Term Paper

Anonymous
timer Asked: Mar 26th, 2017
account_balance_wallet $40

Question Description

Please consider the following draft outline in the Attachment: Guideline for completing the information assurance final examination when preparing your final examination. We suggest an estimated 20 page (single space) mini-paper[1] with approximately six figures/tables (with footnotes/endnotes for the captions). The 20 pages do not include the title page, table of contents, list of figures, and references.

Please feel free to use and/or adapt any information provided in this guide. I have attached the guide.

Unformatted Attachment Preview

Information Assurance: EN.695.401 Final Examination: Healthcare Case: Standards-Based Approach to Cybersecurity, v4.8, July 14, 2016 Introduction Consider a healthcare online transplant center IT system that is associated with a large hospital. The IT system is based on NIST Cybersecurity Practice Guide Special Publication 1800-1b: Securing Electronic Health Records on Mobile Devices, July 2015, Figure 3: Architecture for the Secure Exchange of Electronic Health Records on Mobile Devices in a Healthcare Organization. The SP 1800 series “worked examples” are based on NIST standards-based approaches to cybersecurity. Demonstrating your ability to apply a NIST standards-based approach to cybersecurity is a key issue for this examination. Note: SP 1800-1b: Figure 3 is replicated as SP 1800-1d: Figure 1: Architecture for the Secure Exchange of Electronic Health Records on Mobile Devices in a Health Care Organization. Final Examination: Question Please develop for NIST SP 1800-1b, figure 3: Architecture for the Secure Exchange of Electronic Health Records on Mobile Devices in a Healthcare Organization, a NIST standardsbased approach to cybersecurity for attribute based access control (ABAC). Please consider NIST Cybersecurity Practice Guide Special Publication 1800-3b: Attribute Based Access Control, September 2015. The scope of this examination focuses primarily on a standards-based approach to cybersecurity for secure remote access with RBAC (Role Based Access Control) that could be extended to ABAC for 1) The Radiology Department; 2) Dr. Jones Orthopedics, and 3) VPN (Virtual Private Network) external access point (as defined in SP 1800-1b: figure 3). Two EpicCare healthcare cases are provided to assist in your analysis and in developing conclusions. These cases introduce some of the commercially available and installed healthcare technology that includes cybersecurity features. For example, an INOVA Transplant Center in Fairfax, VA. Please consider the examination format provided by 1) the suggested table of contents; and 2) a requirement to provide and discuss for a NIST seven-step gap analysis1 six figures/tables. For example, please consider including three tables and three figures: 1. NIST Step 3: “As Is” Profile a. Table 1: NIST Special Publication 1800-1b: Draft: Securing Electronic Health Records on Mobile Devices, Approach, Architecture, and Security 1 NIST: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014, Section 3.2: Establishing or Improving a Cybersecurity Program. 1 Characteristics, July 2015: Table 2: Mapping Security Characteristics to the CSF [NIST Cybersecurity Framework] and HIPAA [Health Insurance Portability and Accountability Act]. b. Table 2: NIST Special Publication 1800-1d: Draft: Securing Electronic Health Records on Mobile Devices: Standards and Controls Mapping, July 2015: Table 2: Security Characteristics Mapped to Cybersecurity Standards and Best Practices and HIPAA. [An extract is fine.] c. Figure 1: NIST Special Publication 1800-1b: Draft: Securing Electronic Health Records on Mobile Devices, Approach, Architecture, and Security Characteristics, July 2015: Figure 3: Architecture for the secure exchange of electronic health records on mobile devices in a health care organization. 2. NIST Step 5: “To Be” Profile: a. Note: ABAC is an additive architecture. In this case, ABAC is added to SP 18001 RBAC (Rule Based Access Control) systems. b. Table 3: NIST Special Publication 1800-3b: Draft: Attribute Based Access Control: Approach, Architecture, and Security Characteristics, April 2015: Table 4.1: Use Case Security Characteristics Mapped to Relevant Standards and Controls. c. Figure 2: NIST Special Publication 1800-3b: Draft: Attribute Based Access Control: Approach, Architecture, and Security Characteristics, April 2015: Figure 5.1: ABAC Build 1 Architecture. d. Figure 3: ABAC Extension to RBAC SP 1800-1b: Figure 3: Architecture for the secure exchange of electronic health records on mobile devices in a health care organization [student developed]. Final Examination: Two Conceptual Issues We introduce two conceptual issues that pertain in part to the final examination: 1) secure remote access with ABAC: healthcare example; and 2) ABAC healthcare: an additive architecture. Secure remote access with ABAC: Healthcare example The requirement for secure remote access with ABAC or more fine-grained access control is introduced in SP 1800-3b, Section 1.1 Challenge: ABAC healthcare: an additive architecture 2 According to NIST2: ABAC is additive to RBAC (Role Based Access Control): According to NIST3: Our approach [for applied mobile ABAC—“To Be”] uses commercially available products that can be included alongside your current [RBAC: mobile NAC] products in your existing infrastructure [“As Is].” [Emphasis added]. Final Examination: Instructions Please consider the following draft outline in the Attachment: Guideline for completing the information assurance final examination when preparing your final examination. We suggest an estimated 20 page (single space) mini-paper4 with approximately six figures/tables (with footnotes/endnotes for the captions). The 20 pages do not include the title page, table of contents, list of figures, and references. Please feel free to use and/or adapt any information provided in this guide. Contents Information Assurance: EN.695.401 Final Examination: Healthcare Case: StandardsBased Approach to Cybersecurity, v4.7, July 13, 2016 ............................................................. 1 Introduction............................................................................................................................... 1 2 NIST Draft: Cybersecurity Practice Guide: Attribute Based Access Control: Approach, Architecture, and Security Characteristics, Special Publication 1800-3b, September 2015, Section 1: Summary. 3 a. NIST Draft: Cybersecurity Practice Guide: Attribute Based Access Control: Approach, Architecture, and Security Characteristics, Special Publication 1800-3b, September 2015, Section 1: Summary. b. Please also see: ABAC Beyond RBAC; http://www.axiomatics.com/solutions/role/business-managers/abac-beyond-rbac.html Leveraging RBAC investments made ABAC rules mandate that permissions be granted or denied depending on the values of named attributes. Existing roles become authoritative "subject attributes". Roles therefore retain their value and serve as important privilege-giving attributes which help define the user when ABAC authorizations are made. In this sense Attribute Based Access Control (ABAC) leverages investments made in RBAC models while moving beyond. The problem with the toxic combination in the example above could for instance be resolved without a change in the role concept. An ABAC rule can state that "yes, if you have both role 1 and 2 you may use permission 1.C provided you have not already used the permission 2.C on that same information object since the combination would constitute an SoD [Segregation of Duty] violation". Thus, roles are maintained and used but their limitations have been overcome. 4 In brief, a mini-paper uses the guidance provided for structured discussions plus supplemental guidance: The criteria for the final examination are essentially the structured discussion guidance: Enterprise Cybersecurity Analysis and Guidance for Structured Discussion Questions: Spring 2015, v1.11, May 26, 2015: Part III: Sample Set of Headings for Structured Discussions) plus: a) table of contents; b) footnotes for captions for figures/tables; and c) fifteen page (single space) target (Does not include title page, table of contents, list of figures and references). 3 Final Examination: Question .................................................................................................... 1 Final Examination: Two Conceptual Issues ............................................................................. 2 Secure remote access with ABAC: Healthcare example ........................................................ 2 ABAC healthcare: an additive architecture ............................................................................ 2 Final Examination: Instructions................................................................................................ 3 Attachment: Guideline for completing the information assurance final examination ................ 4 1. Introduction and Interpretation of the Question................................................................... 4 Final examination question ....................................................................................................... 4 Final examination: Interpretation ............................................................................................. 5 2. Context ................................................................................................................................. 5 3. NIST Security Control Maps and Architectures ..................................................................... 6 4. NIST Cybersecurity Framework: Improving a Cybersecurity Program: SevenStep Gap Analysis .................................................................................................................... 10 5. Cases .................................................................................................................................. 11 INOVA Fairfax Hospital ........................................................................................................ 11 Epic [Automated Patient Records] ......................................................................................... 11 6. Analysis.............................................................................................................................. 12 7. Conclusions ........................................................................................................................ 13 8. Matters for Consideration .................................................................................................. 13 9. References .......................................................................................................................... 13 Here for your review is an Attachment that provides a guideline for completing the information assurance final examination. This guideline includes a sample Table of Contents. Attachment: Guideline for completing the information assurance final examination After review of the final examination question, please consider developing your examination. Please feel free to consider and adapt the draft Table of Contents that follows: 1. Introduction and Interpretation of the Question Final examination question Please develop for NIST SP 1800-1b, figure 3: Architecture for the secure exchange of electronic health records on mobile devices in a healthcare organization, a NIST standards-based approach to cybersecurity for adding attribute based access control (ABAC). Please use NIST 4 Cybersecurity Practice Guide Special Publication 1800-3b: Attribute Based Access Control, September 2015. The scope of this examination focuses primarily on a NIST standards-based approach to secure remote access with ABAC for 1) The Radiology Department; 2) Dr. Jones Orthopedics, and 3) VPN (Virtual Private Network) external access point (as defined in figure 3 above). Two EpicCare healthcare cases are provided to assist in analysis and in developing conclusions. These cases introduce some of the commercially available and installed healthcare technology that includes cybersecurity features. Final examination: Interpretation The final examination case may be considered an extension of the following case developed by NIST: Special Publication 1800-1b: Securing Electronic Health Records in Mobile Devices: Standards and Controls Mapping, July 2015: Figure 3: Architecture for the Secure Exchange of Electronic Health Records on Mobile Devices in a Health Care Organization; and Table 2: Security Characteristics Mapped to Cybersecurity Standards and Best Practices (Note: This is a NIST Security Control Map using HIPAA (Health Insurance Portability and Accountability Act of 1996) Requirements. A more comprehensive security control map would include a column for NIST SP 800-53, Rev. 4 security controls.) Risk management is introduced in SP 1800-1b. However, risk assessment and outcomes are discussed in NIST: Special Publication 1800-1e: Securing Electronic Health Records in Mobile Devices: Risk Assessment and Outcomes, July 2015. The extension of SP 1800-1b for this examination is provided in: NIST: Special Publication 1800-3b: Attribute Based Access Control, September 2015. 2. Context The following documents may be considered as providing an authoritative context for this case: a. Enterprise level: NIST: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014. b. Enterprise level: NIST: Special Publication 800-53, Rev. 4: NIST: Special Publication 800-53, Rev. 4: Security and Privacy Controls for Federal Information Systems and Organizations, April 2013/January 15, 2014: Errata Update: January 2015. NIST: Special Publication 800-160: Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (Second Draft), May 2016. 5 NIST Special Publication 800-162: Guide to Attribute Based Access Control (ABAC) Definition and Considerations, January 2014. c. Web level: NIST SP 800-95: Guide to Secure Web Services, August 2007, Executive Summary and Section 3.6: Confidentiality and Integrity of Service to Service Interchanges: NIST SP 800-95: Executive Summary: Perimeter-based network security technologies (e.g., firewalls) are inadequate to protect SOAs [Service Oriented Architectures] for the following reasons: 1. SOAs are dynamic and can seldom be fully constrained to the physical boundaries of a single network. 2. SOAP is transmitted over HyperText Transfer Protocol (HTTP), which is allowed to flow without restriction through most firewalls. SP 800-95: Section 3.6 Confidentiality and Integrity of Service to Service Interchanges: Integrity can be enforced to an extent through the use of XML gateways (i.e., XML firewalls [or web application firewalls: WAFs]), and further explanation of this notion is provided in Section 3.6.4 . d. Database level: NIST Special Publication 800-123: Guide to General Server Security, July 2008, Section 2: Background e. “Worked Examples” level: NIST SP 1800-1 and 3. 3. NIST Security Control Maps5 and Architectures a. First, please consider reviewing NIST: Special Publication 1800-1e: Securing Electronic Health Records on Mobile Devices: Risk Assessment and Outcomes, July 2015, Section 3: Results, Figure 1: The steps necessary for a user and device to gain access to the electronic health record server; and Section 4.3: Security Assessment, Figure 2: An example of the process for determining which tests to include in the security assessment. i. Figures 1 and 2 provide a basis for understanding the NIST Health Care Organization case: ii. Figure 1: The steps necessary for a user and device to gain access to the electronic health record server iii. Figure 2: An example of the process for determining which tests to include in the security assessment (Note: This is a NIST Security Control Map) b. Second, please consider copying the column headings and row one from Table 2 in: NIST: Special Publication 1800-1d: Securing Electronic Health Records in Mobile Devices: Standards and Controls Mapping, July 2015: Figure 1: Architecture for the 5 a. Harold J. Podell, Three Key Issues for Candidate Layered Security Architecture, v1.66, October 31, 2015, Part B: NIST Security Control Maps. b. Securing Electronic Health Records Case: NIST Special Publication 1800-1e: Draft: NIST Cybersecurity Practice Guide Health IT: Securing Electronic Health Records on Mobile Devices: Risk Assessment and Outcomes, July 2015, Figure 1: The steps necessary for a user and device to gain access to the electronic health record server; and NIST Security Control Map: Figure 2: An example of the process for determining which tests to include in the security assessment. 6 Secure Exchange of Electronic Health Records on Mobile Devices in a Health Care Organization; and Table 2: Security Characteristics Mapped to Cybersecurity Standards and Best Practices (Note: This is a NIST Security Control Map). c. Note: Please consider the column headings and row one from SP 1800-1d, Table 2 as an extract from the NIST Security Control Map that is applicable to the final examination case—“As Is.” Please consider developing a version of this “As Is” NIST Security Control Map for your final examination. For example, see table 1. Table 1 remaining entries are not provided, i.e., …: 7 Security CSF6 Character Funct -istics -ion CSF Category HIPAA Requirements NIST SP 800-53, Rev. 4 Security Controls access control Protect (PR) Access Control (PR.AC) § 164.312 (a) NIST SP 800-53 Rev. 4 AC-2, IA Family NIST SP 800-53 Rev. 4 PE-2, PE-3, PE-4, PE5, PE-6, PENIST SP 800-53 Rev. 4 AC-17, AC-19, AC20 NIST SP 800-53 Rev. 4 AC-2, AC-3, AC-5, AC-6, AC-16 NIST SP 800-53 Rev. 4 AC-4, SC-7 Identify (ID) … Table 1: Sample: Mapping Security Characteristics of NIST CSF, HIPAA, NIST SP 800-53, Rev. Security Controls—“As Is” Source: NIST SP 1800-1b Draft: Securing Electronic Health Records on Mobile Devices: Approach, Architecture, and Security Characteristics, July 2015, Table 2; and NIST: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014, Appendix A, Table 2 d. Third, please prepare a table, which represents a NIST Security Control Map: Extract for a “Target Profile”—“To Be” for the final examination case. The “Target Profile” could be a figure, such as a NIST security control map, that you develop to add attribute based access control (ABAC) to: The Radiology Department; 2) Dr. Jones Orthopedics, and 3) VPN (Virtual Private Network) external access point (as defined in NIST SP 1800-1b: figure 3 above). [Emphasis added] For example, see Table 2: Table 2 remaining entries are not provided, i.e., …: 6 NIST: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014. 8 Security CSF7 Character Funct -istics -ion CSF Category HIPAA Requirements NIST SP 800-53, Rev. 4 Security Controls Identity and Credentials Access Control (PR.AC1) (PR.AC3) § 164.312 (a) AC-1, IA Family (PR.AC4) … Protect (PR) Remote Access AC-17, AC-19, AC-20 … AC-2, AC-3, AC-5, AC-6, AC-16 Access Permission s … Encryption and Digital Signature Identify (ID) … … … Table 2: ABAC Use Case Security Characteristics Mapped to Relevant Standards and Controls--"To Be" Source: NIST SP 1800-3b Draft: Attribute Based Access Control: Approach, Architecture, and Security Characteristics, September 2015, Table 4.1; and NIST: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0, February 12, 2014, Appendix A, Table 2 1) As introduced, Note: SP 1800-1b: Figure 3 is replicated as SP 1800-1d: Figure 1: Architecture for the Secure Exchange of Electronic Health Records on Mobile Devices in a Health Care Organization. 2) The two baseline architectures are presented in SP 1800-1b: Figure 3—“As Is”; and SP 1800-3b: Figure 5.1—“To Be” 3) Your assignment includes adapting SP 1800-3b: Figure 5.1— “To Be” to meet the ABAC security requirements for three users in SP 1800-1b: Figure 3--1) the Radiology Department, 2) Dr. Jones Orthopedics, and 3) VPN external access point. The basic access controls, such as RBAC (Role Based Access Control), in “As Is” are extended to ABAC for “To Be.” 4) In summary, ABAC supports a fine-grained access c ...
Purchase answer to see full attachment

Tutor Answer

Robert__F
School: University of Virginia

HERE you go what figures or tablesI finished what requested yesterday

Running HEAD: INFORMATION ASSURANCE

Information assurance
Name:
Institutional Affiliation:
Date:

1

HEAD: INFORMATION ASSURANCE

2

Table of Contents
Information assurance ..................................................................................................................... 3
Abstract ........................................................................................................................................... 3
Platforms ......................................................................................................................................... 3
Health Sector ................................................................................................................................... 3
Methods and Approaches ................................................................................................................ 4
Security Measures ........................................................................................................................... 5
IT Architectures .............................................................................................................................. 6
NIST Cybersecurity Practice Guides .............................................................................................. 6
NIST Cybersecurity Framework: Improving a Cybersecurity Program: Seven-Step Gap Analysis
....................................................................................................................................................... 12
Step 1: Prioritize as well as spell out the scope......................................................................... 12
Step 2: Orient ............................................................................................................................ 13
Step 3 Create a profile ............................................................................................................... 13
Step 4: Perform a risk analysis and assessment ........................................................................ 13
Step 5: Create and develop a target profile ............................................................................... 13
Step 6: Determine, perform analysis and place gaps according to the urgency and priority. ... 13
Step 7: Implement the appropriate action plan.......................................................................... 13
Cases ............................................................................................................................................. 14
Epic [Automated Patient Records] ............................................................................................ 14
Alluding Physician PACS Access ......................................................................................... 14
Streamlined Eligibility System (some time ago known as HCAP) ....................................... 14
Augmented Access ................................................................................................................ 15
InovaNet .................................................................................................................................... 15
Analysis......................................................................................................................................... 15
Conclusions ................................................................................................................................... 18
Matters for Consideration ............................................................................................................. 21
References ..................................................................................................................................... 24

HEAD: INFORMATION ASSURANCE

3

Information assurance
Abstract
We are living in a world that has embraced information believing that information is
power. The ability of each and every organization or company to withhold their information that
they pose in a safe way is dependent as well as is determined by the kind of information systems
that they have. Looking at the different information systems around the world, it can be seen that
each and every company or organization is trying to better their existing systems by improving
on their different security aspects on a constant basis. For the organizations to ensure that their
systems are efficient as well as the systems being dependable and reliable as far as the read and
write functions of the information that is being stored in the systems are concerned, the different
organizations have been striving and working around the clock where different teams have been
employed to work on the different security aspects of the information systems. This ensures that
the different aspects of information systems that are available in the company are fully functional
besides being safe and secure as far as the recording, storing, retrieving as well as the
presentation of the information on different platforms is concerned.
Platforms
Speaking of different platforms, there are various ways with which information from
different organizations can be presented as far as the end consumer is concerned. The end user of
the different information may have a totally different platform with which they are accessing the
information resource of the given company. Taking into consideration the current trends in
technology as far as information sharing is concerned, it can be seen and concluded that there
exist diverse ways and methods with which information can be shared and transferred among the
different users of the given information.
Health Sector
In the health sector, as in this case, the sector has been revolutionized where the sector
has received a lot of changes in terms of technological changes.it has been observed and
recorded that the different health care centers had been using old ways and methods of
presenting as well as storing information in their organizations. It has been observed that the old
methods were purely manual where a lot of paperwork was involved in the overall daily
operations of the given organizations. The manual methods had a lot of disadvantages which
included the risk of possible data loss or the possible data damage that the information being
recorded on paper would be subjected to.
Years passed when finally a new and a more efficient as well as a reliable method of
storing, retrieving and also presenting the information was invented. This was characterized by
the introduction of computers. The computers replaced the old manual ways in the different
organizations especially in the health sector where under this era, information was regarded and
stored as digital data on computers. Instead of using and dwelling on the manual hard copy
information, the computers presented a digital and information was presented as soft copies of
the data captured. The further development of the internet, as well as the development of
distributed systems and the increased purchase of smartphones among the different populations,
has championed the development of new ways of presenting information to the different parties

HEAD: INFORMATION ASSURANCE

4

involved. This has led to another revolution that has made it possible for all the populations to
access, send or even transact any kind of information over the internet to and between their
relevant parties.
With the introduction of the given technologies, the health sector has shifted to the online
transaction that has made it possible for their relevant interactive parties to have the ease of
accessing the data that they require at any given time which have their own security challenges
(Catteddu, 2010). Mobile phones have made it possible for the widespread of different
information joints that are produced by the different health organizations to reach a lot of people
who are found to be in need of the information across the world. This has made it easy for the
different companies as well as health organizations to improve their information dissemination
and gathering easy. In the health sector, mobile devices have been found to be heavily used in
the different heath care sectors where it is not only the general information that is being
transacted but also the monetary transactions (Tipton & Nozaki, 2012).
The transfer, as well as the overall transaction of the different transactions over the
mobile devices in the sector, has been on the rise for years now. The more the technology has
developed in the making sure that the systems are efficient in their overall performances, there
arise various other issues of concern that must be addressed in order to ensure that the
information being transacted over the different parties using the different platforms remain safe
and legit. Any form of compromise that could be subjected to the information that is being
transacted over the devices would render the information as contaminated as well as the integrity
of the information could be in question which would raise a lot of issues as well as concerns
about the efficiency of the systems.
Methods and Approaches
In the attempt to come up with a good method of ensuring that the information being
transacted in the different systems is secure, there are various methods that have been developed
in the years that have helped in the maintenance of information security as well as the upholding
and the maintenance of information security of the different systems of information transfer in
the health sector. In a world where cyber security has become the daily topic on almost each and
every organization, the development of a secure and a more reliable method with which the
transfer of information between an or among the various parties involved has become a major
issue of concern.
In the attempt to ensure that all the operations that are being done on the data that is being
transferred to or/and between or among the different devices in the organization, it becomes an
issue of concern to ensure that the best measures are taken in order to make the transfer of the
information safe and efficient which renders the systems as reliable. Various standards have been
set up in the field of managing the security of the data that involves the transfer of information
from the source to the end users who in this case have been found to use mobile devices. It is
important to note that Electronic Health Records have revolutionized the manner in which the
health organizations keep their records as well as how the health organizations on the same note
have been dealing with the ensuring that the exchange of the given information on the sector is
safe and secure which upholds data integrity together with ensuring the safe exchange of
information on the mobile devices.

HEAD: INFORMATION ASSURANCE

5

Security Measures
The major aim of the different security measures that the different companies, as well as
the different organizations, take in the attempt to ensure that their systems are safe. There exist
different measures that different health organizations have embraced and also employed within
their respective organizations that have made it possible for them to include safe and reliable
measures in their premises as well as in their information systems that have seen the successful
maintenance of the systems as far as information security is concerned. In implementing the
systems, there are the set guidelines that must be followed by the organizations in successfully
implementing and using the different information systems that they have employed. The better
the information system security measure that has been employed in the different systems, the
better and secure is the information that is being passed and transacted between and among the
different devices to the different people that are in need and or are accessing the given data.
Electronic wellbeing record frameworks are vital instruments utilized for getting to and
keeping up patient information, for example, the historical backdrop of hospitalizations and
medicinal exams. These days, doctors, attendants, and doctor's facility staff require quick and
secure access to restorative records staying away from the organization for patient data recovery
and imprecision in patient's information support. Omnipresent and unavoidable processing can
add to beating such difficulties; however, the gadget pantomime issue ought to be precisely
tended to in this situation. To manage such issue, this paper exhibits a protected design in view
of omnipresent and unavoidable registering for therapeutic records recovery and upkeep. Such
design depends on Near Field Communication (NFC) for message trade amongst cell phones and
labels. A confirmation instrument is displayed and approved to guarantee gadget validation.
Logical outcomes uncover that such component is proficient in giving shared verification.
Furthermore, another essential security properties are come to, as secrecy, message hostile to
replay and gadget against following. At long last, as evidence of idea, we exhibit a solution
conveyance contemplate case in view of a created model (Laudon & Laudon, 2013).
Medicinal services is changing as are the devices used to organize better watch over
patients like you and me. Amid your latest visit to the specialist, you may have seen your doctor
entering notes on a PC or tablet into an electronic wellbeing record (EHR). With EHRs comes
the open door for patients to get enhanced composed care from suppliers and simpler access to
their wellbeing data. It's an approach to make it less demanding for everybody to be better
educated and more required in the patient's social insurance. However for a hefty portion of us,
EHRs likewise accompany inquiries and worries about the protection and security of our
wellbeing data. Who can get to the data on my EHR? How might I see the data in my record and
ensure it's right? How is it shielded from misfortune, burglary and hacking? What would it be a
good idea for me to do on the off chance that I think my data has been bargained?
A large number of you have known about HIPAA– the Health Insurance Portability and
Accountability Act. The HHS Office for Civil Rights (OC...

flag Report DMCA
Review

Anonymous
Top quality work from this guy! I'll be back!

Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors