USA: +1-206-973-7012 
Sign in
Integrative Project Proposal
Information Security Best Practices for Medical Hospitals
TS5990 Integrative Project
Project Description
For this project I plan to research and develop best practices in information security for hospitals. Hospitals are a specialized type of organization and patient confidentiality and protection of information resources is important. Integrity of data is imperative as well as an error in dosage of medication could cause serious injury or death. The key to maintaining good security is developing a good security policy and implementing it in an effective and efficient manner.
I currently am working for a hospital as an IT consultant in their data center. I want to broaden my knowledge and experience in the IT security field and I believe this is an excellent opportunity to do so. Since I have experience dealing with hospitals, I understand many of the issues that hospitals deal with and I believe that it will play an invaluable role when developing my project. I do not want to use my client as a reference for organizational structure or for network architecture, but will instead be using a generic hospital example to illustrate my points.
The output of this project will be a document detailing the security policy and network architecture of a hospital along with recommended procedures and explanations for securing the network. The overall goal of this project is to provide insight as to the common vulnerabilities prevalent in medical hospitals and to provide technology solutions to mitigate unauthorized access of data and other security threats.
Ethical and Legal Assumptions
There are many ethical and legal considerations when dealing with information security in health care organizations. Health care providers and organizations entrusted with personal health information are responsible to protect it against deliberate or inadvertent misuse or disclosure. HIPAA is at the forefront of legislation that requires organizations to protect patient privacy. There are two parts to the HIPAA regulations that outline security standards and implementation specifications: 45 CFR 160, the general administrative requirement and 45 CFR 164 Subpart E Privacy of the Individually Identifiable Health Information. Specific noncompliance with HIPAA can lead to a maximum fine of $250,000.00 and up to ten years imprisonment if an individual obtains health information with the intent to sell, transfer, or use the information for commercial advantage, personal gain or malicious harm. Health organizations face exposure to lawsuits for breach of confidentiality, loss of accreditation, audits by the Centers for Medicare and Medicaid Services (CMS), loss of reputation, and loss of patients or members. Because of these consequences it is in a hospitalbest interests to comply with regulations and take the necessary precautions to safeguard patient data. Along with HIPAA there are other regulations dealing with financial data such as SOX, GLB, and FACTA. Each of these regulations must also be adhered to and add to the case that a comprehensive information security policy is a requirement.
Implementation Strategy
Project Plan
My project plan will involve research in text and articles found on the Web. I am currently working as a consultant for a hospital so my experiences there will help me understand how information security applies in that type of environment. I have family members that are involved in the health care industry and I believe interviewing them may provide insight into the healthcare industry. My father is a physician, my stepmother is a nurse, and my aunt is a health care administrator. Of all these resources I believe my aunt can give me some useful insight as to how regulations are applied.
Tasks and Schedule
Task will be broken down into the following schedule:
Gather resources and interview sources. Week of July 13, 2008
Review regulation and compliance standards. Week of July 20, 2008
Research Intrusion methods and consequences (risk management). Week of July 27, 2008
Research security countermeasures: firewalls, intrusion detection systems, and VPN strategies. Week of August 3, 2008
Research identity management, network access control solutions, methods for securing network devices and complete Security policy. Week of August 10, 2008
Research Patch and Vulnerability Management Solutions and submit Project Draft Week of August 31, 2008
Submit Final Paper September 7, 2008
Stakeholders
Since I will be conducting this project on my own without using specific security information of my current client my list of stakeholders is limited. I am a stakeholder since I am responsible for producing the report. Professor Gagnon is the approving authority on my project as well as the grader so she may be considered a stakeholder. My father will be providing input to the completion of my project so he may be considered a stakeholder as well. The list is as follows:
Jason Benin – Researcher
Luisito Benin Doctor/ research source
Sharon Gagnon Approving Authority
Risk Management
The risks associated with the completion of the project include maintaining schedule, keeping within the scope of the project, and finding the necessary materials for research. I must ensure that each schedule task receives the necessary time and attention for thorough research and must maintain constant track of my progress to ensure I do not fall behind schedule. I must also stay within the bounds of information security as it is related to hospitals. This is important because the topic of security has a very broad range and I must maintain focus so that the paper does not go off onto tangents that are unrelated to the subject material. Lack of appropriate research materials may be a concern but I should make use of the resources provided by the Capella online library, my local library, my own personal book collection, research materials on the Web to guarantee that each topic is properly researched and cited. All three of these risk factors can be mitigated by my actions and it is up to me to ensure that I take the appropriate steps to complete this project to the best of my ability and on time.
Research
Stallings, W., Brown, L. (2008) Computer Security: Principles and Practice. Upper Saddle River, NJ: Prentice Hall.
Vasant, R., Fichadia, A. (2007) Risks, Controls, and Security: Concepts and Applications. Hoboken, NJ: John Wiley and Sons.
Miller, S., Melczer, A. (2003). HIPAA Security White Papers. Retrieved July 15, from: http://www.mahealthdata.org/hipaa/resources/security/20030717_SecOutline.pdf
Appendix
Appendix A: [item/title]
Appendix B: [item/title]
Appendix C: [item/title]
Integrative Project Description and Scoring Guide
Overview
As indicated in the title, the TS5900 course is a project-based course. The intent of the integrated project is for you to show a synthesis of knowledge accumulated in your program at Capella University. The project enables you to demonstrate proficiency by applying integrated learning from a range of courses to a topic of your choice. The project should relate directly to your program and should be grounded in your professional experience, if possible.
If you are having difficulty determining a project topic, read the Possible Project Topics document for ideas. The project and its components are the primary focus for the course. Be sure to thoroughly review this project description, including all links, as there is extensive information to help you develop your project.
The final component of your integrative project must demonstrate your mastery of the program outcomes for your Master in Information Technology degree. These outcomes are:
1. Evaluate the ethical and legal impact of information technology on society.
2. Demonstrate technical competence in a chosen area of study.
3. Demonstrate business acumen in strategic information technology planning.
4. Integrate information technology solutions to support the organization.
5. Develop proficiency in managing people and technology.
6. Communicate effectively within the discipline.
Project Options
You have two options for developing your integrative project:
1: Write a paper of at least 40 pages about a topic of your choice that is approved by the instructor. The paper should describe the project in detail with research from reliable sources and provide the audience with an understanding of the projects scope, value to the organization, ethical and legal impact, and benefits to stakeholders. The 40-page minimum includes the table of contents, list of figures, list of tables, drawings, diagrams, reference pages, and appendices, as laid out in the Integrative Project Template.
Option 2: Create a technology project that can be physically reviewed by the instructor via Internet access (for example, a Web site or online manual), and write a paper of at least 20 pages that provides an analysis of the technology project. If the instructor cannot access the technology, it does not qualify for Option 2 and therefore, Option 1 will apply.
Regardless of which option you choose, you are required to submit the following components of your project:
Proposal: In Unit 2, you submit your proposal, explaining how you plan to execute your project. This proposal will be reviewed by other learners so that you may gather suggestions to improve your final project. In turn, you will review other learners proposals and provide feedback.
Draft: In Unit 8, you submit a draft of your project for review. This draft will be the subject of peer review in Weeks 8 and 9 as well.
Final Submission: In Unit 9, you submit the final version of your project, incorporating instructor and peer feedback.
If you choose Option 2, you should also submit information about the technology portion of your project, in whichever form is most appropriate (for example, a link to your Web site). Talk to your instructor about what would be appropriate.
Templates
The following templates are included with this course to help you develop your project:
Use the Project Proposal Template to develop your proposal for Option 1 and Option 2.
Use the Integrative Project Template to develop your paper for Option 1 and Option 2. Option 2 follows a shortened version of this template, as specified in the template.
Be sure to read the instructions, as they will guide you as to the difference between the 20-page and the 40-page paper. If you have additional questions, contact your instructor.
Project Objectives
To successfully complete this project, you will be expected to:
1. Evaluate the ethical and legal impact of information technology on society, in regard to the project subject area.
2. Demonstrate technical competence in the chosen area of study.
3. Demonstrate business acumen in strategic information technology planning.
4. Integrate information technology solutions to support the organization.
5. Demonstrate proficiency in managing people and technology resources.
6. Communicate effectively within the discipline.
Project Components
Integrative Project Components
Project Component Course Grade Weight Unit Due
Proposal 20% Unit 2
Draft 10% Unit 8
Final Submission 40% Unit 9
Total: 70%
Project Requirements
To achieve a successful project experience and outcome, you are expected to meet the following requirements.
The final document is created in Microsoft Word or Adobe PDF so everyone can open and read it.
The document is written in third-person voice with professional presentation.
All information is thorough and complete.
All sections of the project are combined into a single document.
All in-text citations and references use proper APA 5th edition style. Refer to the Capella Writing Center APA Style and Formatting module on iGuide.
The final document includes a minimum of 10 credible, fully cited external references (course texts are not external references).
The document is double-spaced and contains a cover sheet and reference list. The appendices and reference list do not count toward the expected page count total.
The document is spell-checked and edited before submission.
The document is the appropriate page length for the project option you chose (that is, at least 20 or 40 pages).
The document follows the format laid out in the Integrative Project Template.
