HIPAA Compliance and Security Posture Overview In this course, you have already

HIPAA Compliance and Security Posture
Overview
In this course, you have already begun taking a comprehensive look at developing technical security solutions to counteract potential adversaries. Here you will expand on that knowledge by considering how compliance, in this case Health Insurance Portability and Accountability Act (HIPAA) compliance, can often inform strategies and provide a foundation to build on.
In response to rising security challenges in the healthcare field, the U.S. Department of Health & Human Services set privacy and security requirements that must be met by healthcare providers and their business associates. HIPAA is expansive in its coverage, but you will be looking at how it deals with electronic protected health information (ePHI) and security safeguards in the three risk domains of people, process, and technology. While you are already familiar with the risk domains, you may also see process referred to as administrative.
As you work through this assignment, remember compliance is often used as a baseline when developing controls for an organization. Healthcare organizations can use HIPAA as a means of forming their own security plans. In addition to the technical benefits, compliance will also reduce the amount of time it takes for an organization to transition from security concept to implementation because of the ways it helps support the concept.
Prompt
Review the selection of HIPAA compliance articles linked in the Reading and Resources section of Module Three before formulating your responses for this activity.
You must address the critical elements listed below.
Meeting HIPAA ComplianceDiscuss how meeting HIPAA compliance can minimize the possibility of a data breach when implementing encryption.
Discuss how meeting HIPAA compliance can minimize the possibility of a data breach when implementing access control.
Discuss how meeting HIPAA compliance can minimize the possibility of a data breach when implementing security policies.
Improving Security PostureExplain ways you can further minimize the attack surface of an organization by building on previously implemented HIPAA compliance requirements.
Assess how HIPAA compliance plays a role for future scalability of new implementations in one or more of the risk domains (people, process, and technology).
Explain how HIPAA compliance can support a multi-layered approach to security.
Third-Party AgreementsDiscuss how HIPAA compliance affects an organization’s agreements with external contractors.
Discuss how HIPAA compliance affects the implementation of access controls for a cloud-based location.
What to Submit
Your submission should be 2 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Any references should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.
Module Three Activity Rubric
CriteriaExemplary (100%)Proficient (85%)Needs Improvement (55%)Not Evident (0%)Value
Meeting HIPAA Compliance: EncryptionMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerDiscusses how meeting HIPAA compliance can minimize the possibility of a data breach when implementing encryptionAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant11
Meeting HIPAA Compliance: Access ControlMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerDiscusses how meeting HIPAA compliance can minimize the possibility of a data breach when implementing access controlAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant11
Meeting HIPAA Compliance: Security PoliciesMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerDiscusses how meeting HIPAA compliance can minimize the possibility of a data breach when implementing security policiesAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant11
Improving Security Posture: Attack SurfaceMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerExplains ways to further minimize the attack surface of an organization by building on previously implemented HIPAA compliance requirementsAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant12
Improving Security Posture: ScalabilityMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerAssesses how HIPAA compliance plays a role for future scalability of new implementations in one or more of the risk domains (people, process, and technology)Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant12
Improving Security Posture: Multi-Layered ApproachMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerExplains how HIPAA compliance can support a multi-layered approach to securityAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant12
Third-Party Agreements: External ContractorsMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerDiscusses how HIPAA compliance affects an organization’s agreements with external contractorsAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant11
Third-Party Agreements: Cloud-BasedMeets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative mannerDiscusses how HIPAA compliance affects the implementation of access controls for a cloud-based locationAddresses “Proficient” criteria, but there are gaps in clarity, logic, or detailDoes not address critical element, or response is irrelevant11
Articulation of ResponseSubmission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read formatSubmission has no major errors related to citations, grammar, spelling, or organizationSubmission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideasSubmission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas9
Total:100%