The paper will be 4-5 pages
Each paper must be typewritten with 12-point font and double-spaced with
standard margins. Follow APA format
For this assignment you are encourage generating a Security
Plan and implemented in a Health Care Facility of your choosing.
Work with your EHR vendor(s) to let them know that
protecting patient health information and meeting your HIPAA privacy and
security responsibilities regarding electronic health information in your EHR
is one of your major goals. Involve your practice staff and any other partners that
you have to help streamline this process.
1. INFORMATION SECURITY MANAGEMENT PLAN
This Information Security Management Plan
(ISMP) describes the ACE’s safeguards to protect confidential data and
2. SECURITY POLICY (20%):
The Information Security core policy
concepts are maintained in the Privacy, Confidentiality and Security of Patient
Proprietary Information Policy and the Computer Use and Electronic Information
Security Policy. These policies are
reviewed every 2 years.
3. ACCESS CONTROL: (20%):
Access to confidential information must
follow the “need to know” guideline. Only those employees who have a business
need to know the information shall have permission to utilize the data. Each
employee is assigned a user name and password. Each employee is trained on
developing a secure password. Passwords must be changed according to Password
4. MEDIA PROTECTION: (20%):
The ACE has established policies and
procedures which clearly define where data can be stored and how the data stored
on media is to be protected. The ACE
highly discourages storage of data on any medium except for storage on network
drives within the secured data center.
However, in the case where data cannot be stored in the data center it
must be stored on an encrypted medium.
5. PHYSICIAL AND ENVIRONMENTAL PROTECTION:
The ACE has multiple data centers.
Evaluation will be based on how clearly you respond to the
above, in particular:
a) The precision with which you analyses the articles;
b) The complexity, possibility, and organization of your
c) Your conclusions, including a description of the impact
of these articles and Chapters on any Health Care Setting.