Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Published byKathleen Beasley Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd."— Presentation transcript:

1 Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd

2 2 Aims and Objectives Demonstrate risks of not protecting data Ensure awareness of data security issues Provide options for data security Demonstrate healthcare scenarios and solutions

3 3 Introduction Do you own a laptop? Do you have valuable data on your own work or home computer? Are you protected against computer hacking? Is the confidential data protected according to legislative requirements? Have you heard about computer encryption viruses?

4 4 Data security – the present

5 5 Current issues

6 6 Data security and the internet

7 7 Factors driving data protection WHICH FACTORS APPLY TO YOU? Legislative requirements ie. Privacy Act Insurance risks Unreliability of passwords Internal controls Accreditation and other compliance requirements Accountability

8 8 Types of risks 1.Loss of data Theft Accidental loss Unauthorised access to data

9 9 Types of risks 2.Controlling data processes Security Access levels Passwords

10 10 Passwords

11 11 Pitfalls of passwords Access Passwords stored on computer Not always regularly changed Time wasting if someone forgets Password policy i.e. name, DOB If copied, no longer secure

12 12 Types of risks 3. Legislation Accreditation Privacy Act State/Federal legislation e.g. Electronic Transactions Act

13 13 Types of risks 4. Transmission of data Hacking Internet security Secure sites Encryption

14 14 Types of risks 5. Insurance requirements Processes Guidelines Policies and procedures Consequences Risk to increase in premiums

15 15 Risk in specific terms Identify risks (risk management) No data protection (susceptible) Costs of no protection Costs of data protection Data protection – never 100% Failure to manage risks (consequences)

16 16 Facts about unprotected laptops More internal risks with employees than external risks Laptop theft US $11,000 per incident 600,000 laptops stolen (US) in 2001  53% CSI and FBI Survey US $61,881 per unit Gartner’s advice – use disk encryption on laptops and login. For PDAs, encryption and boot lock software. [Source: Noble, 2003, ADZNET]

17 17 Real life example Software development company Conference - Information split on several computers Perceived Risk – if one computer was stolen or lost, not all data available Problem – all laptops were stolen 6 months later, Competitor came up with same ideas Solution = encrypt all laptops

18 18 Health information scenarios Laptops being stolen or unsecure Securing data submission Restricting access Divulging information internally or externally –e.g. Redundancy, change of operational procedures Securing databases Transferring data from remote locations

19 19 Issues to consider 1. Are the solutions user friendly? 2. How easy is it to train someone? 3. Is it cost effective for the facility? 4. How secure is it? Will it meet statutory and legislative requirements? 5. How flexible is the product to solve the many security issues?

20 20 Issues to consider 5. What is the functionality of the product and does it meet our needs? 6. Is it relevant for our type and size of facility? 7. Will it be able to secure the type and size of data files in our facility?

21 21 Considerations to data security problems Cost-effective Multi-use Easy to use Control Support Upgrades/replacements

22 22 Our solution: Encryption Key

23 23 How does the encryption key work? Log on facility (USB drive) Authorization by key with optional pincode No additional hardware or software Secure and portable Click of mouse to encrypt Encrypts documents anywhere Public/Private key infrastructure

24 24 Why an encryption key? Controls: –Access to peripheral devices –Access to emails –Access to files –Number of people having access Strict control (Analogy to house key )

25 25 Why an encryption key? Internally controlled access –Eg. Australian Federal Police – compromised internally People accidentally accessing information Encrypts servers and/or drives Encryption independent of the delivery Secures access to an Intranet

26 26 Features of the encryption key 256 bit encryption Encryption type and strength File of any size or type –eg. Radiographs Public/private key technology Many algorithms eg. TWOFISH

27 27 Encryption codes

28 28 Real life scenarios – Health Sector Example 1 Doctor’s surgery Different access levels to information Multiple users Only one hard drive SOLUTION: Encryption key for each person

29 29 Real life scenarios – Health Sector Example 2 1.Securing information internally on a network 2. Validating access externally into an intranet Limiting access to confidential information Accidental corruption of files

30 30 Solution – Scenario 2 Internal information Securing a drive with encryption key External logon into an intranet Issue with intranet key

31 31 Real life scenarios – Health Sector Example 3 Securing the contents of a laptop Ensuring security if stolen or lost Limiting access for multi-users SOLUTION: Installing encryption key –Protects files of any size of type –Enables encryption of emails with confidential information –Screen saver function if laptop left

32 32 Real life scenarios – Health Sector Example 4 Securing transmission of data over the internet –Internal and external emails –Data to external organizations SOLUTION: Install encryption key (up to 30 users) on nominated machine/s

33 33 Scenarios for the health industry How it could be used –Intranet (external use) –Laptops –PC control –Drive within an intranet Overall plan for risk management Path lab results (cost – 1 key) EMR (transfer of information)

34 34 Conclusions Addresses risk management issues Protects data Demonstrated use within Health facilities Meets legislative requirements Easy to use/portable What are you doing?

35 35 Finale

36 36 Contact Debbie Abbott Resolutions (Int) Pty Ltd Email: resint@gil.com.auresint@gil.com.au (07) 3849 6885

Download ppt "Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd."

Similar presentations

GCSE ICT Networks & Security..

GCSE ICT Networks & Security..
Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.

Copyright 2006 Mid-City Offices Systems. Busy people… How would your business be affected, if you suddenly lost all of your computer data? Rush through.
HIPAA Security.

HIPAA Security.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Security Controls – What Works

Security Controls – What Works
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
10 Essential Security Measures PA Turnpike Commission.

10 Essential Security Measures PA Turnpike Commission.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Confidential Computer Systems Group HD Lock for Toshiba Notebook August 3rd, 2006.

Confidential Computer Systems Group HD Lock for Toshiba Notebook August 3rd, 2006.

Similar presentations

Ads by Google