CSOL 540 Assignment 2: Laws, Regulations and Standards Marc Leeka

Organization Short Description

Health Information Trust Alliance Trade organization for business alliance partners in the health care industry. Provides
HITRUST cybersecurity best practices materials and training.

Payment Card Industry Data Applicable if HIS accepts credit card payments. Safeguards confidentiality and integrity of
Security Standard electronic data exchange.

Regulations Short Description and Security Controls

Health Insurance Portability and Data confidentiality while held or transmitted. Extensive detail of confidentiality requirements
Accountability Act of 1996 and how to meet regulations. Sets standards for electronic data exchange. Secure electronic
(HIPAA) billing. Includes administrative, physical security, and technical safeguard requirements.

Extends HIPAA compliance to business associates and their subcontractors for all data
HITECH (2013) confidentiality while held or transmitted.

The Patriot Act is primarily a vehicle for the US government to enhance its ability to monitor
and detect activities that may indicate the support for terrorism. The act is not necessarily
targeted at PHI or systems that create, store, or manage such information. Nonetheless, it is
Patriot Act (2001) conceivable that in pursuit of investigations being conducted under this act, a demand for PHI
may be made of any healthcare provider who would be expected to comply AND who would
be prevented from informing the subject of the investigation (that is, the patient).

Confidentiality of Alcohol and Data confidentiality. Establishes additional privacy provisions for records of the identity,
Drug Abuse Patient Records 42 diagnosis, prognosis, or treatment of patients maintained in connection with a federally
CFR, part 2 assisted drug or alcohol abuse program.

Occupational Safety and Health Data confidentiality. OSHA defines an occupational medical record as an occupation-
related, chronological, cumulative record, regardless of the form or process by which it is
Administration maintained (i.e., paper document, microfiche, microfilm, or automatic data processing media).
Data confidentiality. GINA expands the provisions in HIPAA to protect Americans against
discrimination based on their genetic information when it comes to health insurance and
Genetic Information employment. Health information includes genetic information. Health plans and insurers are
Nondiscrimination Act (GINA) prohibited from imposing a preexisting condition exclusion based solely on genetic
information and from discriminating in individual eligibility, benefits, or premiums based on
any health factor, including genetic information.
Data confidentiality. Largely covered now by HIPAA regulations. Situations arise where the
assignment of a representative (a physician, other health professional, or other responsible
Medicare individual) who may review medical information in the possession of the government agency
and inform you

Sarbanes-Oxley Act of 2002 Applicable if HIS is a publicly traded company.

Gives individuals the right to access their health information when it is held by private sector
Health Records Act 2001 organizations.
Electronic Record Keeping Systems and
Data integrity and availabilty. Electronic recordkeeping systems; additional requirements
Additional Record Requirements - Cal.
Providers using electronic records systems for patient records must use an offsite backup.
Health & Safety Code 123149
Reporting Requirements of Parkinson's
Disease and Confidentiality of Patient
Data confidentiality. Reporting requirements of Parkinsons disease.
Information Cal. Health & Safety Code
103865
Reporting of Unlawful or Unauthorized
Access or Disclosure of Patient Medical
Data confidentiality.
Information Cal. Health & Safety Code
1280.15
Confidential Nature of Medical Records For
Data confidentiality. Organization must prevent unlawful or unauthorized access or
Those Receiving Medical Assistance Cal.
disclosure.
Code Regs. tit. 22 51009