Question: Wk 3 Assignment Template PHI/EPHI Policy Template Version: Purpose: This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal

Wk 3 Assignment Template

PHI/EPHI Policy Template

Version:

Purpose:

This policy prohibits the use, storage, and discloser of Personal Health Information (PHI) and Electronic Personal Heal information (EPHI), except as specifically permitted or required by HIPAA regulation.

Scope:

Policy:

Assignment Scenario

Your company is a security service contractor that consults with businesses that are considered covered entities under HIPAA in the U.S. who require assistance in compliance with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.

Your client is Health Coverage Associates, a health insurance exchange in California and a covered entity. Because of the Patient Protection and Affordable Care Act (ACA), the exchange enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:

Vulnerability #1: A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client Protected Health Information (PHI) allowing access to PHI stored within the database

Vulnerability #2: An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized access to the PHI

Vulnerability #3: An unauthorized access to client accounts through the companys login website via the cracking of weak passwords

The selection of security controls will go into the Security Assessment Plan (SAP) covered in Week Three. The SAP will address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.

The NIST HIPAA Security Toolkit Application, developed by the National Institute of Standards and Technology (NIST), is intended to help organizations better understand the requirements of the HIPAA Security Rule (HSR), implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services.

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

part 2 please respond by secotion Wk 5 Assignment Template Password Policy Develop a 1- to 2page Password Policy. Version: Purpose: This policy prohibits the use, storage, and discloser of Personal...

Using the scenario presented in Wk 2 and the templates provided in the resources below, complete the following: 1- to 2-page Risk Registry accurately documenting the risk elements from the scenarios...

Answer from your tutor: Report this answer ninaricabustalinoActivemore than 1 day ago By contrast, statutes and regulations are written abstractly. Case law, also used interchangeably with common...

Could you please break it down by the sections on the template: Version, purpose, scope, police 1-5? Wk 3 Assignment Template PHI/EPHI Policy Template Version: Purpose: This policy prohibits the use,...

Please see attached file and answer (1-2 pages) the following questions: - What is the structure of this industry? - Who are the primary players? - What external risks does the industry face? Table...

This policy will be reviewed no later than 5 years of its authorisation date. At this point it will need to be re-authorised by the relevant authority at Xxz Financial Services Version Published...

CHAPTER 12 Privacy \"If everybody minded their own business,\" the Dutchman said in a hoarse growl, \"the world would go round a deal faster than it does.\" Lewis Carroll, Alice's Adventures in...

- personnel have access to private and sensitive information ensure all records and documents are maintained and stored in accordance with Education and Care Service National Regulations (See Record...

Give a case brief on the following case. Include the following: Facts of the case Judicial history of the case issue of the case (in question form) Rules of the case Analysis of the case...

Compare the numbers of pairs of shoes for men and women. (Source: StatCrunch Survey: Responses to Shoe survey. Owner: scsurvey)

Redding Industrial Supply had common shares of $6,800 and retained earnings of $4,925 at the beginning of the year. At the end of the year, the balance in common shares is $7,000 and the balance in...

When accessing shared data in a multithreaded environment, you do not need to synchronize access to avoid errors or corrupted data. True False

SIMAD UNIVERSITY Class: BACC25 Subject: Islamic Accounting Instructions: a) Follow The Instructions. Midterm Exam Instructor: All Ibrahim Date: 6-4-2022 b) You Have 1.5 Hrs. To Complete This Test. c)...

Give an example of a situation for which you would use an open-ended question and give the reasons this type of question would be appropriate for the situation. (Objective 2)

What impression does a passive communicator project to his or her receivers? an assertive communicator? an aggressive communicator? (Objective 2)

Prepare one of the following visual aids that could be used in a written report: (a) a map that shows how to get from your school or university library to your classroom; (b) a pictograph that shows...