Preview

Heart-Healthy Insurance Information Security Policy: Case Study

Better Essays
Open Document
Open Document
1344 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Heart-Healthy Insurance Information Security Policy: Case Study
Study on Heart-Healthy Insurance Information Security Policy
Shijo Philip
Western Governers University

Heart-Healthy is a large health insurance company. It is often necessary to review and revise information security policies of the company to meet with updated policy changes, system changes, personal changes and audits. Information security professionals are responsible for ensuring the security policy in the company, checking in compliance with current information security laws and regulations. The report says that the manager of security analyst team being asked to review and provide recommendations for the changes to the company’s information security policy. The review is focused on to ensure that the policy is …show more content…
Also, documentation of everything undergone with the accounts is required. Documenting the account details is also compliance with FISMA and HIPAA standards.

Password Requirements and Justification.
The current password requirements section of the policy states that “Passwords must be at least eight characters long and contain a combination of upper- and lowercase letters. Shared passwords are not permitted on any system that contains patient information. When resetting a password, users cannot reuse any of the previous six passwords that were used. Users entering an incorrect password more than three times will be locked out for at least 15 minutes before the password can be reset.”

There are multiple strategies followed for password policy implementation. Combination of password is one which has at least eight characters, should have upper and lower case letters, need to include alpha and numeric characters. The account administrator will assign a default password for first time. The user can save a new password for First time …show more content…
The system will enable the insurance company to be in compliance with all the four standards of information security. The company can work more efficiently with more quality in service.

References:
(Wikipedia) User Account Policy. Retrieved from http://en.wikipedia.org/wiki/User_account_policy
(May 2003). SUMMARY OF THE HIPAA PRIVACY RULE. HIPAA Compliance Assistance, 05/03, 3-15. Retrieved from https://www.pcisecuritystandards.org/security_standards/documents.php
(November 2013). Requirements and Security Assessment Procedures. Payment Card Industry (PCI) Data Security Standard, Version 3.0, 61-72. Retrieved from https://www.pcisecuritystandards.org/security_standards/documents.php
Lummis, J. (November 2009). GLBA Information Security Program. Retrieved from http://policies.gatech.edu/glba-information-security-program
(Cyberlaw, Portfolio(June28, 2014). Portfolio: Heart-Healthy IIS Policy. Retrieved from
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    PCI DSS and the seven domains
    • 565 Words
    • 2 Pages

    PCI DSS and the seven domains

    -Policy will be implemented to document all security policies and operation policy to secure cardholder data that will be stored in company database. (System/Application Domain & LAN Domain & Remote Access Domain)…

    • 565 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Unit 2 Tft2 Task 1 Heart-Healthy Insurance Information Security Policy
    • 188 Words
    • 1 Page

    Unit 2 Tft2 Task 1 Heart-Healthy Insurance Information Security Policy

    In accordance with HIPAA Standard § 164.312(a)(1) (Access Control), all users shall have a unique name or number for identifying and tracking user identity. Passwords must be at a minimum of 8 characters in length with a combination of upper and lowercase letters, and at least…

    • 188 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    NT2580
    • 331 Words
    • 2 Pages

    NT2580

    Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities.…

    • 331 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Project part 6
    • 406 Words
    • 2 Pages

    Project part 6

    PCI DSS stands for Payment Card Industry Data Security Standard. PCI DSS originally began as five different programs: Visa, MasterCard, American Express, Discover and JCB data security programs. Each company creates an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process and transmit cardholder data. PCI DSS specifies 12 requirements for compliance, organized into six logically related groups called control objectives. Each version of PCI DSS has divided these 12 requirements into a number of sub-requirements differently, but the 12 high level requirements have not changed since the inception standard. The control objectives are Build and maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy. The requirements for compliance are, install and maintain a firewall configuration to protect card holder data, do not use vendor-supplied defaults for system passwords and other security parameters, protect stored cardholder data, encrypt transmission of cardholder data across open public networks, use and regularly update anti-virus software on all systems commonly affected by malware, develop and maintain secure systems and applications, restrict access to cardholder data by business need-to-know, assign a unique ID to each person with computer access, restrict…

    • 406 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    Wk 5 Alt Assign
    • 384 Words
    • 2 Pages

    Wk 5 Alt Assign

    It is important for our company to have security and control policies in place to protect valuable information. This information has tremendous value and therefore there can be grave consequences if they are lost, destroyed, or wind up in the wrong hands. Also, inadequate security and control can result in legal liabilities. Not only are we protecting our own information assets, but also those of our customers, employees, and business partners. Failure to comply in this matter can open our company to litigation matters due to data exposure and/or theft.…

    • 384 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Powerful Essays

    Ethical Considerations (HIPAA) For Workers Compensation
    • 81 Words
    • 1 Page

    Ethical Considerations (HIPAA) For Workers Compensation

    HIPAA allows patients’ health information to be disclosed under some circumstances, such as 1) to meet law requirements; 2) for reporting of abuse, neglect, and domestic violence; 3) for monitoring of healthcare operations; 4) to be presented as evidence in legal proceedings; 5) for assistance with police investigation; 6) for medical examinations and funerals; 7) for organ donation; 8) for research; 9) to avoid a significant threat to health or safety; 10) for workers’ compensation payments; 11) to execute government…

    • 81 Words
    • 1 Page
    Powerful Essays
    Read More
  • Powerful Essays

    Hrm/531 Week 1
    • 2047 Words
    • 9 Pages

    Hrm/531 Week 1

    Training sessions will be organized for all employees at least once a year to refresh their knowledge of privacy and security in compliance to with Health Insurance Portability and Accountability Act (HIPAA) rules. HIPAA Privacy and Security Rule set a national standard for the security and privacy of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule. The US Department of Health and Human Services (2010) stated, “the Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization” (¶…

    • 2047 Words
    • 9 Pages
    Powerful Essays
    Read More
  • Better Essays

    Stolen Health Information Case Study: Overview of the HIPAA Rule
    • 1103 Words
    • 5 Pages

    Stolen Health Information Case Study: Overview of the HIPAA Rule

    A patient’s right to privacy is one of the most important and protected elements of healthcare today. Patient health information is protected by the Health Insurance Portability and Accountability Act (HIPAA) and even more so by the HIPAA Privacy Rule. “The HIPAA Privacy Rule is a key federal law governing the privacy and confidentiality of patient information.” (Brodnik, Rinehart-Thompson, Reynolds. 2012 pg. 215.) The law governing patient privacy has two goals, “to provide an individual with greater rights with respect to his or her health information” and “to provide greater privacy protections for one’s health information, which serves to limit access by others.” (Brodnik, Rinehart-Thompson, Reynolds. 2012 pg. 215)…

    • 1103 Words
    • 5 Pages
    Better Essays
    Read More
  • Powerful Essays

    Hipaa Privacy Rule
    • 2356 Words
    • 10 Pages

    Hipaa Privacy Rule

    United States Department of Health and Human Services. (2003). OCR Privacy Brief: Summary of the HIPAA Privacy Rule. Retrieved from www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacy summary.PDF…

    • 2356 Words
    • 10 Pages
    Powerful Essays
    Read More
  • Good Essays

    Health Information Management
    • 598 Words
    • 3 Pages

    Health Information Management

    “Health Information Privacy” United States Department of Health & Human Services. 13 Nov. 2010 <http://hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.htlm>.…

    • 598 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Assignment: Releasing Protected Health Information
    • 818 Words
    • 4 Pages

    Assignment: Releasing Protected Health Information

    References: Privacy Rights Clearinghouse. (2003-2011). (PRC, 2011, p3) Retrieved February 19th, 2011, from Fact Sheet 8a: HIPAA Basics: Medical Privacy in the Electronic age: http://www.privacyrights.org/fs/fs8a-hipaa.htm…

    • 818 Words
    • 4 Pages
    Good Essays
    Read More
  • Powerful Essays

    Hipaa Privacy Rule
    • 1821 Words
    • 8 Pages

    Hipaa Privacy Rule

    The wisdom of the HIPAA Privacy Rules was to create national standards to protect the…

    • 1821 Words
    • 8 Pages
    Powerful Essays
    Read More
  • Good Essays

    Health Insurance Portability and Accountability Act and Information
    • 793 Words
    • 4 Pages

    Health Insurance Portability and Accountability Act and Information

    The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 to safeguard medical information. Records previously were usually kept in file cabinets and were basically not protected. With the introduction of electronically transferring medical data, it became important to secure this information. HIPAA ensures how, when, where, and to whom this medical information can be distributed along with specific rules to follow.…

    • 793 Words
    • 4 Pages
    Good Essays
    Read More
  • Powerful Essays

    Security paper
    • 1480 Words
    • 6 Pages

    Security paper

    In today’s information age, there is an over dependence in I.T in all operations of a company from keeping records to many other functions in the organization. Given the importance of information systems in tee organizations, malice, mischance or error can be detrimental to the organization’s existence and therefore a well laid out security policy is almost mandatory. Security policy therefore focuses on the processes, tools and methods necessary for the design, implementation and testing of the systems as well as adopt the existing systems to the ever changing environment. Global Distribution Inc. (GDI) is a distribution company that is involved with management of numerous accounts across the United States, Mexico and Canada. With the complexity and sensitivity of its operations, data loss or interference in its systems through error, malicious damage or mishap would lead to loss of millions of dollars as well as massive inconvenience to thousands of its clients (Greene, 2005). Having a good security policy for this organization is therefore a priority and this can only be achieved through a dedicated team of experts in the firm whose roles and responsibilities are well defined. It is clear that outsourcing cuts down operation costs, but dedication and availability of such staff raises questions to the quality of work they will offer to such a sensitive department. Having a good security policy requires involvement of all stake holders in the firm, from the C.E.O to the high number of employees in the firm (Greene, 2005). Given this chance to come up with a good security policy for the firm requires a high level commitment from me and my team and therefore the following document will breakdown how we intend to achieve such a great task.…

    • 1480 Words
    • 6 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    Insurance Management Project Report
    • 399 Words
    • 2 Pages

    Insurance Management Project Report

    The “Insurance Management System” process made computerized to reduce human errors and to increase the efficiency. The main focus of this project is to lessen human efforts. The maintenance of the records is made efficient, as all the records are stored in the SQL…

    • 399 Words
    • 2 Pages
    Satisfactory Essays
    Read More

Related Topics