This preview shows page 1. Sign up to view the full content.
Unformatted text preview: Accountability Act (HIPAA), a U.S. federal regulation, has been mandated to provide national standards and procedures for the storage, use, and transmission of personal medical information and health care data. This
regulation provides a framework and guidelines to ensure security, integrity, and privacy when handling confidential medical information. HIPAA outlines how security
should be managed for any facility that creates, accesses, shares, or destroys medical
People’s health records can be used and misused in different scenarios for many
reasons. As health records migrate from a paper-based system to an electronic system,
they become easier to maintain, access, and transfer, but they also become easier to
manipulate and access in an unauthorized manner. Traditionally, health care facilities
have lagged behind other businesses in their information and network security mechanisms, architecture, and security enforcement because there was no real business need
to expend the energy and money to put these items in place. Now there is.
HIPAA mandates steep federal penalties for noncompliance. If medical information
is used in a way that violates the privacy standards dictated by HIPAA, even by mistake,
monetary penalties of $100 per violation are enforced, up to $25,000 per year, per standard. If protected health information is obtained or disclosed knowingly, the fines can
be as much as $50,000 and one year in prison. If the information is obtained or disclosed under false pretenses, the cost can go up to $250,000 with ten years in prison if
there is intent to sell or use the information for commercial advantage, personal gain,
or malicious harm. This is serious business. The Gramm-Leach-Bliley Act of 1999 (GLBA)
The Gramm-Leach-Bliley Act of 1999 (GLBA) requires financial institutions to develop
privacy notices and give their customers the option to prohibit financial institutions
from sharing their information with nonaffiliated third parties. The act dictates that
the board of directors is responsible for many of the security issues within a financial
institution, that risk management must be implemented, that all employees need t...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12