Question
HIPAA uses a flexible standard in which companies are expected to select security measures based on reasonably anticipated threats and in line with the size
HIPAA uses a flexible standard in which companies are expected to select security measures based on "reasonably anticipated threats" and in line with the size of their organization and the costs of security measures (45 C.F.R. 164.306). Why do you think policymakers opted for this approach instead of one that would hold all organizations to the same standard? What are the benefits of this approach? What are the drawbacks? Does it make sense that smaller organizations have lower expectations than larger ones, when both might collect and use the same protected health information?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started