Question

In Terms of Healthcare Infromatics:

Within your Health organization (or if you would to work in one) with regards to PKI and HIPAA, what steps, procedures, methods and security measure do you and your organization take/use when handling Patient Health records or Protected Health information within your use of Information System resources and technology/tools/Software applications (ex. Email or EMR)/devices (ex. laptops, printers, smart phones) at work? Explain in details how you and your organization handle sensitive information. Include examples of disciplinary actions your organization/department or IT security would take if any HIPAA rules had been violated or breached.

Answer 1

Answer: According to HIPAA, The Health Insurance Portability and Accountability act of 1996 it secure the knowledge and data of health organization of patients . HIPAA is divided in to these five major rules:

1. Privacy rule
2. Security rule
3. Transaction and code sets rule
4. Unique identifier rule
5. Enforcement rule

Our Organization is abiding with all the laws to secure all the information of patients health and their health record. All the conversation which take place in the organization is happen through mails, so every communication get recorded and No outside equipments as laptops, pendrive or hard disk are not allowed in the hospital premises. If anyone tries to send an email outside the hospital network, that person gets a notification and that communication is reported and can checked speprately.

No one can attach any foreign devices to the hospital laptops, not even their smart phones. If any person tries to take any information in a printed form, those all information all comes under scrutiny.

In our Hospital we have make sure to take all the measure to secure the information and to make this is a practice, we regularly inform all the employees about the protocol to be followed and what all are the practices they should abide to make sure all the information stay in system only.

In any case, if someone tries breach the law and try to take information outside hospital or use the information for any wrong practices, that individal can easily be tracked by the strong security measures and the monitored enviroment. The culprit will also get into troublle as it is a criminal offense and apporpriate measures will be taken against them accordinh to the law.