Presentation is loading. Please wait.

Presentation is loading. Please wait.

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

Published byErik Townsend Modified over 7 years ago

Similar presentations

Presentation on theme: "Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,"— Presentation transcript:

1 Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000015.

2 Unit Objectives List and describe common security concerns Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. Describe security concerns for wireless networks and how to address them List security concerns/regulations for health care applications Describe security safeguards used for health care applications 2 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

3 Security and Wireless Networking Wireless networks unsecure by their very nature. –Home networks. –Hot spots. –Campus environments. Wireless networks are everywhere in medical environment. –Doctors & nurses move from room-to-room constantly. 3 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

4 Wireless Device Security Wireless Access Points (WAPs) must be configured for security: –Change default password. –Select unique SSID. –Do not broadcast SSID. –Require WPA2 authentication. –Restrict access to known devices. Can program MAC addresses into WAP memory. 4 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

5 Wireless Device Security (cont’d) Install digital certificates on sensitive devices. –Only devices with known/valid certificates can communicate on network. –Requires use of special servers. –Not usually for small offices. 5 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 The image shows a partial browser address bar with a valid bank certificate. Click the gold lock to view the bank’s certificate.

6 Wireless Device Security (cont’d) Smartphones –All portable devices connecting to network need AV protection. –Do not use a portable device for sensitive transactions unless it is AV protected. –Do not open e-mail or attachments from unsolicited sources. Known sources might be virus infected, meaning that they did not send the e-mail/attachment. –No exceptions. 6 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

7 Health Care Applications and Security U. S. Government’s stated goal: –Most American’s to have access to electronic health records by 2014. Why EHRs? Mainly to... –Improve quality of care. –Decrease cost. –Ensure privacy and security. Outsourcing introduces risk –Medical transcriptionists in countries with different cultural values & EHR regulations. 7 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

8 Concerned About Security of Health Data? Incorrect health data recorded. –Someone else’s information in your record. Job discrimination. –Denied employment or health coverage based on pre- existing condition. Personal privacy violated. –Friends & family find out about embarrassing but non- infectious condition. Sharing of data between providers adds risk. –Use of Internet always introduces risk. 8 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

9 What is an EHR System? Collection of health data about the business, patients, doctors, nurses, etc. Health data stored as records in database system. Records represent a complete event. –What is stored in a database as one record? A patient’s personal information An office visit to your doctor. A blood test. An x-ray. Etc. 9 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

10 EHRs Used by Health Care Providers EHRs are maintained by health care providers. EHRs are covered by HIPAA rules. EHRs utilize centralized database systems to integrate patient intake, medical care, pharmacy, billing, etc. into one system. Departments/entities may not be in same physical location, so patient data must travel over the Internet. People can view their own health record, taking ownership of its contents, ensuring accuracy, etc. 10 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

11 EHR Security Q & A How is my data sent over the Internet? It should be sent in an encrypted, secure manner over the Internet. Is my data safe? Much depends on each organization’s physical record and network security practices. No data is 100% secure against theft or misuse. Who can view my health records? Only those who need to know or view the contents of your health record should be able to view it. You must authorize all other access. 11 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

12 Federal Regulations HIPAA (Health Insurance Portability and Accountability Act) was enacted in 1996 by the federal government. HIPAA requires that health care providers, insurance companies, and employers abide by privacy and security standards. 12 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

13 HIPAA and Privacy Privacy Rule HIPAA requires those covered by the act to provide patients a “Notice of Privacy Practices” when care is first provided. The Privacy Rule covers paper and electronic private health information. Security Rule Goes further than the Privacy Rule in that it covers administrative, physical, and technical data safeguards that must be enacted to secure electronic health record data. 13 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

14 What is Privacy? Most privacy law revolves around privacy between a person and the government. According to Wikipedia, “The law of privacy regulates the type of information which may be collected and how this information may be used and stored.” i.e., privacy relates to people. 14 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

15 What is Confidentiality? Not the same as privacy. According to Wikipedia, “Confidentiality is commonly applied to conversations between doctors and patients. Legal protections prevent physicians from revealing certain discussions with patients, even under oath in court. The rule only applies to secrets shared between physician and patient during the course of providing medical care.” i.e., confidentiality relates to data. 15 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

16 Steps to Secure EHR & Records Authenticate & authorize all record access –Only those with ‘need to know’ can view. –Only pertinent people can change records. –Limit who can print electronic documents. –All views and changes recorded for audit trail. Examples: –A clerk can view the dates and charges related to an office visit but nothing about treatment. –Nurses and doctors can view medical records for patients under their care and no one else. 16 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

17 Steps to Secure EHR & Records (cont’d) Device security –Apply OS critical updates immediately. –AV definitions always current. –Restrict physical access to servers. –Allow only authenticated device access. Secure electronic communications –Encrypt all EHR communications. –Client-server environment. –Configure user accounts and groups. –Implement network access protection mechanisms. 17 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

18 Steps to Secure EHR & Records (cont’d) Web environment considerations –Implement HTTPS for all Web transactions. –Validate all data entered into Web forms. Perform regular audits of access and changes Implement redundant devices –Ensures that devices are available as expected. –Load balance heavily used hardware devices. Prosecute security violations vigorously Backup EHR data with secure storage 18 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Download ppt "Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,"

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.

HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of 1996.  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.

 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.

HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
2 The Use of Health Information Technology in Physician Practices.

2 The Use of Health Information Technology in Physician Practices.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Introduction to Information and Computer Science Networks Lecture e This material (Comp4_Unit7e) was developed by Oregon Health and Science University,

Introduction to Information and Computer Science Networks Lecture e This material (Comp4_Unit7e) was developed by Oregon Health and Science University,
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA HIPAA Basic.

HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
The University of Kansas Medical Center Shadow Experience Training.

The University of Kansas Medical Center Shadow Experience Training.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,

Similar presentations

Ads by Google