Critical Analysis HIPAA (Health Insurance Portability and Accountability Act), writing homework help

QUALITYWRITERS.ORG is the ideal place for homework help. If you are looking for affordable, custom-written, high-quality and non-plagiarized papers, your student life just became easier with us. Click the button below to place your order.

Order a Similar Paper Order a Different Paper

HIPAA (Health Insurance Portability and Accountability Act) was created in 1996 to protect the privacy of patient’s health information. “To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule” (“Summary of the HIPAA Security Rule”, 2016). The HIPAA Privacy Rule was established to protect patient’s medical records and other information such as health plans, health care, and health care transactions that are transmitted electronically. The HIPAA Security Rule “establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity” (“Summary of the HIPAA Security Rule”, 2016)

Maintaining HIPAA’s rule a regulations will allow patients to keep all personally identifiable information secure. The patient will be able to tell the provider who they allow to have access to the medical information. HIPAA prevents inappropriate use of patient information as well as protecting the patients medically history. It is against HIPAA regulations that anyone is to discuss patient information outside of the office and can be used against an individual in regards to allegations of information being given out. A patient should always make sure they are aware of all the rights they have under the HIPAA laws. Knowledge of these rules will help to make sure that the patient’s information is being rightfully handled.

HIPAA is an ever-evolving act; with the amount of change in the medical field with going electronic it is important to include all routes of possible information usage. Whether it is online, over the phone, or face to face. Making sure that all employees are aware of these types of rule within HIPAA’s regulations will allow for a smooth transition in whichever stage the medical facility is at. The number one rule that the patient should now is that no matter what they always have the right to their medical records. The only catch is that some offices might charge for these records but they can never be denied. “ A major goal of the security rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care” (“Summary of the HIPAA Security Rule”, 2016)

HIPAA. (2016). Retrieved 31 October 2016, from

Summary of the HIPAA Security Rule. (2016). Retrieved 31 October 2016, from

Why is HIPAA important?. (2016). Retrieved 31 October 2016, from

2. PCI-DSS (credit card and transaction information)

Credit cards and transaction information is very important to protect, we must have systems in place to support our clients personal information. To do this the company must have things like firewalls, wireless Lan’s, along with network security protocols in place.We can acheive this by using Payment Card Industry (PCI) Compliance. Credit card data is sensitive, it contains things like social security information, addresses, phones numbers, and peoples purchasing information.

The PCI Compliance regulation is designed to be implemented by organizations which process transactions made through these credit or debit card types, and severe penalties may be imposed on businesses which suffer a security breach as a result of lack of compliance to the PCI standard (Acunetix).

If your company stores, processes and transmits information that is stored on a credit card and debit card, then the rules of the PCI DSS must be adhered to, or your company can face fines. Also your company can face suspension or expulsion from card processing networks.

If a compromise took place and it was obvious that you were not, and have never been compliant, the matter would be taken very seriously by all the major payment brands (Focus on PCI).

Maintain a Secure Network and Systems: I recommend Installing and maintain a firewall configuration to protect cardholder data, remember to change vendor-supplied defaults for systems passwords and other security parameters.

Store Cardholder Data: Encrypt transmission of cardholder data across open, public networks.

Management: malware protection, and regularly update anti-virus security software. Secure systems and applications have to be maintain.

Access control: Use separation of duties to restrict cardholder data access. Use identify and authentication access rules. A password alone should not be enough to verify the administrator’s identity and grant access to sensitive information (Tara Seal 2016)

These are some policies that the IT department can begin to implement.


PCI Compliance (PCI DSS) – Securing Both Merchant and Customer Data.Acunetix

Top 10 Misconceptions About PCI. Focus on PCI.

Tara Seal (2016) PCI Standard Adds Multi-factor Authentication. Infosecurity

Got stuck with a writing task? We can help! Use our paper writing service to score better grades and meet your deadlines.

Get 15% discount for your first order

Order a Similar Paper Order a Different Paper