Answered You can buy a ready-made answer or pick a professional tutor to order an original one.
Case Study 2: HIPAA and IT Audits
Imagine you are the Information Security Officer at a medium-sized hospital chain. The CEO and the other senior leadership of the company want to ensure that all of their hospitals are and remain HIPAA compliant. They are concerned about the HIPAA Security and Privacy Rules and its impact on the organization. You begin looking at the information provided by the Department of Health and Human Services, located at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html. Specifically, you are asked to provide an analysis of two (2) of the cases found here with emphasis on what was done to resolve the compliance issues. Section 1. Written Paper
Non-compliance with HIPAA regulations can result in significant fines and negative publicity. To help ensure that your organization remains in compliance with HIPAA regulations you have been asked to write a three to five (3-5) page paper in which you:
1a. Create an overview of the HIPAA Security Rule and Privacy Rule.
1b. Analyze the major types of incidents and breaches that occur based on the cases reported.
1c. Analyze the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.
1d. Analyze and describe the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.
1e. Analyze how a hospital is similar to and different from other organizations in regards to HIPAA compliance.
1f. List the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.
1g. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Section 2. Network Architecture
2a. Create a network architecture diagram (using Visio or an open-source equivalent to Visio for creating diagrams), based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.
2b. Include in the diagram the switches, routers, firewalls, IDS / IPS, and any other devices needed for a compliant network architecture.
The specific course learning outcomes associated with this assignment are:
- Describe the process of performing effective information technology audits and general controls.
- Explain the role of cybersecurity privacy controls in the review of system processes.
- Describe the various general controls and audit approaches for software and architecture to include operating systems, telecommunication networks, cloud computing, service-oriented architecture and virtualization.
- Use technology and information resources to research issues in information technology audit and control.
- Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.
- @
- 165 orders completed
- ANSWER
-
Tutor has posted answer for $40.00. See answer's preview
******* NameHIPAA **************** NameProfessor’s Name *********************************** ** *** ***** ******** **** *** ******* ******* office for ***** ****** ** *********** *** the *********** ** *** HIPAA ***** *** *********** HIPAA stands *** Health Insurance *********** *** Accountability Act ** *** ***** in 1996 *** ***** Privacy ***** were ***** ** ******* the privacy ** *** ****** *********** of an ********** *** *** HIPAA ******** ***** *** given ** set national ********* ** protect *** secure *** ********** ****** information of ** individualThe Privacy ***** ***** ***** ******** ******* ********** ** *** ****** *********** ** ** ********** **** ** ***** ******** ********** and covered ******** ** ******** *** ******* * **** ** ****** about the *********** ********* *** health The ******* Rule is **** ******** in * manner **** it can ******* *** ********** ** ********** the health *********** of a ******* ** ****** for the **** of the patient ** *** ***** ******* ** due ************* ******** ***** *** ******* ** ******* **** * sequence of ********* administrative *** physical ********** should ***** the ******** *** *** ******** associates **** *** *** ********** ********* health information ** that *** ********* *************** *** ************ ** the **** *** ** ******* securelyAnalysis ** ***** ***** ** ********* *** ******** *** ********* covered ***** HIPAA **** ** **** punctual in ********* *** *** ********* that **** ***** ****** *********** ********** *** *** ** ********* ****** Information ** any ****** ***** ** *** permitted ** ***** *** occurrence ** * ****** ** ******* ** the ******** ** HIPAA ******** *** HIPAA ******* ***** consulting with ***** ********* ** *** ********** *** the ********** ******* ** *** ******** ******** ****** ** *** ********* Protected Health *********** then *** incident ** notified to *** affected ********** ***** *** *** ********* ** ** ********** ** Health *** ***** ServicesThe ******** incidents ******* the disclosure ** the *** ********* *** of *** Protected ****** Information ** *** ******** ********* ** *** ******** in ***** the ********* ****** *********** ** obtained ** ** ************ ****** Other incidents include ******** or ****** a ****** ***** ******** *** Protected ****** *********** ** *** ********* ** *** ****** ** **** malicious ******** **** ***** etc ********* **** ****** ** *** in *** ***** **** *** ***** ********* *** ******** under ******** Breach ********* include ******** of *** *** or ********* the *** ******* ********* ** *** ******** ******* to ***** into the secure area where *** important ********* ****** *********** **** ** stored ****** **** ****** ** *** *** is *** **** properly **** or *** ************* ****** *** can access *** **** ********** *** ******* or ***** *** ******** with a ****** who ** *** authorized to ****** itControls ****** to ******** *** ********** ***** *** ******************** ***** of ******** *** ******** under ********* *** ************* ******** ** ***** ** ******** the vulnerabilities and ********** risks *** making *** ****** strong ** ****** *** ********* ****** *********** management ******** ********* ******** *** *********** controls are necessary ***** controls **** ** risk ********** risk ******** and **** ********** ****** ******** ****** and ******* **** ********* ******** ******** and ******************** controls *** ********* ** the management ** ******* *** *********** ******** ******* The ********** ******** ***** on the ******** programs and manage *** **** ** *** ************ by defining the ******** policies ***** *** ********** *** ** ************* all available **** *** regulations that are necessary ** **** *** needs ** *** *************** *********** ******** *** executed on the ***** ** all ****** ** *** organization **** ******** **** ********* and training protection ** the ******** *********** *********** planning ********** ** ******** ******** *** ******** ******* *** operations ********* ******** *** defined ** secure the *********** ****** Such controls are *** ** ******** *** ********** **** ** provide access ******* *** ******* ************ ***** ****** intrusion ********* *** prevention firewalls ***** ******* and ********* ****** ***** security ***** ********** *** ******* other ******************* ** ******* ************ ****** ** ** ** ********* with ***** ************* ***** ** ** in compliant **** the ***** *********** a hospital’s ******* architecture must be ********** **** *** HIPAA Security ***** *** architecture ****** ** ******* ** ************** Administration ********* *** services ** ***** ** *** ***** **************** *** Difference of * ******** **** ***** *************** ********** **** the ***** * hospital ** ********* **** other ************* ** **** **** *** ******** *** to be **** ********** ***** the ********* *********** of *** ************** ****** Other ************* have ** ****** ***** ******** **** ** ***** **** but * ******** has ** ** more ******* ***** *** **** ** *** ******** in comparison **** *** ***** data ********* *** ************ administrationOther ************ *** ** protect *************** the **** ********* ***** ******* *** ******** ******** *** a hospital **** ** ***** **** ********** in securing their *********** **** ** case ** data **** ** ** organization ***** *** ** *** not be *** ***** action ******* ** **** of a hospital breach ** *** security **** ******* serious ***** actions *** ******** ** ******* ** other organizations ** **** have ** use advanced ********* ******* ** ******* ***** **** and critical ************* ***** Steps ****** in **************** overall IT ***** ***** Prepare an ***** ******** ***** To ** ** ********** **** *** ****** *** ***** ****** *** ***** **** **** ********** ******** ** **** ** * ****** ****** ** ** necessary ** develop *** **** **** ******* *** *** ******* ** **** ***** *** *** ******* *** ********* for ***** with ****** ********** ***** the **************** ***** document: **** sure **** the ******* ******** properly ******** their ***** ********** *** ***** and ***** ********* that ***** ************* is ******* *** ******** ********** ******* **** Assessment: * proper **** ********** ** ******** under ***** ******** **** ** ** ** an ********* **** ** ********* *** **** *** weaknesses4 ******** *** ******** *********** According ** *** ****** *** Civil ****** *** ***** plan **** indicate *** ******** ********** *** *** covered entities as subject *** ****** ********* **** must be ***************** Architecture ReferencesBoston ********** *********** ******** (nd) ** **** Protection *** HIPAA Data **************** ***** ****** ****** ********* May ** 2015 ***** http://wwwbuedu/infosec/policies/hipaa/hipaa-breach-policy/Centers for Disease ******* *** ********** (2003) HIPAA privacy **** and ****** ************** **** *** *** *** ** Department of Health and Human ServicesMMWR: ********* and ********* ****** ************** 1) 1-17Health *********** Privacy **** ************* ****** *********** ******* Retrieved ***** **** ***** **************************************************** * J **** * ***** ***** * * ****** A *************** architecture for securingclinical imagesJournal of digital ************ *********** Z ***** *** * * (2005) ***** ********* auditing ****** *** medicalimagesComputerized Medical ******* *** ************* *******