A Brief Note On Idaho State University ( Isu ) Essay

Idaho State University (ISU) controlled and managed the security for twenty-nine outpatient clinics. Thus, one would expect that all the health information would be protected. Four to eight of these facilities were required to follow HIPAA Privacy and Security Rules. However, they failed to do this efficiently especially at the ISU’s Pocatello Family Medicine Clinic (HHS.gov, 2013a). As a result, ISU reported a breach to their system to the U.S. Department of Health Human Services (HHS) Office of Civil Rights (OCR) on August 9, 2011 stating that 17,500 ePHI patients’ records were not safeguarded for about ten months (HHS.gov, 2013a; HHS.gov, 2013b). This resulted because ISU neglected to enable firewall protections for their servers (HHS.gov, 2013a). Consequently, HHS performed an investigation and contacted ISU about its findings on November 22, 2011 alerting them of their neglect on several factors. Firstly, from April 1, 2007 to November 26, 2012, ISU ignored to per form correct protocol in their security management process. ISU failed to execute a risk analysis to ascertain vulnerabilities pertaining to the confidentiality of ePHI records (HHS.gov, 2013b). Secondly, during this same time frame, ISU disregarded to employ proper and ample security methods to diminish risks and susceptibilities to their system (HHS.gov, 2013b). Finally, between the timeframe of April 1, 2007 to June 6, 2012, ISU forsook to apply continuous monitoring procedures that would constantly detectShow MoreRelatedA Brief Note On Idaho State University ( Isu ) Essay970 Words   |  4 PagesIncident: Idaho State University (ISU) operates 29 outpatient clinics and is responsible for providing health information technology systems technology systems security at those clinics. Between four and eight of those ISU clinics are subject to the HIPAA Privacy and Security Rules, including the clinic where the breach occurred. The HHS Office of Civil Rights (OCR) opened an investigation after ISU notified HHS of the breach in which the ePHI of approximately 17,500 patients was unsecured for at