Final Paper
ajay1503
SafeAssignOriginalityReport.pdf
11/27/19, 4:37 AMSafeAssign Originality Report
Page 1 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
2348.2349.202010-COMBINED-FULLTERM - FALL 2019 - LEGAL REG, COMPLIANCE, INVEST (ISOL-633-22) (ISOL-633-23) - COMBINED - FULL TERM
Final research paper Sai Abhishek Somagouni on Tue, Nov 26 2019, 2:52 PM
35% highest match Submission ID: 2cb1f99c-0a58-43aa-857e-eb5c37543a2c
Citations (8/8)
Running head: FINAL RESEARCH PAPER 2
Word Count: 2,177
Attachment ID: 2387595516
Final research paper.docx
35%
1 Another student's paper
2 Another student's paper
3 Another student's paper
4 Another student's paper
5 Another student's paper
6 Another student's paper
7 Another student's paper
8 Another student's paper
11/27/19, 4:37 AMSafeAssign Originality Report
Page 2 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
FINAL RESEARCH PAPER 2
College: 1 UNIVERSITY OF CUMBERLAND’S
Professor: Dr. Jason Hutcheson
Name: 2 SAI ABHISHEK SOMAGOUNI
Subject: ISOL633 – Legal Regulations, Compliance, and Investigations.
Date: 3 11/26/2019.
2 INFLUENCE OF HIPAA ON INFORMATION SECURITY GOVERNANCE
Introduction
Good health is the most desired status in life by all human beings around the world. As such, almost everybody in society has been to a medical facility to ascertain their health status. The best way for medical practitioners to keep track of health status for individual patients is through keeping health records for future reference. It follows that health records are the most sensitive pieces of information about anybody and everybody. For this reason, it is very important to ensure that health records are protected to avoid compromising the health status of individuals in society, (Hassan, et.al., 2017).
Granting access to unauthorized persons could be devastating to society. With technology advancement and development at its prime, individuals have become more aware of security risks concerning their health records. Technology has made it possible for unauthorized persons to access and compromise health records in various databases, (Anderson, 2019). 2 FOR THIS REASON, CONGRESS FORMULATED THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
11/27/19, 4:37 AMSafeAssign Originality Report
Page 3 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
(HIPAA) IN 1996. This Act defines confidential and sensitive health records as Protected Health Information (PHI). The Act also outlines the requirements for information security that must be met to ensure that health records are not compromised.
In modern-day society, information security has become a very important aspect of life especially with the development of computing and other digital technology. The number of data breaches reported in each year has been soaring up in each year as a result of hacking activities. The health sector has significantly been affected by such acts that pose security threats to all patients. Information security now comes in to safeguard confidential information. However, for information security managers to effectively safeguard confidential and sensitive information, they must rely on HIPAA guidelines to operate within the law, (Lorence & Churchill, 2005).
HIPAA influences the governance of security information such that policies formulated must be consistent with the Act. This Act is concerned with the privacy and confidentiality of patients’ health records, simplified administration, and management of data, insurance portability, and the security of all health records in various databases. All the organizations that deal with protected health information (PHI) are required to have process security, physical and network measures to ensure compliance with HIPAA requirements, (Newman & Kreick, 2015). All the stakeholders involved in the healthcare sector are required to comply with all HIPAA requirements. Failure to comply results in legal consequences to the business entities concerned.
Literature Review
Over the years, research has been conducted to identify the relationship between HIPAA and information security. Research findings indicate that HIPAA requirements significantly influence the governance of information security, especially in this digital
11/27/19, 4:37 AMSafeAssign Originality Report
Page 4 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
era. Professionals in the information security sector are required to comply with all the requirements outlined in the HIPAA Act. Rules concerning the security and privacy of personal health records have been put in place. Consequently, HIPAA is concerned with protecting health information records while at the same time allowing stakeholders, especially caregivers, to acquire modern technology, (Noyes, 2011). The world has significantly embraced technological innovations such that every aspect of life is currently utilizing technology. Case in point, medical institutions are now using digitized databases to record and store patients’ information. HIPAA does not limit the acquisition of technology by stakeholders but rather regulates the process to ensure that health records are safe.
Anderson (2019) conducted qualitative research to identify how HIPAA rules were implemented in cases of data breach in the health sector. In his research, Anderson captures how patients incur the cost of a data breach, together with having to deal with compromised confidentiality. HIPAA rules do not give clear guidelines to be followed in the event that information security is not well implemented resulting in a breach. Patients whose data has been compromised should not be subjected to extra costs due to a breach in the databases, (Anderson, 2019). If anything, the patients should be compensated and protected in a better way since a data breach exposes them to more danger. Such as so, HIPAA rules and compliance requirements should demand that stakeholders, especially information security managers, bear the cost of data breaches rather than extending this cost to patients.
In a different research, Antoniou (2018) looks into the frameworks for governing information security and the applicability of INFOSECS to various organizations. The research conducted to validate a framework developed for information security governance. Information security in the health sector is not only a technical issue that can only be handled by IT experts but also a corporate issue for many organizations, (Antoniou, 2018). Such as so, this is a critical issue that should be addressed by senior
11/27/19, 4:37 AMSafeAssign Originality Report
Page 5 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
executive managers in the corporate world. INFOSEC should, therefore, be implemented and effectively enforced across all departments within various organizations. HIPAA is among the legislations that have prompted corporate organizations to focus on improving accountability concerning information security, (Antoniou, 2018). Large corporations, especially in the health sector, consider compliance with HIPAA rules and requirements as an indicator of good corporate governance. Corporate managers have undertaken the duty of ensuring that their organizations comply with HIPAA requirements. This means that Information Security has become part of the core concerns for many organizations as a result of the HIPAA requirements.
Karasz, Eiden, & Bogan (2013) researched the impact of HIPAA security rules on general practice in the health sector. In this digital era, text messages are a common tool of communication in the health sector. Messages can easily be customized to address the specific needs of a particular client and relay accurate information. Text messages are also less time consuming and more cost-effective as a way of communication. However, the use of text messages to relay health information is limited due to the existing rules and laws governing and protecting electronic health records, (Karasz, Eiden, & Bogan, 2013). HIPAA was drafted to account for modern technologies that are applicable in the health sector especially in relaying health information. The requirements outlined by HIPAA make it difficult to draft text messaging policies as a viable way of communicating and sharing health records. The only way through which text messages can be effective for communication in the health sector is either through: removal of personal health records or relaying limited details carefully selected and analyzed for possible risks of a breach, (Karasz, Eiden, & Bogan, 2013).
Newman & Kreick (2015) conducted qualitative research to identify the impact of HIPAA and its compliance requirements on wearable technology in modern-day society. Wearable technology is all about digital devices programmed to assess and record the health status of any person who used the technology. As such, the devices enable people
11/27/19, 4:37 AMSafeAssign Originality Report
Page 6 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
to be more informed and constantly aware of their health conditions. The technology captures changes in body temperatures, heart and pulse rates, and stores this information in digital applications, (Newman & Kreick, 2015). Devices purchased by individual consumers t track their health status are now required to also comply with HIPAA requirements. For this reason, society is disadvantages because individual technology consumers find it unreasonable to ensure HIPAA compliance. This is because many people say they are responsible for sharing personal health records with their healthcare providers, (Newman & Kreick, 2015).
Analysis of Existing Research Findings
HIPAA requirements and other legislations enacted to support this Act significantly influence the governance of information security. Almost every aspect of life is dependent on technology in the current digital era. The health sector has in many ways benefitted from the technological advances and developments made in the world. For instance, health informatics, a product of modern technology, has significantly enhanced service delivery in the healthcare sector, (Karasz, Eiden, & Bogan, 2013). As much as technology is being celebrated, the increasing issues concerning information security are an indicator that things are not well. Sensitive and confidential is now more than ever at a greater risk of being compromised, (Yang, et.al., 2016). For this reason, the HIPAA requirements are enforced across all sectors concerned with patient’s information. The main purpose of HIPAA is to ensure that patients are not exposed to health risks as a result of inappropriate information security measures. HIPAA requirements do not only provide an outline for implementing information security governance but also safeguard information from being accessed by unauthorized persons.
Research Gaps
Over the years, research has been conducted to establish the relationship between
11/27/19, 4:37 AMSafeAssign Originality Report
Page 7 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
HIPAA requirements and governance of information security. Many researchers have found that HIPAA influences how information security policies are formulated and implemented. The majority of corporate entities are much concerned with compliance with HIPAA requirements to avoid legal consequences, (Antoniou, 2018). Despite the extensive research covered in this area, very little has been done about how HIPAA has affected service delivery among corporations. Does HIPAA trigger a better commitment to service delivery or does the Act negatively affect service delivery? This is just but one of the questions that future research should focus on.
Conclusion
2 IN CONCLUSION, RESEARCH FINDINGS INDICATE THAT HIPAA HAS A SIGNIFICANT INFLUENCE ON INFORMATION SECURITY GOVERNANCE. Since the Act was legislated by Congress in 1996, numerous changes have been witnessed in the INFOSEC area. Individuals have since then been very much aware of the information security risks that could compromise personal health records. In today’s society, individuals are very cautious about who and how they share personal information about health conditions, (LIdster & Rahman, 2018). HIPAA has triggered a revitalized approach to information security governance. Corporate leaders are much focused on compliance with the HIPAA requirements while at the same time on service delivery. As such, the level of information security has significantly improved as a result of HIPAA implementation. However, the Act has also had some negative impact on information security. For instance, individual tech-consumers are being subjected to similar compliance requirements as those outlined for big corporations. Utilizing wearable technology to promote health is limited by some of the HIPAA compliance requirements, (Newman & Kreick, 2015). Furthermore, effective communication tools such as text messages have been subjected to scrutiny and harsh conditions for them to be applicable in the health sector. All factors considered; health is more important than any other thing in the world. Therefore, the influence of HIPAA on information security
11/27/19, 4:37 AMSafeAssign Originality Report
Page 8 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
governance should be considered a blessing rather than a challenge, (Toapanta et.al., 2018).
References
Anderson, C. L. (2019). 2 DATA BREACHES AND ELECTRONIC PERSONAL HEALTH INFORMATION (EPHI): WHAT IS INJURY-IN-FACT AND DOES HIPAA SET A NEGLIGENCE STANDARD OF CARE? JOURNAL OF LEGAL MEDICINE, 39(3), 263-277. 4 RETRIEVED FROM HTTPS://DOI.ORG/10.1080/01947648.2019.1653695
Antoniou, G. S. (2018, April). A Framework for the Governance of Information Security: Can it be Used in an Organization. In SoutheastCon 2018 (pp. 1-30). IEEE. 5 RETRIEVED FROM HTTPS://IEEEXPLORE.IEEE.ORG/ABSTRACT/DOCUMENT/8479032
Hassan, N. H., Maarop, N., Ismail, Z., & Abidin, W. Z. (2017, July). Information security culture in health informatics environment: A qualitative approach. 6 IN 2017 INTERNATIONAL CONFERENCE ON RESEARCH AND INNOVATION IN INFORMATION SYSTEMS (ICRIIS) (PP. 1-6). IEEE. Retrieved from https://www.semanticscholar.org/paper/Information-security-culture-in-health- informatics-Hassan-Maarop/53de9e8d10dc1f0d934ac2f6e472671c046a3e71
Karasz, H. 2 N., EIDEN, A., & BOGAN, S. (2013). 2 TEXT MESSAGING TO COMMUNICATE WITH PUBLIC HEALTH AUDIENCES: HOW THE HIPAA SECURITY RULE AFFECTS PRACTICE. AMERICAN JOURNAL OF PUBLIC HEALTH, 103(4), 617-622. 7 RETRIEVED FROM HTTPS://AJPH.APHAPUBLICATIONS.ORG/DOI/ABS/10.2105/AJPH.2012. 300999
11/27/19, 4:37 AMSafeAssign Originality Report
Page 9 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2c…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
LIdster, W., & Rahman, S. S. (2018, August). Obstacles to Implementation of Information Security Governance. 8 IN 2018 17TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS/12TH IEEE INTERNATIONAL CONFERENCE ON BIG DATA SCIENCE AND ENGINEERING (TRUSTCOM/BIGDATASE) (PP. 1826- 1831). IEEE. Retrieved from https://www.semanticscholar.org/paper/Obstacles-to- Implementation-of-Information-Security-LIdster- Rahman/c1995b8e0daa07e970972a898602acc407cb99d3
Lorence, D. 2 P., & CHURCHILL, R. (2005). 2 INCREMENTAL ADOPTION OF INFORMATION SECURITY IN HEALTHCARE ORGANIZATIONS: IMPLICATIONS FOR DOCUMENT MANAGEMENT. IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE, 9(2), 169-173. doi: 2 10.1109/TITB.2005.847137.
Newman, T. & Kreick, J. (2015). 2 THE IMPACT OF HIPAA ON WEARABLE TECHNOLOGY. 18 SMU SCI. & Tech. L. Rev. 429. 2 RETRIEVED FROM HTTPS://SCHOLAR.SMU.EDU/CGI/VIEWCONTENT.CGI? ARTICLE=1027&CONTEXT= SCITECH
Noyes, C. (July,2011). 2 INFORMATION SECURITY POLICIES AND GOVERNANCE TO SAFEGUARD PROTECTED HEALTH INFORMATION. RETRIEVED ON NOV 1,2019 FROM HTTPS://PDFS.SEMANTICSCHOLAR.ORG/BC4D/9E5EA7AD36655A5B74D 2F257ED638240BBC2.PDF
Toapanta, S. M. 2 T., PAREDES, S. J. 2 M., GALLEGOS, L. E. 2 M., & TREJO, J. A. O. (2018, July). 2 ANALYSIS OF HIPAA FOR ADOPT IN THE INFORMATION SECURITY IN THE CIVIL REGISTRY OF THE ECUADOR.
11/27/19, 4:37 AMSafeAssign Originality Report
Page 10 of 10https://ucumberlands.blackboard.com/webapps/mdb-sa-BB5a31b16bb2…eb5c37543a2c&course_id=_112114_1&includeDeleted=true&force=true
IN 2018 INTERNATIONAL CONFERENCE ON COMPUTER, INFORMATION AND TELECOMMUNICATION SYSTEMS (CITS) (PP. 1-5). 5 IEEE RETRIEVED FROM HTTPS://IEEEXPLORE.IEEE.ORG/ABSTRACT/DOCUMENT/8440156
Yang, T. 2 H., KU, C. Y., & LIU, M. N. (2016). 2 AN INTEGRATED SYSTEM FOR INFORMATION SECURITY MANAGEMENT WITH THE UNIFIED FRAMEWORK. JOURNAL OF RISK RESEARCH, 19(1), 21-41. 1 RETRIEVED FROM HTTPS://WWW.TANDFONLINE.COM/DOI/ABS/10.1080/13669877.2014.94 0593
