Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science.

Slides:



Advertisements
Similar presentations
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Controls – What Works
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 19 Security.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
WILLIAM HERSH, MD OREGON HEALTH & SCIENCE UNIVERSITY Privacy, Confidentiality, and Security: Basic Concepts Content licensed under Creative Commons Attribution-Share.
Web services security I
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
RIVERA SÁNCHEZ-1 CSE 5810 User Authentication in Mobile Healthcare Applications Yaira K. Rivera Sánchez Computer Science & Engineering Department University.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Securing Information Systems
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Privacy, Confidentiality, Security, and Integrity of Electronic Data
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture a This material (Comp7_Unit7a) was developed by.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Cryptography and Network Security (CS435) Part Fourteen (Web Security)
Module 9: Fundamentals of Securing Network Communication.
PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.
Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Privacy, Confidentiality, and Security Component 2/Unit 8c.
HIT Policy Committee Report from HIT Standards Committee Privacy and Security Workgroup Dixie Baker, SAIC December 15, 2009.
Working with HIT Systems
Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Component 3-Terminology in Healthcare and Public Health Settings Unit 16-Definitions and Concepts in the EHR This material was developed by The University.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
Configuring Electronic Health Records Privacy and Security in the US Lecture a This material (Comp11_Unit7a) was developed by Oregon Health & Science University.
Configuring Electronic Health Records Privacy and Security in the US Lecture b This material (Comp11_Unit7b) was developed by Oregon Health & Science University.
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Mary Trauner Senior Research Scientist Georgia Institute of Technology Middleware for Video.
Terminology in Healthcare and Public Health Settings Electronic Health Records Lecture b – Definitions and Concepts in the EHR This material Comp3_Unit15.
Component 9 – Networking and Health Information Exchange Unit 9-1 Privacy, Confidentiality, and Security Issues and Standards This material was developed.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Henric Johnson1 Chapter 7 WEB Security Henric Johnson Blekinge Institute of Technology, Sweden
© 2016 Health Information Management Technology: An Applied Approach Chapter 10 Data Security.
No audio. Recording preparation.
Chapter 17 Risks, Security and Disaster Recovery
Virtual Private Networks (VPN)
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web Lecture 4 This material was developed by Oregon.
Presentation transcript:

Privacy, Confidentiality, and Security Unit 8: Professional Values and Medical Ethics Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Tools for protecting health information IOM report: For the Record (1997) Report commissioned by NLM; informed HIPAA legislation Looked at current practices at six institutions Recommended immediate and future best practices Some content dated, but framework not Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Threats to security Insider –Accidental disclosure –Curiosity –Subornation Secondary use settings Outside institution –A lot of press, few examples Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Technologies to secure information Deterrents –Alerts –Audit trails System management precautions –Software management –Analysis of vulnerability Obstacles –Authentication –Authorization –Integrity management –Digital signatures –Encryption –Firewalls –Rights management Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Encryption Necessary but not sufficient to ensure security Should, however, be used for all communications over public networks, e.g., the Internet Information is scrambled and unscrambled using a key Types: symmetric vs. asymmetric –Asymmetric, aka public key encryption, can be used for digital certificates, electronic signatures, etc. Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Standards for encryption and related functions Advanced Encryption Standard (AES) – NIST-designated standard for encryption/decryption (Daemen, 2002) Transport Layer Security (TLS) and predecessor, Secure Sockets Layer (SSL) – cryptographic protocols that provide security for communications over all points on networks (Rescorla, 2001) Internet Protocol Security (IPsec) – protocol for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream –Part of IPv6 but also added as standalone on top of IPv4 Secure Hash Algorithm (SHA) protocols insure integrity of transmitted information and documents (NIST, 2002) –Security flaws have been identified in SHA-1 so SHA-2 family of protocols has been developed For more: Wikipedia and – Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

For the Record best practices Organizational –Confidentiality and security policies and committees –Education and training programs –Sanctions –Patient access to audit trails Technical –Authentication of users –Audit trails –Physical security and disaster recovery –Protection of remote access points and external communications –Software discipline –Ongoing system vulnerability assessment Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Authentication and passwords Authentication is process of gaining access to secure computer Usual approach is passwords (“what you know”), but secure systems may add physical entities (“what you have”), e.g., –Biometric devices – physical characteristic, e.g., thumbprint –Physical devices – smart card or some other physical “key” Ideal password is one you can remember but no one else can guess Typical Internet user interacts with many sites for which he/she must use password –Many clamor for “single sign-on,” especially in healthcare, where users authenticate just once (Pabrai, 2008) Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Some challenges with passwords Common approach to security is password “aging” (i.e., expiration), which is less effective than other measures (Wagner, 2005) –Session-locking – one or small number of simultaneous logons –Login failure lockout – after 3-5 attempts Password aging may also induce counterproductive behavior (Allan, 2005) Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Health information security is probably a trade-off Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall No security - Web pages Total security - CIA, NSA Where is the happy medium for healthcare?

Other issues about privacy and confidentiality to ponder… Who owns information? How is informed consent implemented? When does public good exceed personal privacy? –e.g., public health, research, law enforcement What conflicts are there with business interests? How do we let individuals “opt out” of systems? –What are the costs? When do we override? Component 2/Unit 8-2 Health IT Workforce Curriculum Version 2.0/Fall

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.