New Policy Statements- HIPAA Assignment Example | Topics and Well Written Essays - 500 words

New Policy Statements- HIPAA - Assignment Example ompletely secured and information were accessed and misused from the computers without having the need to operate the computer physically from which the data was supposed to be accessed. Developments in technology were making the business operations and way of working easier whereas, at the same time those developments assisted in manipulating ways and misusing the information for one’s own benefit (Pesante, 2008). The organization or company whose policies regarding information security need to be reviewed is in the business of insurance and deals with health insurance. The review is proposed in order to make certain that it fulfills the regulatory obligations and meet up to the obligations of the associated standards as well as regulations. The company comes under the Health Information Portability and Accountability Act (HIPAA) according to which any information regarding health requires to be protected. Taking into account the federal standards, patients should be capable of accessing information in relation to their respective medical records (HIPAA, 2007). Based on the nature of business operations, the company complies with the guidelines of HIPAA, HITECH, GLBA and PCI-DSS. In spite of abiding by all the relevant regulations, the policy regarding accessing information by a fresh user and the prerequisite for passwords are becoming a grave concern for the supervisor of the company. Although the present policy of the company ensures high level of security but still it should structure a new policy. According to the new policy the request to access information by the new user along with the personal details and signature would be initially taken down. According to the policy, access would be provided only to the particular information or area specifically requested by the new user. There should be a time limit mentioned in the policy for accessing information by a new user and once the limit is over, the access should be automatically denied by the