An Evaluation of the Cybersecurity Policies for the United States Health & Human Services Department: Criteria, Regulations, and Improvements

Derek Mohammed, Ronda Mariani

Abstract


This paper examines the criteria necessary for the evaluation of the cybersecurity policies for the United States Health and Human Services Department of the Federal Government. The overall purpose of cybersecurity policies and procedures is supported through compliance with Federal mandated regulation and standards, which serve to protect the organizational services and goals of the United States Health and Human Services Department, and to promote the best possible security practices in the protection of information systems from unauthorized actors and cyber-threats. The criteria of the cybersecurity evaluation is identified and analyzed for quality, strengths, weaknesses, and future applicability. Topics within the criteria include organizational operation, regulations and industrial standards compliance, service delivery to national customers, and the prevention and mitigation of IT system and security failure. This analysis determines the strengths and weaknesses, and makes recommendations for revising the cybersecurity policies within the United States Health and Human Services Department.


 


Keywords


cybersecurity policy; Health Department; evaluation; regulation; recommendation

Full Text:

PDF

References


Biddick, M. (2009). InformationWeek Analytics: Government IT Priorities. Retrieved from Information Week: http://www.informationweek.com/government/enterprise-architecture/informationweek-analytics-government-it/218500752

Biddick, M. (2011). Research: Federal Government's IT Priorities. Retrieved from Information Week: http://www.informationweek.com/government/leadership/research-federal-governments-it-prioriti/231700118

Federal Register 74.209. (2009). Executive Order 12988, Civil Justice Reform. Retrieved from Department of Health and Human Services: http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/enfifr.pdf

GAO-10-628. (2010). Critical Infrastructure Protection Key Private and Public Cyber Expectations Need to Be Consistently Addressed. Retrieved from Government Accountability Office: http://www.gao.gov/assets/310/307222.pdf

Grant Thornton. (2013). HIPAA/HITECH Cybersecurity Solutions Advisory Services. Retrieved from Grant Thornton LLP: http://www.gt.com/staticfiles/GTCom/Advisory/IT/HIPAA%20HITECH%20Cybersecurity%20solutions/Grant%20Thornton%20HIPPA-HITECH%20Solutions.pdf

HHS Office of the Chief Information Officer. (2013). Information Security and Privacy Program. Retrieved from U.S. Department of Health and Human Services: http://www.hhs.gov/ocio/securityprivacy/index.html

Intaver Institute. (2013). Qualitative and Quantitative Risk Analysis. Retrieved from Intaver Institute Inc.: http://www.intaver.com/Articles/Article_QuantitativeRiskAnalysis.pdf

Kefallinos, D., Lambrou, M., Maria, A., & Efstathios, D. (2009). An Extended Risk Assessment Model for Secure E-Government Projects. International Journal of Electronic Government Reserach, Apr-Jun(5), 72-92. Retrieved from ProQuest

Meyers, P. (2013). What would you do it you knew you couldn't fail? Creating S.M.A.R.T. Goals. Retrieved from The University of Kansas: http://www.oma.ku.edu/soar/smartgoals.pdf

Milliard, M. (2011). PwC: Health Industry Under-Prepared to Protect Privacy. Retrieved from HealthCare Finance News: http://www.healthcarefinancenews.com/news/pwc-health-industry-under-prepared-protect-privacy

NIST SP 800-122. (2010). Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). Retrieved from National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf

NIST SP 800-66 Rev.1. (2008). An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Retrieved from National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf

Office of Civil Rights. (2003). Summary of the HIPAA Privacy Rule. Retrieved from Department of Health and Human Services: http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

Radack, S. (n.d.). Using Performance Measurements to Evaluate and Strengthen Information System Security. Retrieved from National Institute of Standards and Technology: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=890085

Sims, S. (2012). Qualitative vs. Quantitative Risk Assessment. Retrieved from SANS Institute: http://www.sans.edu/research/leadership-laboratory/article/risk-assessment




DOI: http://dx.doi.org/10.18533/ijbsr.v4i4.392

Refbacks

  • There are currently no refbacks.




Copyright (c)

 ...........................................................................................................................

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

............................................................................................................................

If you find difficulties in submitting manuscript please forward your doc file to support@thejournalofbusiness.org. Our support team will assist you in submission process and other technical matters.

In order to get notifications on inbox please add  this domain thejournalofbusiness.org in your email safe list.

International journal of business and social research (Print)
ISSN 2164-2540

International journal of business and social research (Online)
ISSN 2164-2559

[International Journal of Business and Social Research (IJBSR) previously published by MIR Center for Socio-Economic Research, MD, USA. From February 2018 this journal is published by the LAR Center Press, OR, USA]