Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Published byBaylee Milles Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,"— Presentation transcript:

1 Chapter 10

2 Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external, intentional, and unintentional—to the security of health care information. Outline the components of the HIPAA security regulations. Give examples of administrative, physical, and technical security safeguards currently in use by health care organizations. Discuss the impact and the risks of using wireless networks and allowing remote access to health information, and describe ways to minimize the risks. Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser

3 Define Security Program Threats to Health Care Information HIPAA Security Regulations Administrative Safeguards Physical Safeguards Technical Safeguards Wireless Security Issues

4 Identifying potential threats Implementing processes to remove or mitigate threats Protects not only patient-specific information but also IT assets Balance need for security with cost of security Balance need for information access with security

5 Human Threats Natural or Environmental Threats Technology Malfunctions

6 Intentional or Unintentional Internal or External Examples  Viruses—intentional & external  Installing unauthorized software—intentional or unintentional & internal Cause of unintentional may be lack of training

7 Key Terms  Covered entity  Required implementation specification  Addressable implementation specification

8 A health plan A health care clearinghouse A health care provider who transmits protected health information (phi) in an electronic form

9 Must be implemented by the CE Implement as stated Implement an alternative to accomplish the same purpose Demonstrate that specification is not reasonable

10 Technology Neutral Includes  Administrative Safeguards  Physical Safeguards  Technical Safeguards  Policies, Procedures and Documentation

11 Security management functions Assigned security responsibility Workforce security Information access management Security awareness and training Security incident reporting Contingency plan Evaluation Business associate contacts and other arrangements

12 Facility access controls Workstation use Workstation security Device and media controls

13 Access control Audit controls Integrity Person or entity authentication Transmission security

14 Policies and Procedures Documentation

15 Risk analysis and management (Weil, 2004)  Boundary definition  Threat identification  Vulnerability identification  Security control analysis  Risk likelihood determination  Impact analysis  Risk determination  Security control recommendations

16 Chief Security Officer System Security Evaluation

17 Assigned security responsibilities Media controls Physical access controls Workstation security

18 Access control  User-based access  Role-based access  Context-based access

19 Entity Authentication  Password systems  PINs  Biometric id systems  Telephone callback systems  Tokens  Layered systems

20 Two-factor authentication (Walsh, 2003)  Use two of the following  Something you know—password, etc  Something you have—token or card, etc  Something you are—fingerprint, etc

21 Don’t  Pick a password that can be guessed  Pick a word that can be found  Pick a word that is newsworthy  Pick a word similar to previous  Share your password Do  Pick a combination of letters and at least one number  Pick a word that you can remember  Change your password often

22 Audit Trails Data Encryption Firewall Protection Virus Checking

23 Same problems with security Plus—difficult to limit the transmission of media to just the areas under your control Need clear policies & appropriate sanctions Assign responsibility for hardware

24 Specific threats and vulnerabilities for wireless networks and handheld devices (Karygiannis & Owens, 2002): Unauthorized access to a computer network through wireless connections, bypassing firewall protections Information that is not encrypted (or has been encrypted with poor techniques) transmitted between two wireless devices may be intercepted Denial-of-service attacks may be directed at wireless connections or devices Sensitive data may be corrupted during improper synchronization Handheld devices are easily stolen Internal attacks may be possible via ad hoc transmissions Unauthorized users may obtain access through piggybacking or war driving. Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser

25 There are two cryptographic techniques specific to the wireless environment:  WEP (Wired Equivalent Privacy)  WPA (Wi-Fi Protected Access) WPA is newer and more secure Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser

26 Remote Access creates additional security issues. CMS issued HIPAA security guidance for remote access in 2006. Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser

27

28

29 Security Program Threats to Health Care Information HIPAA Definitions  Covered Entity (CE)  Required Specification  Addressable Specification HIPAA Overview  Administrative Safeguards  Physical Safeguards  Technical Safeguards  Policies, Procedures and Documentation

30 Administrative Safeguard Practices Physical Safeguard Practice Technical Safeguard Practices Wireless Security Issues Remote Access Issues

Download ppt "Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,"

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
David Assee BBA, MCSE Florida International University

David Assee BBA, MCSE Florida International University
Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.

Security Vulnerabilities and Conflicts of Interest in the Provider-Clearinghouse*-Payer Model Andy Podgurski and Bret Kiraly EECS Department & Sharona.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.

© 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2.5 HIPAA Legislation and its Impact on Physician Practices 2-15 The Health Insurance Portability.
HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.

HIPAA Security Risk Overview Lynne Shoemaker, RHIA, CHP, CHC OCHIN Integrity Officer Daniel M. Briley, CISSP, CIPP Summit Security Group.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Similar presentations

Ads by Google