24/7 writing help on your phone
Save to my list
Remove from my list
Currently ABC Healthcare does not have any enforceable guidelines in place. If employees would to break laws involving ABC Healthcare and the regulations they are bounded too, ABC Healthcare would have a hard time holding these employees accountable. There are several instances of cyberlaw noncompliance. Having a person with little to no experience (not illegal but shows poor judgement) in charge of following these cyberlaws is the root of ABC Healthcare’s noncompliance. The first instance of noncompliance is the disregard to patient’s PHI.
The regulations that are being violated, fall within two major acts HIPAA and HITECH. HIPAA is in place to guarantee that individuals’ health information is suitably protected while allowing the flow of health information needed to provide the highest quality health care and to protect the public's welfare. HITECH was put in place to promote the adoption and meaningful use of health information technology.
Both HIPAA and HITECH have specific guidelines that protect the patient’s PHI.
Specifically the HIPAA Privacy Rule protects the privacy of individually identifiable health information, called protected health information (PHI), as explained in the Privacy Rule (Office for Civil Rights (OCR), 2013). The Security Rule protects all individually identifiable health information a covered entity creates, receives, maintains or transmits in electronic form. The Security Rule calls this information “electronic protected health information”. The law does not protect PHI transmitted verbally or in writing (Office for Civil Rights (OCR), 2013). The second violation is in regard to the patient and employee financial information.
PCI DSS would apply in this instance. The PCI DSS is a set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment ('PCI Compliance Guide Frequently Asked Questions | PCI DSS FAQs,' n.d.).
ABC Healthcare is not complying with several cyberlaws and this will have an impact on IT and computing within the organization. By entering and remaining in noncompliance, ABC Healthcare is showing that it does not regard the PHI of its clients as important. It is also showing its employees that there personal information is of little importance as well. The trust ABC Healthcare had built will be in jeopardy and hopes of rebuilding that trust will diminish the longer it takes for them to respond appropriately. If ABC Healthcare did not take the appropriate precautions to protect this data, it wouldn’t be a big stretch to assume they did not have protections in place to mitigate any financial problems a breach would bring them. Transferring the risk to a third party, could have offered some financial protections. These protections could include but are not limited to insurance, warranties, or performance bonds.
After reviewing a few examples of IT Acceptable Use Policies, I found that SANS Institute Acceptable Use Policy is a good example of how to set internal guideline in any IT environment. If ABC Healthcare would follow these guidelines within its organization, it would have mitigated or even prevented the breach in the first place. 4.2 Security and Proprietary Information (SANS Institute, 2014) would have proved valuable to ABC Healthcare:
The section on unacceptable use (4.3 Unacceptable Use) is the entire list of policies ABC Healthcare should have followed in order to prevent the breach. These polices are well crafted in that they give sufficient disclaimers and proper allowances when needed. For example, the following wording is well delivered:
“The following activities are, in general, prohibited. Employees may be exempted from these
restrictions during the course of their legitimate job responsibilities (e.g., systems administration
staff may have a need to disable the network access of a host if that host is disrupting production
services).” (SANS Institute, 2014)
This gives the proper IT staff the opportunity to fulfill there day to day duties with out infringing on the guidelines.
It is a simple task to select aspects of the acceptable use-of-technology policies that I researched that I felt could be adapted to meet the needs of ABC Healthcare. Since ABC Healthcare’s policies or guidelines for employees’ usage of the computers and network are nonexistent, it is clear that any resembles of a guideline would be beneficial. In my professional opinion, I would suggest that ABC Healthcare implement the guidelines outlined by the SANS Institute Acceptable Use Policy. It would be a straight forward process in order to implement this document and make it the company’s own acceptable use-of-technology policies guideline. For the most part the only change I see that would need to be done is replacing the sections with ABC Healthcare. I would also suggest that ABC Healthcare take these guidelines with the utmost importance and convey it to there employees in the same fashion. Extensive training will be conducted from the top down in order to drive the importance of these guidelines.
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.get help with your assignment