I am getting stuck on this and any help would be great.

Your company is a security service contractor that consults with businesses in the U.S. that require assistance in complying with HIPAA. You advertise a proven track record in providing information program security management, information security governance programs, risk management programs, and regulatory and compliance recommendations. You identify vulnerabilities, threats, and risks for clients with the end goal of securing and protecting applications and systems within their organization.

Your client is Health Coverage Associates, a health insurance exchange in California and a healthcare-covered entity. The Patient Protection and Affordable Care Act (ACA) enables individuals and small businesses to purchase health insurance at federally subsidized rates. In the past 6 months, they have experienced:

A malware attack (i.e., SQL Injection) on a critical software application that processed and stored client-protected health information (PHI) that allowed access to PHI stored within the database

An internal mistake by an employee allowed PHI to be emailed to the wrong recipient who was not authorized to have access to the PHI

Unauthorized access to client accounts through cracking of weak passwords via the companys website login

Health Coverage Associates would like you to develop a security management plan that would address the required safeguards to protect the confidentiality, integrity, and availability of sensitive data from the attacks listed above and protect their assets from the vulnerabilities that allowed the attacks to occur.

Write a 1- to 2-page high-level executive summary of the legal and regulatory compliance requirements for Health Coverage Associates executives. The summary should provide:

Accurate information on the HIPAA requirements for securing PHI

FISMA and HIPAA requirements for a security plan

Scope of the work you will perform to meet the Health Coverage Associates requests