The Purpose of Patient Breach Notifications Discussion

/in /by

Activity 3: Cyber Breach Activity (100 points)

This activity is comprised of two parts. (100 points) (A two-page response is required for the combination of Parts A and B.)

You work in a healthcare technology company that provides software  technology to 100 hospitals throughout the United States. As a result,  your software stores patient data for about 10 million patients across  all of your customers. To better protect data, you’re working on a  project to deploy encryption technology across all locations so that all  customer data is encrypted.

The data is segmented and stored in the following ways:

  • Five million patient data records in Location A
  • Two million patient data records in Location B
  • Three million patient data records in Locations C

The encryption project is about 30 percent complete, with Location C  being the first to achieve full encryption. Data in this location, even  if breached, can’t be viewed or understood by unauthorized individuals.  Today, you learned that a breach happened on your network, and hackers  were able to gain access to all three locations.

Part A: Discuss the purpose of patient breach  notifications and whether patient breach notification is required in  this case. If so, how many notifications need to go out, and within what  timeframe should they be sent? (50 points)

Resources:

Part B:  Select one of the latest breaches reported to HHS in the following  link, and draft a breach notification letter to send to those affected.  (50 points)

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Activity 1: Classification Activity (100 points)This activity is comprised of two parts. (100 points) (A two-page response is required for the combination of Parts A and B.)Cybersecurity starts with understanding what assets are essential to

protect. Healthcare organizations should have a classification system

based on the value of the information. It’s important to note that this

type of data classification differs from that of computer programming,

which is also called classification, but relates more to labeling the

data to differentiate it into classes and sets. In cybersecurity, data

classification is required to apply a value relative to how sensitive

and critical the information is, as defined by the organization. This

value will determine what level of information protection controls will

be applied to information collected, maintained, retained, used, and

disposed of when no longer needed.Perform data classification analysis on the below list of healthcare

data points and determine how each should be classified. Explain your

thought process and reasoning for each decision. Use the categories of Confidential, Internal Company Use Only, or Open to Public.Part A: Define and describe each of the three categories in your own

terms. Research information security data classification systems and

definitions online. (25 points)Part B: Label each of the data points below the appropriate category and explain your reasoning. (75 points)Patient name, address, and social security numberA hospital blog website with patient health tipsPatient medical history such as medicine and allergy listsPatient laboratory test resultsDoctor name, address, and employee ID numberPatient radiology images (X-ray, MRIs, and so on) and clinical photographs (endoscopy, laparoscopy, and so on)A newsletter for all hospital staffNurse shift schedule for the monthA page on the hospital website that describes how patient data is protectedPrescribed and administered medications for patientsA summary report of a new clinical trial, soon to be published in the public news

 
Looking for a similar assignment? Our writers will offer you original work free from plagiarism. We follow the assignment instructions to the letter and always deliver on time. Be assured of a quality paper that will raise your grade. Order now and Get a 15% Discount! Use Coupon Code "Newclient"