HIPAA (Health Insurance Portability and Accountability Act) was created in 1996 to protect the privacy of patient’s health information. “To fulfill this requirement, HHS published what are commonly known as the HIPAA Privacy Rule and the HIPAA Security Rule” (“Summary of the HIPAA Security Rule”, 2016). The HIPAA Privacy Rule was established to protect patient’s medical records and other information such as health plans, health care, and health care transactions that are transmitted electronically. The HIPAA Security Rule “establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity” (“Summary of the HIPAA Security Rule”, 2016)

Maintaining HIPAA’s rule a regulations will allow patients to keep all personally identifiable information secure. The patient will be able to tell the provider who they allow to have access to the medical information. HIPAA prevents inappropriate use of patient information as well as protecting the patients medically history. It is against HIPAA regulations that anyone is to discuss patient information outside of the office and can be used against an individual in regards to allegations of information being given out. A patient should always make sure they are aware of all the rights they have under the HIPAA laws. Knowledge of these rules will help to make sure that the patient’s information is being rightfully handled.

HIPAA is an ever-evolving act; with the amount of change in the medical field with going electronic it is important to include all routes of possible information usage. Whether it is online, over the phone, or face to face. Making sure that all employees are aware of these types of rule within HIPAA’s regulations will allow for a smooth transition in whichever stage the medical facility is at. The number one rule that the patient should now is that no matter what they always have the right to their medical records. The only catch is that some offices might charge for these records but they can never be denied. “ A major goal of the security rule is to protect the privacy of individuals’ health information while allowing covered entities to adopt new technologies to improve the quality and efficiency of patient care” (“Summary of the HIPAA Security Rule”, 2016)

Save your time - order a paper!

Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlines

Order Paper Now

HIPAA. (2016). Med.navy.mil. Retrieved 31 October 2016, from http://www.med.navy.mil/sites/nhbeaufort/Pages/HIPAA.aspx

Summary of the HIPAA Security Rule. (2016). HHS.gov. Retrieved 31 October 2016, from http://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html

Why is HIPAA important?. (2016). Content.catalyze.io. Retrieved 31 October 2016, from http://content.catalyze.io/why-is-hipaa-important

2. PCI-DSS (credit card and transaction information)

Credit cards and transaction information is very important to protect, we must have systems in place to support our clients personal information. To do this the company must have things like firewalls, wireless Lan’s, along with network security protocols in place.We can acheive this by using Payment Card Industry (PCI) Compliance. Credit card data is sensitive, it contains things like social security information, addresses, phones numbers, and peoples purchasing information.

The PCI Compliance regulation is designed to be implemented by organizations which process transactions made through these credit or debit card types, and severe penalties may be imposed on businesses which suffer a security breach as a result of lack of compliance to the PCI standard (Acunetix).

If your company stores, processes and transmits information that is stored on a credit card and debit card, then the rules of the PCI DSS must be adhered to, or your company can face fines. Also your company can face suspension or expulsion from card processing networks.

If a compromise took place and it was obvious that you were not, and have never been compliant, the matter would be taken very seriously by all the major payment brands (Focus on PCI).

Maintain a Secure Network and Systems: I recommend Installing and maintain a firewall configuration to protect cardholder data, remember to change vendor-supplied defaults for systems passwords and other security parameters.

Store Cardholder Data: Encrypt transmission of cardholder data across open, public networks.

Management: malware protection, and regularly update anti-virus security software. Secure systems and applications have to be maintain.

Access control: Use separation of duties to restrict cardholder data access. Use identify and authentication access rules. A password alone should not be enough to verify the administrator’s identity and grant access to sensitive information (Tara Seal 2016)

These are some policies that the IT department can begin to implement.


PCI Compliance (PCI DSS) – Securing Both Merchant and Customer Data.Acunetix


Top 10 Misconceptions About PCI. Focus on PCI.


Tara Seal (2016) PCI Standard Adds Multi-factor Authentication. Infosecurity


Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.