Answered You can buy a ready-made answer or pick a professional tutor to order an original one.
Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information pr
Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.
Your client is Health Coverage Associates, a health insurance exchange in California and a healthcare covered entity. The Patient Protection and Affordable Care Act (ACA) enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:
- A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client protected health information (PHI) that allowed access to PHI stored within the database
- An internal mistake by an employee that allowed PHI to be emailed to the wrong recipient who was not authorized to have access to the PHI
- An unauthorized access to client accounts through cracking of weak passwords via the company’s website login
Health Coverage Associates would like you to develop a security management plan that would address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.
Write a 1- to 2-page high-level executive summary of the legal and regulatory compliance requirements for Health Coverage Associates executives. The summary should provide
- Accurate information on the HIPAA requirements for securing PHI
- FISMA and HIPAA requirements for a security plan
- Scope of the work you will perform to meet the Health Coverage Associates’ requests
Compile a 1-to 2-page list of at least 10 of the CIS controls that provide key alignment with the administrative (policies), physical (secured facilities), and technical safeguards required under HIPAA to protect against the attacks listed above. Include corresponding NIST controls mapped to the selected CIS controls.
Write a 1- to 2-page concise outline of the contents of the security management plan. Include
- Policies Health Coverage Associates will need to manage, protect, and provide access to PHI
- The recommended risk management framework Health Coverage Associates should adopt
- Key elements Health Coverage Associates should include in its plan of actions and milestones
Cite all sources using APA guidelines.
- @
- 966 orders completed
- ANSWER
-
Tutor has posted answer for $40.00. See answer's preview
********* *********** ******* provides ***** ******** ** the ******** **** plus **** or *** ** being ******* ** well ** *** *********** protected **** **** is secured ** ******** ** ***** ** **** **** that proper ********** ** ************** ** the HIPAA *************** ***** ** 1996 ***** *** ********* ** the ** ****** ** ****** and ***** ******** ** come up **** rules ********** the ******* as **** ** ******** ** ********** ****** **** ** meet **** *********** *** Department published **** is ******** ** ** ***** ******* rules *** *** HIPAA ******** **** *** ******** rule ***** **** *********** ******** ** *** ******* ** ******* with *** ********* and ************* ******** that ***** ****** ********** entities” ***** to put ** progress ** ****** ********** ********* ****** *********** ***** *** ******* **** **** ******** ** ** ********* for privacy of individually ************ health information **** ******** standards for the security of ********** ****** *********** *** security rule ** *** ******** ********* *** the ********** ** ************** ********* ****** information ***** * ******* *** ** ********** standards *** ******** **** ****** information which ** held ************** *** ***** ******* **** ******* the *************** of a ****** ************ ** health *********** known ** ********* ****** *********** ***** *** ******** **** secures a **** ** *********** protected by Privacy **** **** is all ********** recognizable ****** *********** * ********* ****** makes **** ********* ****** sends in electronic **** **** 1996)FISMA *** ***** **************** ******* *********** ** ******** ** being ********* ** *** ******* *********** ******** ********** Act ** 2002 (FISMA) *** **** ******** to ******* ************ ** *** ***** act of **** ******** ***** **** the ****** ** * ********* ****** ** ********** by *** ******** ************ HIPAA ** ******* ***** the HIPAA ************ deals with securing *** ******* ***** ***** **** *** ******** and ***** ** *********** ********* ***** **** **** are ********* **** *** HIPAA rules are ********* ** *** ***** ************ **** ***** that *** ***** obligations will ***** Furthermore ** ***** **** ** ***** be **** *** a ******* entity ** **** **** both ******* *** ***** *********** ************* 2009)CIS *** ************* **** controlsCIS Critical ******** ******** ****************** ********* (CSF) CoreIdentifyProtectDetectRespondRecover1 ******** of ********** *** ************ ******************** Notation ** Authorized *** ************ ******************* ********** ****** Based ** the Need to *************** ******** ****************** **** ********************* ******* ******************* Data ******** Capability RP8 Security ****** ********** *** Appropriate Training ** Fill Gaps AT 9 ******** Response *** Management AERP 10 ********** *** Control ** Network ***** ********* and ******************** Account Monitoring and ******************* ***** *** Web ******* ************************** ** The **** Cybersecurity Framework (Shen ***************** use ** ******** of ********** over *** **** ******* ***** ******** realized ** ***** *** ********* ** ******* *** ****** * standardization ** ******** ** protect secure ******* health information ** ******** ** **** *** ***** what ************* information can be ****** *** **** also has ******* ********** **** ****** *** *** its *** ** ********** ************* ***** with this *** ******** ** systems used in ******* *** ************ information *** become a ***** part ** *** process ******** ******** ** electronic *********** **** **** ** the **** ** ******** ********* in the **** *** years *** unfortunately **** **** ********* the ****** care ******************** ****** care ********* and ************* ** *** ****** their ********** ****** ******* ******** and ************ systems Thus *** unique ********* ** ******* considered as ************* **** ****** to *** *** created ** ******* *** ******* and *************** ** ******** * *********** was ******* *** health **** providers *** ************* to **** * ******** ********* contract with the person or ************ **** ******** ********** or services on ****** ** * ******* ****** ***** ***** (Drolet et ** ***** ** *** use ** these contracts it ** *** intent to ****** **** the *** ** ************** ********* ****** *********** (ePHI) ** ********** ********* ******* ************* *********** *** potential ******** *********** ***** ******** **** is ***** to ****** *** the implementations of risk ********** ** *********** and ********** ****** the *** *** ********** assessment *** ******** of risk establish * foundation ** * ********* ********** ******** **** compliance **** **** ****** ** * **** ** ********* and maintain * ********* entity’s plan to ****** *** ******* ************ and integrity of ******** e-PHI ****** ************ ********** ** *********** ** * secured ****** is *** ***** of *** ******** rule ********* entities are ********* ** ******* ********** and ****** ********** ******** ** ** safe ******* reasonable ********* ******* or ******* ** *** ******** ** *** ***** **** **** **** ******** *** ******** to **** **** ***** *** ******* in ***** ************ and ** ******* ****** controls ** addressing ***** ***** and threatsThe ****** *** specification of ******** ******** *** ** ********* ** a ******* of the ********* information security ******** **** ***** **** *** ********** ** ************** ***** This ***** the **** ** *********** persons *** *** ****** **** The management ** **** ** * ******** ********* ** *** firm’s **** protection ******** *** ** *********** system; *** ********** ******** *********** ** ****** ****** *** *** deal as **** ** assets ** *** **** ******* ** ** 2017)ConclusionHIPAA *** ******* **** *** ******** ********* *** technologies **** ******* *** ********** ** *** *** but *** ****** ** ***** the **** *** ************** of this ********** began ** a *** ** **** ********* ****** *********** private *** ****** ***** does **** and **** ***** ** **** changing ******* of collecting *** ******* ******* data It ******* a ******** for ****** **** providers **** ****** **** information during ***** ******* *** everyone is ******** ** ****** *** protocols *** ** ***** but most ****** care ********* **** ***** *** the mandate regarding **** **** *** regulatory ****** ****** **** patient *********** is ******* with *** ****** **** *** ******* ********* ****** ******* *** ********* *********** *** ******* ** make **** **** *** ********* are ***** *** **** consideration *** protection ***** *** *********************** * * ******* * S ***** * Blazar * * ***** ******* * D ****** ********** ************* ** ********* ****** ************ privacy ******** and HIPAA complianceThe ******* ** **** ************ ********** * ****** Law ************* insurance *********** *** ************** *** of1996Notification * H * (2009) ****** ** *** ********* ** CFR Parts *** and ******* * (2014) *** **** cybersecurity ********** ******** *** potential ************** *********** ****