the HIPAA Security Rule as it has been understood and interpreted through several legal cases, giving a summary and analysis of these cases as well. The writer discusses that new regulatory measures instated by the HIPAA, in terms of healthcare technology, and the process of care, have put intense pressure on the health insurance environment, stressing accountability, transparency, and data security in electronic records.
Outline:
Introduction
Literature Review - Cases
Conclusion
Recommendations
From the Paper "The law when it comes to the HIPAA Security Rule, centers around the issue of client confidentiality. HIPAA Security Rule came about because there are so many new technological implications to client records, that these records, often electronic, need extra security and safeguards. Therefore, through legislation that can be upheld in law cases, HIPAA oversees data security in healthcare, protecting client confidentiality. When the client is assured that any of their records will be made under either explicit or implied confidentiality, it is easier for them to feel like they are taking part in a conversation in which they are respected. A feeling of respect is important for clients, who will feel empowered and assured that they are undertaking a professional process in which none of their conditions or histories will be shared with others without their express consent. But many authors in existing case law also tend to see confidentiality as only a good thing, without relating how it needs to be broken if for example, the client poses a danger."
Abstract This paper considers the use of biometrics in home security, noting that biometrics involves the use of computers and other hardware to identify people on the basis of physical characteristics, such as fingerprints, speech, facial recognition, retina scan, signature, and so on. The paper further discusses how biometric security systems can operate in different ways. In an identification mode, the system can identify a person from the entire enrolled population by means of a database search. In verification mode, the system can authenticate an individual? claimed identity.
From the Paper "Biometrics involves the use of computers and other hardware to identify people on the basis of physical characteristics, such as fingerprints, speech, facial recognition, retina scan, signature, and so on. Biometric security systems can operate in different ways. In an identification mode, the system can identify a person from the entire enrolled population by means of a database search. In verification mode, the system can authenticate an individual's claimed identity. The advantages of such a system derive from the ability to offer a unique identification for each person: Only biometric authentication bases an identification on an intrinsic part of a human being. Tokens, such as smart cards, magnetic stripe cards, physical keys, and so forth, can be lost, stolen, duplicated, or left at home. Passwords can be forgotten, shared, or observed ("Biometrics and Security" para. 5)."
Abstract This paper examines the various steps taken in hospital radiology departments to ensure patient privacy and confidentiality. In particular, the paper studies the increasing availability of these images online -- or at least their computerization and accessibility from outside the department and even the hospital. The paper studies the HIPAA (Health Insurance Portability and Accountability Act) regulations regarding patient confidentiality and asks how those regulations apply to the current situation.
Abstract An explanation of hypertension and the failure to achieve compliance with anti-hypertensive therapy. The paper begins by explaining that hypertension is associated with many factors that have been found to reduce compliance. Factors that reduce compliance to anti-hypertensive therapy include patient and disease characteristics and treatment characteristics. The paper then shows what solutions can be provided by the medical care facility to improve the treatment. The paper includes many direct quotes from medical journals and offers details of the various treatments and therapies available.
From the Paper "The 1988-1991 Third National Health and Nutrition Examination Survey (NHANES-III) found that only about one-half of hypertensive patients in the United States are being treated and less than one-half of those being treated have their blood pressure well controlled (below 140/90 mmHg). A major reason for this shortfall is lack of patient compliance with therapy. This problem persists even though individual programs have shown excellent adherence to and results from both non drug and drug regimens."
Abstract This paper explains that the ultimate irony for the United States' passing of the Sarbanes-Oxley Act and similar acts is that this type of legislation is fueling an entire IT industry that is called upon to deliver both compliance and business process improvement. The author points out that a service-oriented architecture (SOA) platform is the best practice for line-of-business managers, who want to get the most critical information to the sales, service and pricing managers, and still remain in compliance. The paper relates that the greatest motivator for the development of compliance programs and governance in IT management has not been top-line revenue growth but rather having an air-tight set of financial records when Sarbanes-Oxley auditors arrive to look over transactions
From the Paper "Keeping in mind that the majority of IT professionals prefer to view their IT platforms from the context of layered model that has a strong focus on integration and pervasive layers of functionality, and the role of an all encompassing layer of analytics begins to take hold. This alone however does not completely negate the issue of the politicization and siloing of information. What analytics layers do however is force the issue of performance from just within one organization and shows the impacts (or lack thereof) of collaboration across the organization."
Abstract This paper examines how managers gain compliance from their employees and how they get their employees to perform well. The paper discusses the compliance gaming theory, which states that leaders can effectively make use of informal communication strategies to motivate their employees, so that supervisors who encourage employees with positive feedback are most likely to achieve task compliance. The paper quotes various theories used to motivate employees and discusses the game theory, which is part of a group of theories often grouped together under the heading of rational choice theory. In addition, the paper explains that this theory may function either positively or normatively and may provide a contribution to predicting or explaining the behavior of an individual and may result in offering advice to an individual concerning what choice should be made.
Outline:
Introduction
Summary & Conclusion
From the Paper "The work of Kellerman and Cole (1994) entitled: "Classifying Compliance Gaming Messages: Taxonomic Disorder and Strategic Confusion" states that the compliance gaming strategies includes the method of the 'actor takes responsibility' in attempting to gain compliance of others to assist them through offering to do it themselves as a method of getting them to do what is wanted. Another method is referred to as 'altercasting' and is a negative form of attempting to gain compliance of others by noting that only a "bad person would not do what is wanted" intimating that the individual who will not comply is one with negative qualities."
