The Health Insurance Portability and Accountability Act (HIPAA) Security Rule defines the types of protected information and the safeguards that must be in place to ensure appropriate protection of electronic protected health information. For this activity, you will identify protected health information (PHI) that will require protection and identify control types to be placed on the protected HIPPAA data.
For your initial post, consider the scenario below.
Tom Jones completed his yearly medical checkup, and the doctor found that he had a small growth on his kidney that will require additional testing. Using what you have learned in this week, carefully evaluate the tables below with consideration of the HIPAA governance requirements. Table 1 has common personal information about Tom that you may see on most hospital visit forms. Table 2 has information about individuals and entities with some type of relationship with Tom. In your initial post, identify from Table 1 all the rows that are considered PHI. Evaluate the information and explain which should be encrypted at storage and which information should be left in clear text. Additionally, identify from Table 2 all the rows you believe HIPAA considers as associates of Tom. Support your statements with evidence from your sources.
Table 1
Tom Jones’ Diagnostics: Liver Issue (Nephropathy)
Name
Telephone Number
Electronic email address
Social Security Number
Medical Record Number
IP address of his computer
Toms’ Hobby
Toms’ Driver’s license number
Table 2
Tom’s circle and relationship
Doctor
Kidney Specialist
Pharmacist
Priest
Medical Billing Organization
Insurance company
Children
Wife
Best Friend
Soccer Coach