Before participating in this third discussion forum assignment, you need to read

Question

Before participating in this third discussion forum assignment, you need to read the section "Ethics” dealing with cloud storage in Chapter 7 of the Computer Concepts 2017 electronic textbook.

Next you need to:

1) Answer these questions:

a. Who is responsible for maintaining security and privacy of sensitive and confidential information?

What if your attorney or doctor stored confidential information about you in the cloud and it somehow became widely distributed across the Internet?

b. Clearly, you suffer any related consequences, but who is responsible?

Is it your attorney, your doctor, the company providing the cloud service, or do you somehow have the responsibility to protect personal sensitive information?

Note: You need to provide answers to the above two (2) questions (a. and b.), writing in complete sentences. Your answers need to total at least 250 words and contain no more than one (1) spelling, grammar, or punctuation error in total.Cloud Storage
Recently, many applications that would have required installation on your computer to run have moved to the web. As we discussed in Chapter 2, this is known as cloud computing, where the Internet acts as a “cloud” of servers that supply applications to clients as a service rather than a product. Additionally, these servers provide cloud storage, also known as online storage.

CHAPTER 7 INFO

"ethics"

Cloud storage has created some interesting legal and ethical questions regarding the storage of sensitive and privileged information. Who is responsible for maintaining security and privacy of sensitive and confidential information? What if your attorney or doctor stored confidential information about you in the cloud and it somehow became widely distributed across the Internet? Clearly, you suffer any related consequences, but who is responsible? Is it your attorney, your doctor, the company providing the cloud service, or do you somehow have the responsibility to protect personal sensitive information?

Recently, many applications that would have required installation on your computer to run have moved to the web. As we discussed in Chapter 2, this is known as cloud computing, where the Internet acts as a “cloud” of servers that supply applications to clients as a service rather than a product. Additionally, these servers provide cloud storage, also known as online storage

Explanation / Answer

Recognizing the sensitivity of health information, in 1996 the U.S. government enacted the Health Information Portability and Accountability Act (HIPAA) and, in 2003, the Health Information Technology for Economic and Clinical Health (HITECH) Act. These laws require entities that are responsible for sensitive health information to implement certain measures to ensure privacy and security, and to inform patients when the privacy and security of their information is compromised.
The HITECH Act required the Secretary of HHS (the Secretary) to expand the HIPAA Privacy and Security Rules and increase penalties for violations of HIPAA. Previously, the HHS Office for Civil Rights (OCR) had jurisdiction only over covered entities for privacy breaches. Under the HITECH Act, the HIPAA Privacy and Security Rules were extended to apply to business associates (BAs) — defined as persons or entities that perform certain functions or activities that involve the use or disclosure of PHI (protected health information- PHI includes any unique identifying number, code, or characteristic that can be traced back to a patient.) on behalf of, or provide services to, a covered entity. BAs often provide services such as claims processing or administration, data analysis, utilization review, or practice management. A cloud provider that stores PHI either on behalf of a covered entity directly, or indirectly through another BA, is now also considered a BA. Cloud providers hold a unique position as BAs entrusted with EPHI. Electronic protected health information (EPHI) is essentially PHI or individually identifiable health information created, received, maintained, or transmitted in electronic form. While the Privacy Rule applies to all PHI in any form — whether handwritten, printed, electronic, or oral — the Security Rule applies only to EPHI. BAs are directly liable for:

   1. Impermissible uses and disclosures ("breaches")
   2. Failure to provide breach notification to the covered entity or the BA as appropriate
   3. Failure to provide access to a copy of electronic PHI to the covered entity or individual whose information it is
   4. Failure to disclose PHI to the Secretary as required to investigate or determine the BA's compliance
   5. Failure to provide an accounting of disclosures
   6. Failure to comply with the Security Rule Subpart C of Part 164

   Because cloud service providers as BAs are directly liable for breaches, they should immediately perform risk assessments of the PHI they create, receive, maintain, or transmit — looking for vulnerabilities and addressing them with haste. Cloud service providers should also perform internal audits of their policies and procedures to ensure compliance with the Privacy and Security Rules. Employees should undergo appropriate training of these Rules and a Privacy Officer and Security Officer should be appointed so that employees can immediately report incidences they become aware of. Business Associate Agreements should be updated as discussed above to define roles and responsibilities between all parties and should cover everything from the services provided to who will notify individuals of a breach of unsecured PHI.

   So to answer your question:
   a. Who is responsible for maintaining security and privacy of sensitive and confidential information?
   Ans It is the responsibility of cloud provider which is identified as a BA, to maintain security and privacy of sensitive and confidential information.

   Q. What if your attorney or doctor stored confidential information about you in the cloud and it somehow became widely distributed across the Internet?
   Ans. A doctor entrusts a BA with critical information shared by patients who have divulged their most intimate details and whose EPHI might be stored in the cloud. If their EPHI is compromised, patients might lose trust in their doctors and consequently their care might be put at risk. Thus, the significance of HIPAA and HITECH goes beyond law. EPHI is not merely data; it represents individuals, their health, and their lives.


   b. Clearly, you suffer any related consequences, but who is responsible? Is it your attorney, your doctor, the company providing the cloud service, or do you somehow have the responsibility to protect personal sensitive information?

   Ans. It is the company providing the cloud service.

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.