WEB SECURITY POLICY
IFSM 304

Overview : With the increasing amount of personal data that is being compiled on the Internet and specifically individual’s medical information we must look at the ethical dilemma of who has access to our data. Not only general demographic data such as full name, home address, phone number, and date of birth but also extremely sensitive medical information such as diagnosis and medication prescribed. Even though the convenience of digital records accessible to care providers via the web can expedite service, security and privacy have to be considered and maintained. An organizational policy is required to provide guidance, direction and responsibilities to ensure compliance with all Health Insurance Portability and Accountability Act (HIPAA) requirements. HIPAA is the acronym that was passed by Congress in 1996. (Health, n.d.)

Purpose: To promulgate organizational policy, procedures, and program management for web security. This policy defines the technical controls and security configurations users and information technology (IT) administrators are required to implement in order to ensure the confidentiality, integrity, and availability of the data environment in accordance with HIPAA does the following:
Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;
Reduces health care fraud and abuse;
Mandates industry-wide standards for health care information on electronic billing and other processes; and
Requires the protection and confidential handling of protected health information (Health, n.d.)
With the multitude of threats that plague an organizations’ security the policy is also to provide for direction against the second largest threat which is the insider threat. A malicious insider threat to an organization