1 Background Medical records were traditionally paper-based for the longest while, especially in family physicians’ offices. As a result, communication of patient health among physicians, specialists,...

CISPP Security assignment


1 Background Medical records were traditionally paper-based for the longest while, especially in family physicians’ offices. As a result, communication of patient health among physicians, specialists, and health care organizations was inefficient. The federal and provincial governments decided in the early 2000’s on a major push toward electronic patient records and creation of medical databases that could interoperate through centralized gateways. The eHealth Ontario provincial agency is tasked with coordinating the program here in Ontario. As discussed in class, overly complex systems violate fundamental security principles and pose risk especially where huge databases of sensitive information are involved. The history of eHealth Ontario is not without controversy. This assignment will develop further your skills in analyzing business documents, understanding security requirements based on audit reports, and applying security management solutions that are relevant to stated business objectives. Assignment [Estimated Time: 4 Hours. Total Marks: 70] Document Links: Small Offices Guide https://ehealthontario.on.ca/en/security/guides Electronic Health Record’s Implementation Status https://www.auditor.on.ca/en/content/annualreports/arreports/en16/v1_303en16.pdf 1) Auditor’s Report Name the four fundamental components required for seamless access to patient records according to the Ontario Auditor General 2016 report Electronic Health Record’s Implementation Status. Discuss the security issues (security challenges and possible solutions) involved with these four components. Rubric Characteristic Description Maximum Marks Relevancy Are the four key components correct? Are the risks and solutions related back to key security concepts 20 Clarity Are arguments developed and positions defended clearly and logically? 5 Insightful Are there original insights that go beyond what was taught in class? 5 TOTAL 30 https://www.auditor.on.ca/en/content/annualreports/arreports/en16/v1_303en16.pdf 2 2) Small Medical Office Security Guidance The four main fundamental components, observations, and recommendations in the auditor’s report form a good basis to evaluate eHealth Ontario’s security-related public documents like for example their security guidance documents to the medical profession. Review the document for small medical offices and provide a critique of how it can be improved. In other words, if you were tasked with creating the document, what points would you cover and how would you convey it to a non-technical reader. Note that recommendations must be understandable and doable at that level. Hint: There are at least five items that can be improved on Rubric Characteristic Description Maximum Marks Relevancy Were five areas for improvement identified and explained? Are the risks and solutions related back to key security concepts 25 Clarity Are arguments developed and positions defended clearly and logically? 10 Insightful Are there original insights that go beyond what was taught in class? 5 TOTAL 40