Select Page

According to a 2016 IBM threat report, 2015 was the year of health care attacks. Some notable attacks of 2015 included Anthem, Premera BlueCross, and Excellus BlueCross BlueShield. In 2016, cyber-attacks were successfully launched against more than 100 other health care facilities. One major breach against 21st Century Oncology resulted in the theft of more than 2 million patients’ records. Breaches that affect more than 500 individuals and put health information at risk are accessible to the public. You can review this in the following resource:
U. S. Department of Health and Human Services Office for Civil Rights. (n.d.). Breaches affecting 500 or more individuals . Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
IBM Security. (n.d.). Cyber security intelligence index. Retrieved from http://www-03.ibm.com/security/data-breach/cyber-security-index.html
In the following exercise you will be asked to look at a health care policy and discuss some of the steps and challenges of implementing the policy.
Read the following:
HITRUST. (2016, February). Healthcare sector cybersecurity framework implementation guide . Retrieved from https://hitrustalliance.net/documents/cybersecurity/HITRUST_Healthcare_Sector_Cybersecurity_Framework_Implementation_Guide.pdf
U. S. Government Accountability Office. (2016, August). Electronic health information: HHS needs to strengthen security and privacy guidance and oversight. GAO report 16-771. Retrieved from http://www.gao.gov/assets/680/679260.pdf
Now, respond to the following questions:
According to the Health Sector Framework Implementation Guide, what are the key elements of a cybersecurity program? Discuss some of the key steps to implementation. (Refer to Appendix G on p. 93 of Healthcare sector cybersecurity framework implementation guide, 2016 if necessary.)
Review the documents on HIPAA and the appendix of the Health Sector Guide. What is HIPAA and what are some of the challenges related to implementation? (Refer to the GAO report if needed.) Offer recommendations to strengthen the implementation of policy.