Documente Academic
Documente Profesional
Documente Cultură
Micah Geertson
CSOL 540
09/20/2019
Assignment:
Summary of Laws, Regulations, and Standards
Summary of Laws, Regulations, and Standards 2
Table of Contents
HIC, Inc. LRS Summary ............................................................................................................................ 3
Scope ............................................................................................................................................................ 3
Rules ............................................................................................................................................................. 3
Privacy ............................................................................................................................................ 3
Security ........................................................................................................................................... 3
Breach ............................................................................................................................................. 3
Special Topics .............................................................................................................................................. 3
Safeguards ................................................................................................................................................... 3
Administrative Safeguards ............................................................................................................ 4
Physical Safeguards ....................................................................................................................... 4
Technical Safeguards ..................................................................................................................... 4
PCI DSS ....................................................................................................................................................... 4
Local State Regulatory Laws ..................................................................................................................... 4
General Privacy Protection ........................................................................................................... 4
Patient’s Right to Access ............................................................................................................... 4
Breach Notifications....................................................................................................................... 4
References .................................................................................................................................................... 5
Summary of Laws, Regulations, and Standards 3
Rules
The U.S. Department of Health & Human Services (HHS) has defined three major
categories as part of the HIPAA security standard.: Privacy, Security, and Breach Notifications.
Privacy: Meant to protect the privacy of individual’s health information and govern how
Protected Health Information (PHI) is used and disclosed by the medical
insurance industry (HHS, 2003).
Security: This rule is meant to set the “national standards for protecting the
confidentiality, integrity, and availability of electronic PHI” (HHS, 2003).
Additionally, it describes who and what is protected and the necessary safeguards.
Breach Notifications: This rule is meant to ensure that “entities and their business
associates provide notifications following a breach of unsecured PHI” (HHS,
2003). This means that any unauthorized access to unprotected PHI must
immediately be reported.
Special Topics
The Health Information Technology for Economic and Clinical Health (HITECH) Act is
one of several special topics introduced by the HHS. The purpose of the HITECH Act is to
“promote the adoption and meaningful use of health information technology” and is meant to
“strengthen the civil and criminal enforcement of the HIPAA rules” (HHS, 2003). Within the
HITECH Act is a section under Subtitle D that focuses on the privacy and security concerns
associated with electronic transmission of health information.
Safeguards
Under HIPAA Security Rule guidelines, three safeguards: Administrative, Physical, and
Technical are defined to ensure appropriate protection of protected health information (HHS,
2003). The HHS Security Series documents define each category as follows:
Administrative Safeguards:
Summary of Laws, Regulations, and Standards 4
PCI DSS
In addition to protecting PHI, HIC, Inc. will need to comply with standards set forth by
PCI DSS. The PCI Security Standards Council defines this protection as being able to “secure
cardholder data that is stored, processed and/or transmitted by entities completing payment card
transactions” (PCISSC, 2016).
References
Department of Health and Human Services. (2007, March). Security Standards: Administrative
Safeguards. Retrieved from HIPPA Security Series:
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/adminsafeg
uards.pdf
Department of Health and Human Services. (2007, March). Security Standards: Physical
Safeguards. Retrieved from HIPPA Security Series:
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/physsafegua
rds.pdf
Department of Health and Human Services. (2007, March). Security Standards: Technical
Safeguards. Retrieved from HIPPA Security Series:
https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafegua
rds.pdf
PCI Security Standards Council. (2016, May). The Prioritized Approach to Pursue PCI DSS
Compliance. Retrieved from PCI Security Standards:
https://www.pcisecuritystandards.org/documents/Prioritized-Approach-for-PCI_DSS-v3_2.pdf
State of California Office of Health Information Integrity. (2019). Federal and State Health
Laws. Retrieved from https://www.chhs.ca.gov/ohii/health-laws/
U.S. Department of Health & Human Services. (2013, July 26). Breach Notification Rule .
Retrieved from Health Information Privacy: https://www.hhs.gov/hipaa/for-professionals/breach-
notification/index.html
U.S. Department of Health & Human Services. (2013, July 26). Retrieved from HITECH Act
Enforcement Interim Final Rule: https://www.hhs.gov/hipaa/for-professionals/special-
topics/hitech-act-enforcement-interim-final-rule/index.html
U.S. Department of Health & Human Services. (2013, July 26). Summary of the HIPAA
Security Rule . Retrieved from Health Information Privacy: https://www.hhs.gov/hipaa/for-
professionals/security/laws-regulations/index.html
United States Department of Health & Human Services. (2003, May). Summary of the HIPPA
Privacy Rule. Retrieved from https://www.hhs.gov/sites/default/files/privacysummary.pdf