Implementing certificate services in a health center

The Health Insurance Portability and Accountability Act (HIPAA) includes Title II: Fraud and Abuse/Administrative Simplification, which specifies things healthcare organizations must do to secure and protect protected health information. One method used to comply with Title II is certificate-based security for networked healthcare information systems.

Requirements:

The topic of this assignment is Certificate-Based Public Key Encryption, which protects electronic protected health data while it is in motion, or being transmitted. Consider that you are a new IT director and you have been made aware that your hospital is transmitting patient data electronically, to external entities, without encrypting it.  You are responsible for justifying the need to purchase encryption software for the networked healthcare information systems in a large hospital system. Write a memo to the hospital’s CEO justifying the need to purchase certificate-based Public Key Encryption software and then request permission to make this purchase.  Include the following criteria:

• Describe at least three types of protected health electronic data that are electronically communicated externally by your hospital that are covered by HIPAA and therefore must be protected.
• Explain in your own words how certificate-based public key encryption works to secure electronic data that is transmitted from one location to another.
• Do some internet research and find at least one real-world software product to recommend that the hospital purchase for use to enable public key encryption to protect its data.  Remember that this must be a software that provides public key encryption specifically for protected health data in motion – not a software that protects data that is secure on a drive.

Your memo should include the following criteria:

• 2- pages in length, double-spaced. 
• Free of spelling, grammar, and punctuation errors. 

Please Meet Criteria

Describe at least three types of protected health electronic data that are electronically communicated externally by your hospital that are covered by HIPAA and therefore must be protected.

Explain in your own words how certificate-based public key encryption works to secure electronic data that is transmitted from one location to another.

Discussed at least one real-world software product that could be used to enable public key encryption in a hospital setting. (Must be for data in motion or it is not PKE, software found for data on a server or stationary will receive 0 points here)

Free of spelling, grammar, and punctuation errors.