Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,

Slides:



Advertisements
Similar presentations
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Advertisements

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA Privacy Rule Compliance Training for YSU April 9, 2014.
 The Health Insurance Portability and Accountability Act of  Federal Law designed to protect sensitive information.  HIPAA violations are enforced.
HIPAA HIPAA Health Insurance Portability and Accountability Act of 1996.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
2 The Use of Health Information Technology in Physician Practices.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Introduction to Information and Computer Science Networks Lecture e This material (Comp4_Unit7e) was developed by Oregon Health and Science University,
HIPAA Basic Training for Privacy and Information Security Vanderbilt University Medical Center VUMC HIPAA Website: HIPAA Basic.
The University of Kansas Medical Center Shadow Experience Training.
New Data Regulation Law 201 CMR TJX Video.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,
© 2009 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Career Education Computers in the Medical Office Chapter 2: Information Technology.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
The Use of Health Information Technology in Physician Practices
HIPAA PRIVACY AND SECURITY AWARENESS.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Forms Management: Compliance, Security & Workflow Efficiencies.
1 SECURITY & HIPAA DATA ENSURE INC. 798 PARK AVE. NW SUITE 204 NORTON, VA (276) D E.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 2 This material was developed by Oregon Health.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
Introduction to Information and Computer Science Internet and the World Wide Web Lecture d This material (Comp4_Unit2d) was developed by Oregon Health.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Unit 6a System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Component 8/Unit 6aHealth IT Workforce Curriculum Version 1.0 Fall Installation and Maintenance of Health IT Systems Unit 6a System Security Procedures.
Project MED INF 403 DL Winter 2008 Group 3. Group Members Michael Crosswhite Maureen Farrell Julia Hernandez R Steven McDonald Jennifer Ogg David Robbins.
Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 5 This material was developed by Oregon Health & Science.
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 1 This material was developed by Oregon Health & Science.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Table of Contents. Lessons 1. Introduction to HIPAA Go Go 2. The Privacy Rule Go Go.
Computer Security Sample security policy Dr Alexei Vernitski.
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
Information Systems Design and Development Security Precautions Computing Science.
Component 9 – Networking and Health Information Exchange Unit 9-1 Privacy, Confidentiality, and Security Issues and Standards This material was developed.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill/Irwin Chapter 6 The Privacy and Security of Electronic Health Information.
Installation and Maintenance of Health IT Systems System Security Procedures and Standards Lecture a This material Comp8_Unit6a was developed by Duke University,
Electronic Health Records (EHR)
Introduction to Computer Science
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Information Systems for Health:
HIPAA Overview.
The Health Insurance Portability and Accountability Act
Lesson 1: Introduction to HIPAA
Health IT Workforce Curriculum Version 1.0/Fall 2010
Communicating in the IT Industry
Introduction to the PACS Security
Presentation transcript:

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Unit Objectives List and describe common security concerns Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. Describe security concerns for wireless networks and how to address them List security concerns/regulations for health care applications Describe security safeguards used for health care applications 2 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Security and Wireless Networking Wireless networks unsecure by their very nature. –Home networks. –Hot spots. –Campus environments. Wireless networks are everywhere in medical environment. –Doctors & nurses move from room-to-room constantly. 3 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Wireless Device Security Wireless Access Points (WAPs) must be configured for security: –Change default password. –Select unique SSID. –Do not broadcast SSID. –Require WPA2 authentication. –Restrict access to known devices. Can program MAC addresses into WAP memory. 4 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Wireless Device Security (cont’d) Install digital certificates on sensitive devices. –Only devices with known/valid certificates can communicate on network. –Requires use of special servers. –Not usually for small offices. 5 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 The image shows a partial browser address bar with a valid bank certificate. Click the gold lock to view the bank’s certificate.

Wireless Device Security (cont’d) Smartphones –All portable devices connecting to network need AV protection. –Do not use a portable device for sensitive transactions unless it is AV protected. –Do not open or attachments from unsolicited sources. Known sources might be virus infected, meaning that they did not send the /attachment. –No exceptions. 6 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Health Care Applications and Security U. S. Government’s stated goal: –Most American’s to have access to electronic health records by Why EHRs? Mainly to... –Improve quality of care. –Decrease cost. –Ensure privacy and security. Outsourcing introduces risk –Medical transcriptionists in countries with different cultural values & EHR regulations. 7 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Concerned About Security of Health Data? Incorrect health data recorded. –Someone else’s information in your record. Job discrimination. –Denied employment or health coverage based on pre- existing condition. Personal privacy violated. –Friends & family find out about embarrassing but non- infectious condition. Sharing of data between providers adds risk. –Use of Internet always introduces risk. 8 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

What is an EHR System? Collection of health data about the business, patients, doctors, nurses, etc. Health data stored as records in database system. Records represent a complete event. –What is stored in a database as one record? A patient’s personal information An office visit to your doctor. A blood test. An x-ray. Etc. 9 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

EHRs Used by Health Care Providers EHRs are maintained by health care providers. EHRs are covered by HIPAA rules. EHRs utilize centralized database systems to integrate patient intake, medical care, pharmacy, billing, etc. into one system. Departments/entities may not be in same physical location, so patient data must travel over the Internet. People can view their own health record, taking ownership of its contents, ensuring accuracy, etc. 10 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

EHR Security Q & A How is my data sent over the Internet? It should be sent in an encrypted, secure manner over the Internet. Is my data safe? Much depends on each organization’s physical record and network security practices. No data is 100% secure against theft or misuse. Who can view my health records? Only those who need to know or view the contents of your health record should be able to view it. You must authorize all other access. 11 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Federal Regulations HIPAA (Health Insurance Portability and Accountability Act) was enacted in 1996 by the federal government. HIPAA requires that health care providers, insurance companies, and employers abide by privacy and security standards. 12 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

HIPAA and Privacy Privacy Rule HIPAA requires those covered by the act to provide patients a “Notice of Privacy Practices” when care is first provided. The Privacy Rule covers paper and electronic private health information. Security Rule Goes further than the Privacy Rule in that it covers administrative, physical, and technical data safeguards that must be enacted to secure electronic health record data. 13 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

What is Privacy? Most privacy law revolves around privacy between a person and the government. According to Wikipedia, “The law of privacy regulates the type of information which may be collected and how this information may be used and stored.” i.e., privacy relates to people. 14 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

What is Confidentiality? Not the same as privacy. According to Wikipedia, “Confidentiality is commonly applied to conversations between doctors and patients. Legal protections prevent physicians from revealing certain discussions with patients, even under oath in court. The rule only applies to secrets shared between physician and patient during the course of providing medical care.” i.e., confidentiality relates to data. 15 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Steps to Secure EHR & Records Authenticate & authorize all record access –Only those with ‘need to know’ can view. –Only pertinent people can change records. –Limit who can print electronic documents. –All views and changes recorded for audit trail. Examples: –A clerk can view the dates and charges related to an office visit but nothing about treatment. –Nurses and doctors can view medical records for patients under their care and no one else. 16 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Steps to Secure EHR & Records (cont’d) Device security –Apply OS critical updates immediately. –AV definitions always current. –Restrict physical access to servers. –Allow only authenticated device access. Secure electronic communications –Encrypt all EHR communications. –Client-server environment. –Configure user accounts and groups. –Implement network access protection mechanisms. 17 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Steps to Secure EHR & Records (cont’d) Web environment considerations –Implement HTTPS for all Web transactions. –Validate all data entered into Web forms. Perform regular audits of access and changes Implement redundant devices –Ensures that devices are available as expected. –Load balance heavily used hardware devices. Prosecute security violations vigorously Backup EHR data with secure storage 18 Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.