Question

Consider this scenario: A health insurer in Oklahoma settled a class-action lawsuit after having reported that one laptop was stolen in 2008; this laptop contained personal data of more than 1.6 million customers. Based on the fact that the laptop was not encrypted, and that employees were lacking in security awareness training, which of the following statements captures the root cause of this breachThe security measures required by HIPAA were not sufficiently observed.The thorough implementation of security policies was not something that the executive management prioritized.The security policies were routinely ignored by company employees.The HIPAA regulations were unclear and difficult to implement

Answer 1

The security measures required by HIPAA were not sufficiently observed, The thorough implementation of security policies was not something that the executive management prioritized.

Step-by-step explanation:

The HIPAA Security Rule requires physicians to protect patients' electronically stored, protected health information (known as “ePHI”) by using appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security of this information.

All covered entities must assess their security risks, even those entities who utilize certified electronic health record (EHR) technology. Those entities must put in place administrative, physical and technical safeguards to maintain compliance with the Security Rule and document every security compliance measure.

Based on the above, it can be deduced that the root cause of the breach was that captures the root cause of this breach, and the security measures required by HIPAA were not sufficiently observed.The thorough implementation of security policies was not something that the executive management prioritized.