|Assignment ID Number||AFFGEHU83939HD|
|Type of Document||Essay|
|Number of Pages||10 Pages|
This assignment consists of two (2) sections: a written paper and a PowerPoint presentation. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for.
Health Information Technology (HIT) is a growing field within health services organizations today; additionally, health information security is a major concern among health organizations, as they are required to maintain the security and privacy of health information. The Department of Health and Human Services (HHS) provides extensive information about the Health Insurance Portability and Accountability Act (HIPAA). Visit the HHS Website, at www.hhs.gov/ocr/privacy, for more information about HIPAA requirements. In March 2012, the HHS settled a HIPAA case with the Blue Cross Blue Shield of Tennessee (BCBST) for $1.5 million. Read more about this case at www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/bcbstagrmnt.html. As an IT security manager at a regional health services organization, your CIO has asked for the following: an analysis of this incident, an overview of the HIPAA security requirements necessary to prevent this type of an incident, and a briefing for management on the minimum security requirements to be HIPAA complaint.
Section1: Written Paper
1. Write a three to five (3-5) page paper in which you:
a. Describe the security issues of BCBST in regard to confidentiality, integrity, availability, and privacy based on the information provided in the BCBST case.
b. Describe the HIPPA security requirement that could have prevented each security issue identified if it had been enforced.
c. Analyze the corrective actions taken by BCBST that were efficient and those that were not adequate.
d. Analyze the security issues and the HIPAA security requirements and describe the safeguards that the organization needs to implement in order to mitigate the security risks. Ensure that you describe the safeguards in terms of administrative, technical, and physical safeguards.
e. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your written paper must follow these formatting requirements:
This course requires use of new Student Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.
Include a cover page containing the title of the assignment, the students name, the professors name, the course title, and the date. The cover page and the source list are not included in the required page length.
Section 2: PowerPoint Presentation
2. Create a six to eight (6-8) slide PowerPoint presentation in which you:
a. Provide the following on the main body slides:
i. An overview of the security issues at BCBST
ii. HIPAA security requirements that could have prevented the incident
iii. Positive and negative corrective actions taken by BCBST
iv. Safeguards needed to mitigate the security risks
Your PowerPoint presentation must follow these formatting requirements:
Include a title slide, four to six (4-6) main body slides, and a conclusion slide.
The specific course learning outcomes associated with this assignment are:
Summarize the legal aspects of the information security triad: availability, integrity, and confidentiality.
Use technology and information resources to research legal issues in information security.
Write clearly and concisely about information security legal issues and topics using proper writing mechanics and technical style conventions.
|Criteria||0 – 1 Points||2 – 3 Point||4 – 5 Points||Total|
|Professional communication||Unprofessional communication; many errors; no APA||Minor grammar, spelling, and APA errors||Postings are professional and in standard written English with APA|
|Complete addressing of assessment criteria||Criteria not fully addressed||Minimal response to criteria; minor aspects missing||All criteria are fully addressed|
|Evidence of critical thinking or extending information||Critical thinking or extending information not evident||Obvious responses to questions; little thought evident||Posts demonstrate critical thinking with evidence base from research or experience|
|Course connections.||No connections provided||Minimal connections provided to readings/activities||Clear connections to readings/activities|
|Submitted an overview / summary of the case selected for analysis. Also identified those procedural steps to be analyzed.||Did not provide an adequate overview or summary of the selected case or failed to identify those steps to be analyzed.||Provides an adequate overview or summary of the selected case and steps to be analyzed though may not be clear or complete.||Case overview is clearly presented including all appropriate investigative steps to be analyzed.|