The Health Insurance Portability and Accountability Act (HIPAA) includes Title II: Fraud and Abuse/Administrative Simplification, which specifies things healthcare organizations must do to secure and protect protected health information. One method used to comply with Title II is certificate-based security for networked healthcare information systems.
The topic of this assignment is Certificate-Based Public Key Encryption, which protects electronic protected health data while it is in motion, or being transmitted. Consider that you are a new IT director and you have been made aware that your hospital is transmitting patient data electronically, to external entities, without encrypting it. You are responsible for justifying the need to purchase encryption software for the networked healthcare information systems in a large hospital system. Write a memo to the hospital’s CEO justifying the need to purchase certificate-based Public Key Encryption software and then request permission to make this purchase. Include the following criteria:
Your memo should include the following criteria:
Please Meet Criteria
Describe at least three types of protected health electronic data that are electronically communicated externally by your hospital that are covered by HIPAA and therefore must be protected.
Explain in your own words how certificate-based public key encryption works to secure electronic data that is transmitted from one location to another.
Discussed at least one real-world software product that could be used to enable public key encryption in a hospital setting. (Must be for data in motion or it is not PKE, software found for data on a server or stationary will receive 0 points here)
Free of spelling, grammar, and punctuation errors.