Activity 1: Classification Activity (100 points)
This activity is comprised of two parts. (100 points) (A two-page response is required for the combination of Parts A and B.)
Cybersecurity starts with understanding what assets are essential to protect. Healthcare organizations should have a classification system based on the value of the information. It's important to note that this type of data classification differs from that of computer programming, which is also called classification, but relates more to labeling the data to differentiate it into classes and sets. In cybersecurity, data classification is required to apply a value relative to how sensitive and critical the information is, as defined by the organization. This value will determine what level of information protection controls will be applied to information collected, maintained, retained, used, and disposed of when no longer needed.
Perform data classification analysis on the below list of healthcare data points and determine how each should be classified. Explain your thought process and reasoning for each decision. Use the categories of Confidential, Internal Company Use Only, or Open to Public.
Part A: Define and describe each of the three categories in your own terms. Research information, security data, and classification systems and definitions online. (25 points).
Part B: Label each of the data points below the appropriate category and explain your reasoning. (75 points)
- Patient name, address, and social security number
- A hospital blog website with patient health tips
- Patient medical history such as medicine and allergy lists
- Patient laboratory test results
- Doctor name, address, and employee ID number
- Patient radiology images (X-ray, MRIs, and so on) and clinical photographs (endoscopy, laparoscopy, and so on)
- A newsletter for all hospital staff
- Nurse shift schedule for the month
- A page on the hospital website that describes how patient data is protected
- Prescribed and administered medications for patients
- A summary report of a new clinical trial, soon to be published in the public news