Learning Goal: I’m working on a cyber security question and need an explanation and answer to help me learn.
Discussion Board Post – Approx. 200 words
(Assignment to be completed in the Discussion Board Section)
Post an introduction in the discussion thread
With the lifecycle management of data in mind, and with the HIPAA regulation expectations, listen to attorney Shawn Tuma explain the issues that still plague the victims of ransomware. As you listen, please post comments related to:
1) A recent case in healthcare that matches the issues explained by Shawn Tuma; how do his comments match the ransomware specifics of the case? (Research a pertinent case)
2) What lifecycle management categories (learned in week 1) do you see affected the most in the cases where the government has audited and fined organizations, as it relates to HIPAA?
3) What governance elements to you believe that might have been missing in the cases within the general findings mentioned by Shawn (policies, procedures, monitoring & controlling, etc.)?
Discussion Board Comments – Approx. 100 words
Please comment on the forum posts of two peers
Essay – due on Sunday 11:59PM CST: Approx. 600 words, APA Style
You have just been hired by ACME corporation. ACME has just purchased an organization that has 100 clinics across the nation. As part of ACME’s management review, they want to ascertain the degree to which these clinics are in compliance with HIPAA. ACME also wants to be very strategic moving forward and wants to make sure that the clinics offer a competitive advantage regarding HIPAA, as well as govern the controls towards compliance in the most efficient way. Some clinics are using limited CIS controls, other clinics are leveraging NIST frameworks, while others are wanting to explore the HITRUST platform.
You have been asked to use all the information you have learned in this session and determine if ACME and this new acquired company of clinics would pass a HIPAA audit.
What immediate recommendations do you have for the leadership regarding how to pursue an internal review (used materials from class or research additional ones)?
What long-term recommendations can you think of as you try to help harmonize governance controls, abide by the law, and create a climate of competitive advantage regarding security?
How prepared are the clinics as it pertains to preventing and recovering from ransomware? What steps should they take