Tuesday, September 3, 2019
Solving HealthCareââ¬â¢s eMail Security Problem Essay -- essays research p
Solving HealthCareââ¬â¢s eMail Security Problem Abstract While healthcare organizations have come to depend heavily on electronic mail, they do so without a significant email security infrastructure. New Federal law and regulation place new obligations on the organizations to either secure their email systems or drastically restrict their use. This paper discusses email security in a healthcare context. The paper considers and recommends solutions to the healthcare organizationââ¬â¢s problem in securing its mail. Because email encryption will soon be a categorical requirement for healthcare organizations, email encryption is discussed in some detail. The paper describes details and benefits of domain level encryption model and considers how PKI is best deployed to support secure electronic mail. Motivation It is a simple fact that the US healthcare industry has come to depend heavily on electronic mail to support treatment, payment and general healthcare operations. Such use, though, is something of a badly kept secret as most healthcare organizations have explicit policy which either prohibits or seriously restricts the use of electronic mail for the transmission of any ââ¬Ëpatient identifiableââ¬â¢ health information. Historically, the industry has deemed patient identifiable health information as deserving of special protection, since, by its very nature, such information is highly confidential. Accepting the ââ¬Ëinherent insecurityââ¬â¢ of electronic mail, healthcare organizations have done little to develop security infrastructure supporting use of electronic mail for confidential communication and instead adopted policies forbidding such use. It speaks to the utility of electronic mail, that even in spite of such policy, as much as 40% of all electronic mail emanating from healthcare organizations contains health information. A very small percentage of this email is encrypted or otherwise protected to ensure its confidentiality and authenticity. Federal law will prohibit future ââ¬Ëunsecuredââ¬â¢ use of electronic mail for transmission of health information. The Health Insurance Portability and Accountability Act of 1996 (a.k.a. Public Law 104-191; a.k.a. HIPAA) obligates healthcare organizations to implement ââ¬Ëreasonable and appropriateââ¬â¢ technical safeguards to ensure that the confidentiality and integrity of health information is preserved. While ââ¬Ëreasonable and appropriateââ¬â¢ i... ...tration, ââ¬Å"45 CFR Part 142 - Health Insurance Reform: Security and Electronic Signature Standardsâ⬠Federal Register Vol 63, No. 155 August 12, 1998 (1998): 43242-43280. URL: http://aspe.hhs.gov/admnsimp/nprm/secnprm.pdf 11. Partner, Chris and Glaser, John ââ¬Å"Myths about Healthcare IT Spendingâ⬠Healthcare Informatics, July 2002 URL: http://www.healthcare- informatics.com/issues/2002/07_02/myths.htm 12. Perigee.net Corporation , ââ¬Å"Perigee.net (Home Page)â⬠URL: http://www .perigee.net/main.html 13. Ramsdell, Blake ââ¬Å"S/MIME Version 3.1 Message Specification - draft-ietf-smimerfc2633bis- 03.txt January 16, 2003 URL: http://www.ietf.org/internet-drafts/draft-ietf-smime-rfc2633bis-03.txt 14. Dean, T and Ottaway, W. ââ¬Å"RFC 3182 - Domain Security Services using S/MIMEâ⬠. October, 2001. URL: http://www.ietf.org/rfc/rfc3183.txt?number=3183 15. United States Code, Title 18, Part I, Chapter 119, Section 2511â⬠URL: http://www 4.law .cornell.edu/uscode/18/2511.html 16. Whitten, Alma and Tygar, J.D. ââ¬Å"Why Johnny Canââ¬â¢t Encrypt:- A Usability Evaluation of PGP 5.0â⬠Carneigie Mellon University School of Computer Science Technical Report CMU-CS 98-155. December, 1998 URL: http://www.cs.cmu.edu/~alma/johnny.pdf
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.