This activity is comprised of two parts. (100 points) (A two-page response is required for the combination of Parts A and B.)In cybersecurity, data classification is required to apply a value relative to how sensitive and critical the information is, as defined by the organization. This value will determine what level of information protection controls will be applied to information collected, maintained, retained, used, and disposed of when no longer needed.
Perform data classification analysis on the below list of healthcare data points and determine how each should be classified. Explain your thought process and reasoning for each decision. Use the categories of Confidential, Internal Company Use Only, or Open to Public.
Part A: Define and describe each of the three categories in your own terms. Research information security data classification systems and definitions online. (25 points)
Part B: Label each of the data points below the appropriate category and explain your reasoning. (75 points)
Patient name, address, and social security number
A hospital blog website with patient health tips
Patient medical history such as medicine and allergy lists
Patient laboratory test results
Doctor name, address, and employee ID number
Patient radiology images (X-ray, MRIs, and so on) and clinical photographs (endoscopy, laparoscopy, and so on)
A newsletter for all hospital staff
Nurse shift schedule for the month
A page on the hospital website that describes how patient data is protected
Prescribed and administered medications for patients
A summary report of a new clinical trial, soon to be published in the public news