Imagine you are the information security officer at a medium-sized hospital chain. The CEO and the other senior leadership of the company want to ensure that all of their hospitals are and remain HIPAA compliant. They are concerned about the impact of the HIPAA Security and Privacy Rules on the organization. You begin looking at the information provided by the U.S. Department of Health and Human Services, HIPAA Enforcement, and are asked to provide an analysis of two of the cases found here with emphasis on what was done to resolve the compliance issues.
Section 1: Written Paper
Noncompliance with HIPAA regulations can result in significant fines and negative publicity. To help ensure that your organization remains in compliance with HIPAA regulations, you have been asked to write a 3–5 page paper in which you:
- Create an overview of the HIPAA security and privacy rules.
- Analyze the major types of incidents and breaches that occur based on the cases reported.
- Analyze the technical controls and the nontechnical controls that are needed to mitigate the identified risks and vulnerabilities.
- Analyze and describe the network architecture that is needed within an organization, including a medium-sized hospital, in order to comply with HIPAA regulations.
- Analyze how a hospital is similar to and different from other organizations in regard to HIPAA compliance.
- List the IT audit steps that must be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.
- Use at least three quality resources. Note: Wikipedia and similar websites do not qualify as quality resources.
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions.
Section 2: Network Architecture
- Create a network architecture diagram (using Visio or an open-source equivalent to Visio for creating diagrams), based on the description of the network architecture that you defined above for the organization to comply with HIPAA regulations.
- Include in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture.
The specific course learning outcome associated with this assignment is:
- Create a network architecture diagram that is compliant with HIPAA regulations.