Presentation on theme: "Information Security Is for Everyone By Jill Burrington-Brown, MS, RHIA."— Presentation transcript:
Information Security Is for Everyone By Jill Burrington-Brown, MS, RHIA
Setting the Standard for Security Electronic health information must be confidential, have integrity, and be available. Each provider must protect against threats or hazards to the security of the information.
Practical Security Safeguards For our system At our workstation When using e-mail and the Internet
What Are the Potential Risks to Our System? Theft Vandalism Snooping Environment
How Can We Minimize the Risks? Protect Physical Access Control location Lock equipment Use screen filters Label laptops Lock or shut down
Protecting System Access Identifying Who are you? Authenticating Something you know Something you have Something you are
Protecting System Access… Authorizing Rights and permissions Accounting Audit trails and logs
Protecting System Access Manage your Password! Choose a strong password! Don’t share it with anyone! Don’t write it down on a Post-It! Don’t “Save This Password!”
Protecting System Access… Remove default passwords Control software loaded on system Remove unused software Consider automatic log-off Consider encryption for sending sensitive information
Minimizing the Risks…. Education of the Workforce Who are the Data owners Data users Data custodians And what can they do?
Minimizing the Risks…. Anticipate Environmental Hazards Power outages/spikes Fire Flood
How About the Internet? Downloading information E-mail
Downloading Information Freeware Shareware Be careful: some of these programs create vulnerability to viruses, unexpected software interactions, and subversion of security controls, and may violate your licensure agreements if you don’t purchase the software.
E-mail Don’t open attachments from someone you don’t know Don’t open attachments from someone you do know if the message seems strange
Your PC The only safe PC is a powered-off PC Two thirds of all hacking is INTERNAL Most hacking activity takes place off-hours There is no such thing as a 100 percent secure system or network, but we can work toward better security practices.