Assess the legal and professional regulations for the healthcare industry
(1) Describe HIPAA & how it applies to the case.
HIPAA was formed in 1996 to protect health insurance coverage of people. Under
HIPAA, patients personal medical history cannot be disclosed without his/her
consent. It ensures that the sensitive and confidential data of patient is protected
against unauthorized access. With this act, patients can know who else has
accessed their health data. HIPAA provides new requirements for researchers to
access this data and it provides civil sanctions for improper use.
In this case HIPAA will provide guidelines to the new IT system in securing the
health data from unrestricted access and prevent it from misuse.
(2) ID any compliance issues in the case.
The sensitive and confidential information of patient should be accessed without
(3) Assess how the firm is doing in this regard.
Since the IT staff at HSN will work with the live data during implementation they
are not following HIPAA guidelines.
Assess the security capability of the IT enterprise-wide system
(4) ID technologies here that are affected by HIPAA
Due to HIPAA restrictions, Physicians will not able to access and analyze the
important historical information of patients. The valuable information cannot be
shared with the Pharmaceutical companies to further research the new drugs.
(5) What are the security issues with those technologies
If the system is hacked the entire consolidated data will be vulnerable. The system
downtime would mean that physicians will not be able to access any information.
Extremely hard to implement system that follows all the HIPAA guidelines.
(6) Briefly discuss the strengths & weaknesses of the technologies
Strengths: Enterprise system will improve data entry. The integrated system will
streamline several processes and improve operational efficiency. HSN
management and physicians will have consolidated information resulting in better
planning, improved patient satisfaction and cost reduction.
Weakness: System is vulnerable to misuse and if security guidelines of HIPAA are
not it will result in lawsuits and loss of patient trust.
(7) Assess the firm’s ability to provide security.
During the implementation the IT staff at HSN will work with the live data. So
HSN’s is incapable of securing the data unless the IT staff uses the test data.
Assess the appropriateness of using the IT enterprise-wide system in light of the
legal & professional regulation for this industry.
The use of enterprise system is appropriate in this case as it will help HSN’s
physicians to quickly store; retrieve and analyze patient’s health information. HSN
patients may agree to disclose their treatment information to the network
physicians and this will help HSN physicians to analyze and recommend the most
appropriate treatment to their patients. Security however is very important in this
implementation and the system should follow all the HIPAA guidelines. The
implementation is very challenging but will be very helpful in the long run.