Solving HealthCare’s eMail Security Problem Essay -- essays research p

Solving HealthCares eMail Security Problem bring upWhile healthcare organizations assimilate come to depend heavily on electronic dismount, they doso without a significant email security system infrastructure. smart Federal law and regulationplace new obligations on the organizations to either secure their email systems ordrastically restrict their use. This paper discusses email security in a healthcarecontext. The paper considers and recommends solutions to the healthcareorganizations problem in securing its mail. Because email encryption will soon be acategorical requirement for healthcare organizations, email encryption is discussed insome detail. The paper describes details and benefits of domain level encryption modeland considers how PKI is best deployed to harbor secure electronic mail.MotivationIt is a simple fact that the US healthcare industry has come to depend heavily onelectronic mail to support treatment, payment and general healthcare operations. Suchuse, thoug h, is something of a badly kept secret as most healthcare organizations haveexplicit constitution which either prohibits or seriously restricts the use of electronic mail forthe transmission of any patient identifiable health information. Historically, the industryhas deemed patient identifiable health information as deserving of special protection,since, by its very nature, much(prenominal) information is highly confidential. Accepting the inherentinsecurity of electronic mail, healthcare organizations have done little to developsecurity infrastructure supporting use of electronic mail for confidential communicationand instead adopted policies forbidding such use. It speaks to the utility of electronicmail, that even in spite of such policy, as much as 40% of all electronic mail emanatingfrom healthcare organizations contains health information. A very small percentage ofthis email is encrypted or otherwise protected to ensure its confidentiality andauthenticity.Federal law will prohibit future unbolted use of electronic mail for transmission ofhealth information. The Health Insurance Portability and Accountability Act of 1996(a.k.a. Public Law 104-191 a.k.a. HIPAA) obligates healthcare organizations toimplement reasonable and divert technical safeguards to ensure that theconfidentiality and integrity of health information is preserved. While reasonable andappropriate i... ...tration, 45 CFR Part 142 -Health Insurance Reform Security and electronic Signature Standards FederalRegister Vol 63, No. 155 August 12, 1998 (1998) 43242-43280. uniform resource locator http//aspe.hhs.gov/admnsimp/nprm/secnprm.pdf11. Partner, Chris and Glaser, John Myths about Healthcare IT Spending HealthcareInformatics, July 2002universal resource locator http//www.healthcare- informatics.com/issues/2002/07_02/myths.htm12. Perigee.net Corporation , Perigee.net (Home Page)URL http//www .perigee.net/main.html13. Ramsdell, Blake S/MIME Version 3.1 Message Specification - draft-ietf- smimerfc2633bis-03.txt January 16, 2003URL http//www.ietf.org/internet-drafts/draft-ietf-smime-rfc2633bis-03.txt14. Dean, T and Ottaway, W. RFC 3182 - Domain Security Services using S/MIME.October, 2001.URL http//www.ietf.org/rfc/rfc3183.txt?number=318315. United States Code, Title 18, Part I, Chapter 119, Section 2511URL http//www 4.law .cornell.edu/uscode/18/2511.html16. Whitten, Alma and Tygar, J.D. Why Johnny Cant Encrypt- A Usability paygrade ofPGP 5.0 Carneigie Mellon University School of Computer Science Technical ReportCMU-CS 98-155. December, 1998URL http//www.cs.cmu.edu/alma/johnny.pdf