Discussion Week 4 IFSM 305: Lori Allen
Discussion Week 4 IFSM 305: Lori Allen
Discussion Week 4 IFSM 305: Lori Allen
Discussion Week 4
IFSM 305
Lori Allen
1
Discussion Week 4 Lori Allen Number of pages: 4
In today's world of healthcare, physicians, hospitals, clinics, and other providers have the unique ability
to use the technological advances that are at their disposal to promote and advance the health of
patients. All this has been made possible by the creation of computers, internet, software, hardware
systems that enable providers to not only have all the information regarding the patient at their
fingertips, but they are also able to share this information with others in the field who may need this
information to complete or contribute to the care of the patient. While this is an excellent tool and is
widely being used worldwide, it is dealing with sensitive information regarding people's health, personal
information such as names, address, phone numbers, diagnoses and much more. Therefore, it was
necessary to implement a standard for keeping this information safe and secure while allowing the flow
of information to be easily and effectively organized and transmitted throughout multiple healthcare
organizations. This standard is The Health Insurance Portability and Accountability Act of 1996, (HIPPA).
This act was established to ensure that patients' health records would be handled with the utmost care
with regards to privacy, security and accountability (S ummary of the HIPAA Security Rule", 2021). HIPPA
security states that health record data should be held in a secure place. This means that the computers
used, for example, should be data encrypted. When taking into consideration the question at hand, I
believe that there has been a violation of HIPPA security rules. The reason being that the individual in
charge of data protection, or systems operations management should be aware of the HIPPA rules, and
the potential threat caused by the data not being encrypted. This would, in my mind constitute a Tier 4
violation of HIPPA regulation and potentially put many patients in danger and this also carries a fine of
In order to prevent this type of situation in the future, there are several steps that should be taken.
2
Discussion Week 4 Lori Allen Number of pages: 4
1. All computers, or electronic devices used to store patient information should be kept in spaces that
only staff members can access such as behind doors with passcodes. In rooms which are designated as
“staff only”.
2. All data should be encrypted according to HIPPA rules. This should be done by the individual
3. Each computer should have audit controls so that each person accessing it will be logged and time
stamped.
3
Discussion Week 4 Lori Allen Number of pages: 4
Bibliography
Summary of the HIPAA Security Rule. HHS.gov. (2021). Retrieved 9 April 2021, from
https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html.
Journal, H. (2021). What are the Penalties for HIPAA Violations?. HIPAA Journal. Retrieved 9 April 2021,
from https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/.