Epworth Healthcare provides mental healthcare services at a number of locations across Australia, employing 500 personnel that include physicians, nurses (e.g., assistant, orderlies, enrolled and registered), a nurse manager, nurses, licensed nurse practitioners, social worker, technologists, data, system and network administrators, etc. Epworth deploys a complex networked information system accessed through wired and wireless local area network as well as wide area network technologies. There are 500,000 records of confidential patient data at Epworth residing in plaintext on a single database. Multiple groups within the Epworth will be accessing and modifying the database daily. This database is accessed directly by a web server which resides in a DMZ environment. A compromise of the database could result in the exposure of all patient data. It was determined that the replacement cost for each record (i.e., contacting and informing the patients, changing account numbers of the patients and providing new cards to the patients) to be $300. The likelihood of the database being compromised is estimated to be 25% per annum.
QUESTIONS
Based on the information provided in the case study, answer the following questions. Read the questions carefully and use complete and grammatically correct sentences. You must justify your answers in order to receive credit for your answers. Insufficient justification earns 0 points.
Task 1: Based on your knowledge of IT security management, argue for or against the assertions that the Epworth system is in compliance with the Health Insurance Portability and Accountability Act (HIPAA).