In: Computer Science
Discuss in 500 words or more, the reasons for Safe Harbor under the HIPAA rules for database security.
Use at least three sources. Include at least 3 quotes from your sources enclosed in quotation marks and cited in-line by reference to your reference list. Cite your sources. Do not copy. Write in essay format not in bulleted, numbered or other list format.
HIPAA stands for Health Insurance Portability and Accountability Act. And HIPAA privacy rule is also is ultimately a topic in civil rights. It mandates data protection on anyone who creates, stores and uses "individuality identifiable health information". This rule is affirming each individual right over the health information. It is the office of civil rights or the OCR who investigates violations. But a lot of that data now sits on the endpoints spread around the globe, so PHI has become unbounded. It resides local drives, cloud storage, apps like Dropbox and Google Drive. And the biggest thing is USB keys. To protect data in this mutating attack surface healthcare IT and security teams are returning the fundamental 5 steps they are SECURITY POSTURE,SECURITY POLICY, SECURITY MODELLING,SECURITY MONITORING,SECURITY INVESTIGATIONS. And it all starts with visibility. Visibility helps mitigate risks, because we have asset intelligence and are able to persist endpoint hygiene. There are three safeguard buckets Administrative, Physical and Technical. Administrative safeguards create an atmosphere where data protection is just woven into the day to day operation. Physical safeguards are observable and tangible garrison's for PHI. like locked room, server cages etc. In technical safeguards where technology itself gets presses into service to shield our most valuable data. Access controls enable users to get minimum necessary to prevent unauthorized access to PHI. Audit controls are the hardware software and procedures that examines system to validate those defenses. Integrity control helps to make sure that health data is never altered or destroy in unauthorized way. HITRUST is the greatest hits collector, distilling a framework from several great artist. And it comes with 13 categories that we can bundled into 3 chunks- USER SECURITY, ASSET SECURITY and DATA SECURITY. When it comes to user security it provides policy guidance that spends the user's lifecycle. Asset security looks similar to other frameworks. It starts with asset intelligence. data security controls include validating data integrity by looking at inputs and outputs and monitoring data protection to spot problems mitigate risks. Virus, trojans and worms are also responsible for this. and DoS attack is seen here.