Noyes, Christi2011-07-072011-07-072011-07-07https://hdl.handle.net/1794/11399This paper was completed as part of the final research component in the University of Oregon Applied Information Management Master's Degree Program [see htpp://aim.uoregon.edu].Healthcare organizations must comply with the Health Insurance Portability and Accountability Act of 1996 and develop information security policies that ensure the confidentiality, integrity, and accessibility of sensitive information; however guidelines are vague. This bibliography identifies policies and describes information security governance strategies designed to ensure compliance. Organizations must create a leadership committee to (a) assess current policies, (b) oversee policy enforcement, (c) note the effects of internal and external influences, and (d) maintain currency.en-USePHI securityHealthcare information securityHIPAAHIPAA security ruleInformation securityInformation security breachApplied Information ManagementAIMDataOther