Professional Documents
Culture Documents
Csol 540 Module 6 - Jon Boucher - Assignment 6 Privacy Policy
Csol 540 Module 6 - Jon Boucher - Assignment 6 Privacy Policy
Csol 540 Module 6 - Jon Boucher - Assignment 6 Privacy Policy
The purpose of this white paper is to explain the data handling privacy policy for HIC by
highlighting three unique privacy domains. Each privacy domain is configured with certain
controls and governed by polices that adhere to specific laws and regulations. While each
privacy domain is unique, they are all hosted within the same HIC security domain. In our
network environment, a security domain is defined as the set of physical and logical resources
such as routers, file servers, FTP service, web servers, email servers, etc. (Harris, 2016)
We have one security domain which hosts four different privacy domains. The privacy
domains use virtual machines, thus providing a segmented environment. Before defining each
privacy domain, it is important to understand the applicable privacy legislation. HIC’s status as a
California based healthcare provider requires compliance with specific federal and state privacy
regulations.
[A] Electronic Communications Privacy Act of 1986 – This piece of federal legislation
prohibits unauthorized and intentional interception of wire, oral, and electronic communications
during transmission and accessing that stored wire of electronic information. (Judy, 2014)
[B] The Health Insurance Portability and Protection Act (HIPPA) Privacy Rule -
information (PHI) in multiple forms, such as paper or electronic by “covered entities.” The term
covered entities refers to organizations that might handle PHI such as health insurance carriers,
[D] California Security Breach Information Act (SB 1386) - California state law requires our
organization maintain personal information about individuals to inform those individuals if the
security of their information is compromised. The Act stipulates that if there's a security breach
of a database containing personal data, the responsible organization must notify each individual
Harris S., Maymi F (2016) All in One CISSP – Exam Guide 7th ed. New York, New York.
McGraw Hill Education.
CSOL 540 – Module 6 / Jon Boucher Assignment 6 (Privacy Policy)
Judy H. (2014). Computer Security Handbook – Privacy in Cyber Space: US and European
Perspectives. (6th ed., Vol. 1). Hoboken, NJ: Wiley. Chapter 69
Paul Brusil. (2014) Computer Security Handbook – Healthcare Security and Privacy (Chapter
71). Joh Wiley and Sons, Inc. Hoboken, New Jersey.
Privacy Rights Clearinghouse (October 2017) – “Health and Medical Privacy Laws (California
Medical Privacy Series”. Retrieved on 25 March 2017 from:
https://www.privacyrights.org/consumer-guides/health-and-medical-privacy-laws-california-
medical-privacy-series
Rouse M. (2018) Tech Target - California Security Breach Information Act (SB-1386).
Retrieved on 21 April 2018 from: https://searchcio.techtarget.com/definition/California-Security-
Breach-Information-Act