Scribd Logo
Upload

Welcome to Scribd!

  • Assignment

    Uploaded by

    api-561990701
    59 views4 pages
    HIC must comply with several laws and regulations regarding privacy and security of personal health information, including HIPAA, HITECH, and CCPA. HIPAA establishes privacy and security standards for protected health information. The HITECH Act enhances HIPAA by requiring breach reporting and compliance with security rules. The CCPA gives consumers control over personal information collected by businesses and requires privacy policies and protection of data. To comply, HIC must implement controls like access controls, encryption, auditing, and risk assessment programs. Non-compliance can result in fines and legal liability.

    Original Description:

    Original Title

    assignment

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    HIC must comply with several laws and regulations regarding privacy and security of personal health information, including HIPAA, HITECH, and CCPA. HIPAA establishes privacy and security standards for protected health information. The HITECH Act enhances HIPAA by requiring breach reporting and compliance with security rules. The CCPA gives consumers control over personal information collected by businesses and requires privacy policies and protection of data. To comply, HIC must implement controls like access controls, encryption, auditing, and risk assessment programs. Non-compliance can result in fines and legal liability.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    59 views4 pages

    Assignment

    Uploaded by

    api-561990701
    HIC must comply with several laws and regulations regarding privacy and security of personal health information, including HIPAA, HITECH, and CCPA. HIPAA establishes privacy and security standards for protected health information. The HITECH Act enhances HIPAA by requiring breach reporting and compliance with security rules. The CCPA gives consumers control over personal information collected by businesses and requires privacy policies and protection of data. To comply, HIC must implement controls like access controls, encryption, auditing, and risk assessment programs. Non-compliance can result in fines and legal liability.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    LAWS, REGULATIONS, AND STANDARDS 1

    Laws, Regulations, and Standards

    For

    Health Insurance Company (HIC) Inc.

    Emmylou Bice

    CSOL 540 Cyber Security Operations Policy

    University of San Diego


    LAWS, REGULATIONS, AND STANDARDS 2

    Laws, Regulations, and Standards Applicable to HIC, Inc.

    Introduction

    Health Insurance Company (HIC), Inc., stores, processes, and transmits customer related

    personally identifiable information (PII) or electronic personal health information (ePHI).

    Organization handling this type of information are required to adhere to specific data and privacy

    laws including the Health Insurance Portability and Accountability Act (HIPAA), the Health

    Information Technology for Economic and Clinical Health Act (HITECH), and the Consumer

    Privacy Act (CCPA) when in California. This paper details these acts and the security controls

    required for HIC, Inc. to be compliant.

    Health Insurance Portability and Accountability Act (HIPAA)

    The HIPAA Act of 1996 is a national security standard to protect an individual’s privacy

    with respect to health record transactions (Office for Civil Rights (OCR), 2017). This act applies

    to covered entities, including health plans, health care clearinghouses, and or any health care

    provider that stores, processes, and transmits health records (OCR, 2017). To address individual

    identifiable health information protection measures for use and disclosure, HHS published the

    Privacy Rule for physical PHI and the Security Rule for ePHI. Safeguards to comply with the

    privacy rule and security rule includes a combination of administrative, technical, and physical

    measures. For privacy, controls include shredding PHI documents and securing ePHI in cabinets

    with a lock or passcode (OCR, 2013). For security, controls include conducting a risk analysis,

    workforce security training, system access controls, auditing, and data encryption (OCR, 2013).

    Health Information Technology for Economic and Clinical Health (HITECH) Act

    The HITECH Act, passed in 2009, was developed to “promote and expand the adoption

    of health information technology” and enhance or clarify language in the HIPAA Act (HIPAA
    LAWS, REGULATIONS, AND STANDARDS 3

    Journal, n.d.). HITECH has four subtitles (A-D). The last subtitle, D, covers improving the

    privacy and security protections of ePHI (HIPAA Journal, n.d.). Security controls to satisfy the

    HITECH Act also include administrative and technical measures of implementing methods to

    detect breaches and report violations. HITECT Act redefined the HIPAA Breach Notification

    Rule in that in the event of a breach, the organization has to prove that ePHI was not disclosed to

    unauthorized individuals (HIPAA Journal, n.d.). Non-compliant organizations can face up to a

    $1.5 million fine (HIPAA Journal, n.d.).

    California Consumer Privacy Act (CCPA)

    In California, HIC, Inc. must also comply with the CCPA of 2018. The CCPA allows

    consumers to have more control over their PII and PHI that businesses collect (Office of the

    Attorney General (OAG), n.d.). Consumers have the right to know, delete, or opt-out of the sale

    or sharing of their personal information without the fear of being discriminated against (OAG,

    n.d.). To comply with this act, HIC, Inc. must establish a privacy policy and provide consumers

    with notices explaining the organization privacy practices. Additionally, HIC, Inc. must protect

    the data by implementing Role-Based Access Controls (RBAC), archiving stale PHI/ePHI, and

    developing a program to monitor threats and assess the overall security risks (Green, 2020).

    Conclusion

    As a health insurance company that handles sensitive information relating to client’s

    personal identity and health, HIC, Inc. is subject to comply with many government and state

    laws, regulations, and standards. This report covers a few of these, including the HIPAA,

    HITECH and CCPA Acts. HIC, Inc. must do their due diligence and thoroughly research and

    implement security safeguards for all applicable laws, regulations, and standards to avoid

    detrimental impacts to the organization and business operations.


    LAWS, REGULATIONS, AND STANDARDS 4

    References

    Green, A. (2020, June 17). California Consumer Privacy Act (CCPA) Compliance Guide From

    https://www.varonis.com/blog/california-consumer-privacy-act-ccpa/

    HIPAA Journal. (n.d.). What is the HITECH Act? From https://www.hipaajournal.com/what-is-

    the-hitech-act/

    Office for Civil Rights (OCR). (2013, July 26). Summary of the HIPAA Privacy Rule. From

    https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html?

    language=es

    Office for Civil Rights (OCR). (2013, July 26). Summary of the HIPAA Security Rule. From

    https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html?

    language=es

    Office for Civil Rights (OCR). (2017, June 16). HIPAA for Professionals. From

    https://www.hhs.gov/hipaa/for-professionals/index.html

    Office of the Attorney General (OAG). (n.d.). California Consumer Privacy Act (CCPA). From

    https://oag.ca.gov/privacy/ccpa

    You might also like