Assume that you have been hired as a Chief Information Security Officer (CISO) by a local healthcare organization which has no health information privacy and security policy yet. Thus, your first assignment is to formulate a health information privacy and security policy for the organization in accordance with the HIPAA and HITECH Privacy and Security Rules. Before the development of the privacy and security policy document, your supervisor advises you to review the HIPPA and HITECH Privacy and Security regulations the organization is required to comply with.
In this assignment, address the following:
- Outline of the specific policy you propose,
- The consequences of noncompliance with the applicable laws, and
- Measures to assure the correct application of Privacy and Security Rules. Make sure to consider all perspectives of the user authentication and access controls.