Application: Information Security Policy Document –Health Information Security policy and legislative requirements
Patient data is used in a variety of contexts by health care providers and organizations so continous monitoring of user access to authorized parts of patient information is vital to securing this PHI and ensuring confidentiality. An example of how vulnerable patient information can be is outlined in the General Hospital Security Disaster Case Study which you should read in detail. As you will see from reading the case study, General Hospital is in desperate need of an Information Security (InfoSec) Document which you have been hired to create for the hospital.
Last week we looked at goals, strategy, and roles of responsibility of information security. This week we are focusing on health information security policy and legislative requirements.
To prepare for this Application Assignment, review the assigned readings, the case study, and write a 2- to 4-page paper that describes the security policy and legislative requirements section for GH’s InfoSec Security Policy Document. In the document summarize examples of mandatory security measures and patient rights as required by the HIPAA, FISMA, and HITECH (1-2 pages). Also, explain how HIPAA and HITECH influence the Information security policy of an organization. (1-2 pages)
The cover and reference pages do not count towards the required page length for the assignment.