Professional Documents
Culture Documents
Assignment
Assignment
For
Emmylou Bice
Introduction
Health Insurance Company (HIC), Inc., stores, processes, and transmits customer related
Organization handling this type of information are required to adhere to specific data and privacy
laws including the Health Insurance Portability and Accountability Act (HIPAA), the Health
Information Technology for Economic and Clinical Health Act (HITECH), and the Consumer
Privacy Act (CCPA) when in California. This paper details these acts and the security controls
The HIPAA Act of 1996 is a national security standard to protect an individual’s privacy
with respect to health record transactions (Office for Civil Rights (OCR), 2017). This act applies
to covered entities, including health plans, health care clearinghouses, and or any health care
provider that stores, processes, and transmits health records (OCR, 2017). To address individual
identifiable health information protection measures for use and disclosure, HHS published the
Privacy Rule for physical PHI and the Security Rule for ePHI. Safeguards to comply with the
privacy rule and security rule includes a combination of administrative, technical, and physical
measures. For privacy, controls include shredding PHI documents and securing ePHI in cabinets
with a lock or passcode (OCR, 2013). For security, controls include conducting a risk analysis,
workforce security training, system access controls, auditing, and data encryption (OCR, 2013).
Health Information Technology for Economic and Clinical Health (HITECH) Act
The HITECH Act, passed in 2009, was developed to “promote and expand the adoption
of health information technology” and enhance or clarify language in the HIPAA Act (HIPAA
LAWS, REGULATIONS, AND STANDARDS 3
Journal, n.d.). HITECH has four subtitles (A-D). The last subtitle, D, covers improving the
privacy and security protections of ePHI (HIPAA Journal, n.d.). Security controls to satisfy the
HITECH Act also include administrative and technical measures of implementing methods to
detect breaches and report violations. HITECT Act redefined the HIPAA Breach Notification
Rule in that in the event of a breach, the organization has to prove that ePHI was not disclosed to
In California, HIC, Inc. must also comply with the CCPA of 2018. The CCPA allows
consumers to have more control over their PII and PHI that businesses collect (Office of the
Attorney General (OAG), n.d.). Consumers have the right to know, delete, or opt-out of the sale
or sharing of their personal information without the fear of being discriminated against (OAG,
n.d.). To comply with this act, HIC, Inc. must establish a privacy policy and provide consumers
with notices explaining the organization privacy practices. Additionally, HIC, Inc. must protect
the data by implementing Role-Based Access Controls (RBAC), archiving stale PHI/ePHI, and
developing a program to monitor threats and assess the overall security risks (Green, 2020).
Conclusion
personal identity and health, HIC, Inc. is subject to comply with many government and state
laws, regulations, and standards. This report covers a few of these, including the HIPAA,
HITECH and CCPA Acts. HIC, Inc. must do their due diligence and thoroughly research and
implement security safeguards for all applicable laws, regulations, and standards to avoid
References
Green, A. (2020, June 17). California Consumer Privacy Act (CCPA) Compliance Guide From
https://www.varonis.com/blog/california-consumer-privacy-act-ccpa/
the-hitech-act/
Office for Civil Rights (OCR). (2013, July 26). Summary of the HIPAA Privacy Rule. From
https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html?
language=es
Office for Civil Rights (OCR). (2013, July 26). Summary of the HIPAA Security Rule. From
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html?
language=es
Office for Civil Rights (OCR). (2017, June 16). HIPAA for Professionals. From
https://www.hhs.gov/hipaa/for-professionals/index.html
Office of the Attorney General (OAG). (n.d.). California Consumer Privacy Act (CCPA). From
https://oag.ca.gov/privacy/ccpa