Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, Confidentiality, and Security Component 2/Unit 8c.

Published byEdwina Higgins Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy, Confidentiality, and Security Component 2/Unit 8c."— Presentation transcript:

1 Privacy, Confidentiality, and Security Component 2/Unit 8c

2 Tools for protecting health information IOM report: For the Record (1997) Report commissioned by NLM; informed HIPAA legistation Looked at current practices at six institutions Recommended immediate and future best practices Some content dated, but framework not Health IT Workforce Curriculum Version 1.0/Fall 2010 2Component 2/Unit 8c

3 Threats to security Insider –Accidental disclosure –Curiosity –Subornation Secondary use settings Outside institution –A lot of press, few examples Health IT Workforce Curriculum Version 1.0/Fall 2010 3Component 2/Unit 8c

4 Technologies to secure information Deterrents –Alerts –Audit trails System management precautions –Software management –Analysis of vulnerability Obstacles –Authentication –Authorization –Integrity management –Digital signatures –Encryption –Firewalls –Rights management Health IT Workforce Curriculum Version 1.0/Fall 2010 4Component 2/Unit 8c

5 Encryption Necessary but not sufficient to ensure security Should, however, be used for all communications over public networks, e.g., the Internet Information is scrambled and unscrambled using a key Types: symmetric vs. asymmetric – Asymmetric, aka public key encryption, can be used for digital certificates, electronic signatures, etc. Health IT Workforce Curriculum Version 1.0/Fall 2010 5Component 2/Unit 8c

6 Standards for encryption and related functions Advanced Encryption Standard (AES) – NIST-designated standard for encryption/decryption (Daemen, 2002) Transport Layer Security (TLS) and predecessor, Secure Sockets Layer (SSL) – cryptographic protocols that provide security for communications over all points on networks (Rescorla, 2001) Internet Protocol Security (IPsec) – protocol for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a data stream – Part of IPv6 but also added as standalone on top of IPv4 Secure Hash Algorithm (SHA) protocols insure integrity of transmitted information and documents (NIST, 2002) – Security flaws have been identified in SHA-1 so SHA-2 family of protocols has been developed For more: Wikipedia and – http://csrc.nist.gov/groups/ST/toolkit/ Health IT Workforce Curriculum Version 1.0/Fall 2010 6Component 2/Unit 8c

7 NRC report best practices Organizational –Confidentiality and security policies and committees –Education and training programs –Sanctions –Patient access to audit trails Technical – Authentication of users – Audit trails – Physical security and disaster recovery – Protection of remote access points and external communications – Software discipline – Ongoing system vulnerability assessment Health IT Workforce Curriculum Version 1.0/Fall 2010 7Component 2/Unit 8c

8 Authentication and passwords Authentication is process of gaining access to secure computer Usual approach is passwords (“what you know”), but secure systems may add physical entities (“what you have”), e.g., – Biometric devices – physical characteristic, e.g., thumbprint – Physical devices – smart card or some other physical “key” Ideal password is one you can remember but no one else can guess Typical Internet user interacts with many sites for which he/she must use password – Many clamor for “single sign-on,” especially in healthcare, where users authenticate just once (Pabrai, 2008) Health IT Workforce Curriculum Version 1.0/Fall 2010 8Component 2/Unit 8c

9 Some challenges with passwords Common approach to security is password “aging” (i.e., expiration), which is less effective than other measures (Wagner, 2005) –Session-locking – one or small number of simultaneous logons –Login failure lockout – after 3-5 attempts Password aging may also induce counterproductive behavior (Allan, 2005) Health IT Workforce Curriculum Version 1.0/Fall 2010 9Component 2/Unit 8c

10 Health information security is probably a trade-off Health IT Workforce Curriculum Version 1.0/Fall 2010 10 No security - Web pages Total security - CIA, NSA Where is the happy medium for healthcare? Component 2/Unit 8c

11 Other issues about privacy and confidentiality to ponder… Who owns information? How is informed consent implemented? When does public good exceed personal privacy? – e.g., public health, research, law enforcement What conflicts are there with business interests? How do we let individuals “opt out” of systems? – What are the costs? When do we override? Health IT Workforce Curriculum Version 1.0/Fall 2010 11Component 2/Unit 8c

Download ppt "Privacy, Confidentiality, and Security Component 2/Unit 8c."

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Security Controls – What Works

Security Controls – What Works
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Risks, Controls and Security Measures

Risks, Controls and Security Measures
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Chapter 19 Security.

Chapter 19 Security.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
WILLIAM HERSH, MD OREGON HEALTH & SCIENCE UNIVERSITY Privacy, Confidentiality, and Security: Basic Concepts Content licensed under Creative Commons Attribution-Share.

WILLIAM HERSH, MD OREGON HEALTH & SCIENCE UNIVERSITY Privacy, Confidentiality, and Security: Basic Concepts Content licensed under Creative Commons Attribution-Share.
Web services security I

Web services security I
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.

Similar presentations

Ads by Google