HIPAA Case Study

981 Words4 Pages

Introduction This case study focuses on the ability of organizations to integrate the legal environment with their information system policy to secure the confidentiality, integrity, and availability of their data. The ability of an organization to blend in the outside governmental policies with their own organizational policies will be the foundation for their success in their information system policy. The outside laws have the greatest impact on the organization because of the government enforcement of those laws. An organization that does not follow those laws can be subject to fines and even the loss of their business license. It is important for the organization to understand the laws of the business field they are in, because there …show more content…

One of the most well known policies for the medical field is the Health Insurance Portability and Accountability Act (HIPAA), which “protects the privacy of individually identifiable health information” (ciso.washington.edu/laws/hipaa/). HIPAA is a national standard for medical organizations and professionals to follow to protect the privacy of their patients. For medical professionals, HIPAA prohibits them from discussing their patient’s name, conditions, or any other information outside of the workplace. Medical organizations follow HIPPA in the same manner but because they have more personal information on the patient they have to protect more of the information, such as social security numbers and payment information. HIPAA is not optional for medical organizations to follow and because of this can be used as a foundation to build the information system policy. The medical organization is able to identify the absolute minimum data protection and use that to customize their …show more content…

The assets will not always be as straightforward as a bank protecting its money. Research organization’s assets would be the research they have conducted and in order to protect that data there would be different policies in place. For an information security policy it is important for the organization to define the asset they are protecting, “an information asset is a definable piece of information, stored in any manner, that is recognized as having value to the organization” (Greene, Sari). The organization’s ability to define their assets will help shape their policy to best protect their data and