Presentation is loading. Please wait.

Presentation is loading. Please wait.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology."— Presentation transcript:

1 Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology

2 A case of confidentiality Dr. B employs an office manager who also does transcription and completes dialysis billing. Takes work home to complete. Home computer crash requiring repair Computer “irretrievable”; replaced. Requested “wipe the old hard drive” The phone call 3 months later…

3 Computer hard drive recycled to new setup and resold New purchaser finds medical transcription files stored on the hard drive, and releases to local paper. Patients involved interviewed by paper Dr. B gets a call from a lawyer or two…..

4 What are the issues for Dr. B and patient heath information? Limiting access to information Improving confidentiality Keeping the integrity of medical information

5 Who has access? Office employees with need to access medical information (e.g.: nurse, booking, billing) Office staff with no need to access medical information (e.g.: night cleaning staff) Cyberspace (i.e.: everyone)

6 Through what route do they have access? Single computer Server / Network within the institution or office Internet

7 Where/How is information stored? Fixed Server (remote) Hard drive Mobile Compact disks (CD) or DVDs Floppy, tape, jaz, or zip drives Memory sticks or data keys

8 When is information accessible? From office when open From outside 24/7

9 Methods to improve security in the office Computer access Information storage and backup Internet access

10 Simple things to control access or theft Password login In place on most OS Password protected files In place in most WP and accounting applications Chained computer Locked desk Locked office

11 Information storage Fixed storage Often can establish permissions to access folders Safer to have remote server (damage) Mobile storage Can be locked away Can removed just as easy Not generally durable storage Magnetic storage– corrupted data after 10 years with some forms such as floppies and zip Less with data keys and flash cards

12 Information backup Best to have a system remote from office Fire Surges Get a protector! Computer crashes Back up should be real-time Best if combined with encryption or password access

13 Internet access A computer with access to internet is vulnerable Broadband (cable) >> dialup Standalone >> network Monitored access / Access on demand No access (not practical)

14 Internet access Ways to help Firewall = a set of instructions limiting what data channels of your internet connection can be accessed from outside and in some cases, by whom AND what programs can access the internet from within your computer

15 Firewalls – what channels? Data incoming and outgoing is organized in channels e.g.: E-mail, Internet, DNS lookup Can allow data to flow into or out of: Any None Some

16 Firewalls – a checkpoint What it can do : audit What type of data (email, internet and file types) How frequently / how many attempts Where it is going (limiting internet access to certain sites) Low level data content censoring (out and ingoing)

17 Firewalls What it can’t do Intentional bypass of the system E.g.: Social engineering Password changes, phone numbers, credit card numbers etc. Protect against viruses entering Some can prevent multiple distributions from occurring

18 Firewalls Helpful if you have layered security needs to a computer/network If something is completely confidential/high sensitivity… IT SHOULD BE ISOLATED FROM THE NETWORK

19 Return to Dr. B – What can be done? Establish policy that patient data doesn’t leave office If it has to leave the office: Password protect/encrypt all files Delete all files when transferred back to the office Store transcription work on mobile media that comes back to the office

20 Within the office… Lock computer access and or password protect login Isolate patient information from internet Educate your patients and staff about your confidentiality standards

21 Further resources HIPAA Privacy regulations http://www.hhs.gov/ocr/hipaa/ More on Firewalls http://www.faqs.org/faqs/firewalls-faq/ Basic Primer on computer security http://www.cert.org/

Download ppt "Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology."

Similar presentations

HIPAA Security.

HIPAA Security.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.

1 Lesson 3 Computer Protection Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Chapter 3: Storage Devices & Media ALYSSA BAO 1. 2 Solid State controls movements of electrons within a microchip Optical uses precision lasers to access.

Chapter 3: Storage Devices & Media ALYSSA BAO 1. 2 Solid State controls movements of electrons within a microchip Optical uses precision lasers to access.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google