case study hipaa and it audits

Points: 125

Case Study 2: HIPAA and IT Audits

Criteria

Unacceptable
Below 70% F

Fair
70-79% C

Proficient
80-89% B

Exemplary
90-100% A

Section 1: Written Paper

1a. Create an overview of the HIPAA Security Rule and Privacy Rule.
Weight: 10%

Did not submit or incompletely created an overview of the HIPAA Security Rule and Privacy Rule.

Partially created an overview of the HIPAA Security Rule and Privacy Rule.

Satisfactorily created an overview of the HIPAA Security Rule and Privacy Rule.

Thoroughly created an overview of the HIPAA Security Rule and Privacy Rule.

1b. Analyze the major types of incidents and breaches that occur based on the cases reported. Weight: 10%

Did not submit or incompletely analyzed the major types of incidents and breaches that occur based on the cases reported.

Partially analyzed the major types of incidents and breaches that occur based on the cases reported.

Satisfactorily analyzed the major types of incidents and breaches that occur based on the cases reported.

Thoroughly analyzed the major types of incidents and breaches that occur based on the cases reported.

1c. Analyze the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.
Weight: 10%

Did not submit or incompletely analyzed the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.

Partially analyzed the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.

Satisfactorily analyzed the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.

Thoroughly analyzed the technical controls and the non-technical controls that are needed to mitigate the identified risks and vulnerabilities.

1d. Analyze and describe the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.
Weight: 10%

Did not submit or incompletely analyzed and described the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.

Partially analyzed and described the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.

Satisfactorily analyzed and described the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.

Thoroughly analyzed and described the network architecture that is needed within an organization, including a medium-sized hospital, in order to be compliant with HIPAA regulations.

1e. Analyze how a hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance.
Weight: 10%

Did not submit or incompletely analyzed how a hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance.

Partially analyzed how a hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance.

Satisfactorily analyzed how a hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance.

Thoroughly analyzed how a hospital is similar to and different from other non-medical organizations in regards to HIPAA compliance.

1f. List the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.
Weight: 10%

Did not submit or incompletely listed the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.

Partially listed the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.

Satisfactorily listed the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.

Thoroughly listed the IT audit steps that need to be included in the organization’s overall IT audit plan to ensure compliance with HIPAA rules and regulations.

1g. 3 references
Weight: 5%

No references provided

Does not meet the required number of references; some or all references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

1h. Clarity, writing mechanics, and formatting requirements
Weight: 10%

More than 6 errors present

5-6 errors present

3-4 errors present

0-2 errors present

Section 2: Network Architecture

2a. Create a network architecture diagram based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.
Weight: 15%

Did not submit or incompletely created a network architecture diagram based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.

Partially created a network architecture diagram based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.

Satisfactorily created a network architecture diagram based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.

Thoroughly created a network architecture diagram based on the description of the network architecture that you defined above for the organization to be compliant with HIPAA regulations.

2b. Include in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for acompliant network architecture.Weight: 10%

Did not submit or incompletely included in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture.

Partially included in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture.

Satisfactorily included in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture.

Thoroughly included in the diagram the switches, routers, firewalls, IDS/IPS, and any other devices needed for a compliant network architecture.

"Is this question part of your assignment? We will write the assignment for you. click order now and get up to 40% Discount"