The Top 10 Ways for Physicians to Avoid e-Trouble

1
The Top 10 Ways for Physicians to Avoid e-Trouble
General Business MeetingHamilton Chamber of
Commerce14th May 2007

• David ArmstrongHamilton Health SciencesMedical
  Staff Association

2
(No Transcript)
3

• The Top Ten Signs that the Digital Information
  Age has Caught You Unaware.

4
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 10
• You think that flaming is a way to cook
  hamburgers on the barbeque.

5
E-mail Etiquette

• Flaming is the act of sending or posting messages
  that are deliberately hostile and insulting
• The word flaming is also sometimes used for
  long, intensive and heated discussions, even
  though insults do not occur
• It is noted that Internet users are more likely
  to flame online than insult others in the real
  world, as the latter can lead to embarrassment
  and physical altercations, which online
  "anonymity" can avoid

http//en.wikipedia.org/wiki/Flame_war
6
E-mail Etiquette

• Comments
• The lack of body language and voice inflection in
  e-mail make it difficult to show emotions in a
  nuanced way
• If you wouldnt say it face-to-face or in a
  written letter, dont put in an e-mail
• Be parsimonious with Cc and Bcc
• Count to ten before clicking the ltSendgt button
• Recalling an e-mail does nothing of the sort!
• E-mails are generally unerasable

http//en.wikipedia.org/wiki/Flame_war
7
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 9
• Your last newsletter from the CMPA was addressed
  to Dr. Paparazzo.

8
Photography

• Paparazzi is a plural term (paparazzo being the
  singular form) for photographers who take candid
  photographs of celebrities, usually by shadowing
  them relentlessly in their public and private
  activities.
• Paparazzo - someone who takes photos without the
  subjects permission
• The photograph may be intentional or inadvertent

9
Inadvertent Pictures
I hope that Ralph Fiennes doesnt see this! If
for nothing else, hell sue me because I got his
name wrong!
10
Clinical Photography

• Clinical photographs are permissible but
• Consent must be obtained from the patient
• HHS has a consent form for photos, etc.
• Ensure that there are no unexpected patients /
  individuals in the picture
• Ensure that your images are stored and used
  appropriately

11
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 8
• You receive a letter from a casting agent asking
  if you wish to audition for the part of Freddy
  Kruger in Nightmare on Elm Street, Part XVII
  The Laparotomy Continues.

12
Amusing Photos Out of Context
13
Amusing Photos

• The internet permits rapid and widespread
  dissemination of photos
• Digital photos are particularly portable
• Pictures showing you with
• A drink in your hand
• May raise concern about your sobriety and
  judgement
• A meat cleaver
• May raise concern about your surgical technique

14
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 7
• The camera on your new Blackberry really came in
  handy when you saw a patient with an unusual skin
  rash.

15
Cell Phone Photography

• Waparazzi Amateur photographers who use mobile
  phones to take pictures at major events
• Snaparazzi Passers-by or witnesses to news
  events who take images later used for broadcast

16
Cell Phone Cameras

• There have already been instances of
  inappropriate camera phone use in health care
  settings
• The images are rarely secure
• If the phone or memory card is stolen or lost,
  the images are vulnerable
• The images may be synchronised to a server or
  home PC and will not necessarily be encrypted
• Photos may include patients or other
  individuals without their permission or consent
• The images are often low resolution
• The use of camera phones in hospital is not
  permitted by HHS

17
Cell Phone Cameras

• Dont use the cell phone camera in the hospital
  at HHS
• Use a proper camera (digital or film) to take
  photos
• With the individuals permission
• With the individuals informed consent
• Anonymise images if at all possible
• Transfer images to a secure storage medium and
  erase from the camera, as soon as possible
• Dont post photos to unsecure sites be careful
  to whom you distribute photos
• Password protect your cellphone / PDA
• Call ICT Help desk, if concerned Ext 43000

18
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 6
• Your first thought, on realizing that your laptop
  has been stolen from your car, is that it cost
  over 1500.

19
Laptop Theft

• Hospital laptop theft sparks concerns
• (28 March 2007)
• Nationwide fined 980,000 over stolen laptop
• (14 February 2007)
• 100m US records exposed by security blunders
• (18 December 2006)
• Metropolitan Police in laptop theft security flap
  
• (22 November 2006)
• Ohio child hospital hack exposes 230,000 files
• (30 October 2006)
• Florida laptop loss sparks ID theft fears
• (11 August 2006)
• Security flap after US Navy loses laptops
• (28 July 2006)
• Laptop with veterans' data recovered intact
• (30 June 2006)

http//www.theregister.co.uk/2007/03/28/hospital_l
aptop_theft/
20
Laptop Theft Ontario

• Hospitals and businesses need to do a better job
  of ensuring personal information doesn't fall
  into the wrong hands - especially as increased
  mobility leaves organizations even more exposed
  to breaches of security, Ontario's privacy
  commissioner warned (8 March 2007)
• The commissioner issued an order urging the
  Toronto Hospital for Sick Children to introduce
  new protective measures following the theft of a
  laptop in January that contained information
  about 2,900 patients.
• A doctor with the hospital, who is also a
  researcher there, took a laptop from work,
  intending to analyze some data at home. The
  laptop was stolen when the doctor's minivan was
  burglarized in a Toronto parking lot.

http//ca.news.yahoo.com/s/capress/070308/health/h
ealth_privacy_hospital_laptop
21
Laptop Theft Ontario

• The Sick Kids laptop was password-protected, but
  encryption is a much safer form of security,
  experts say.
• "It's much easier to crack a password than an
  encryption code," Cavoukian said. Passwords are
  relatively easy to crack, whereas encrypted data
  looks like gibberish to someone without a complex
  numerical key to unlock it.
• "A password without encryption is pretty simple
  to defeat - it's like locking your door but
  leaving your key in the lock," said Simon Hunt,
  the chief technology officer for SafeBoot, an
  encryption company.
• Technology analyst Rick Broadhead said the
  software is freely available and relatively
  cheap, but people don't use it for one simple
  reason "It's a pain."

http//ca.news.yahoo.com/s/capress/070308/health/h
ealth_privacy_hospital_laptop
22
Laptop Theft Ontario

• Among the provisions in the health order
  (HO-004), the Commissioner, Ann Cavoukian, issued
  today under the Personal Health Information
  Protection Act (PHIPA)
• THSC must develop implement a comprehensive
  corporate policy that prohibits the removal of
  identifiable personal health information in
  electronic form from the hospital premises. In
  the event that personal health information in an
  identifiable form needs to be removed in
  electronic form, it must be encrypted.
• The hospital must also develop and implement a
  hospital-wide endpoint electronic devices policy,
  applicable to both desktop and laptops/ PDAs,
  which mandates that any personal health
  information not stored on secure servers must
  either be de-identified or encrypted.

http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
23
Why back up?

• One hard drive crashes every 15 seconds in the
  US.
• One out of every five hard drives will fail.
• Hardware or system failure causes 78 of all data
  loss.
• Web software or OS upgrades can cause unexpected
  failures.
• Viruses corrupt and delete data files
• 2,000 laptops are lost /stolen daily lt 1 are
  recovered.
• It takes 19 days to recreate 20 MB of lost
  data.
• Most pictures can never be recreated.
• Home computers laptops are rarely, if ever,
  backed up.
• Business data backup occurs once daily, at best,
  and often misses critical files stored in
  unexpected locations

24
Laptop Theft Solutions

• Keep your laptop safe
• Locking cable
• Locked room
• Hidden in car
• Laptop tracking software
• Password protection / Biometrics
• Keep data safe
• Avoid patient data on laptop, if possible
• Anonymise data
• Encrypt data
• Back-up data
• Call ICT Helpline Ext 43000

http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
25
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 5
• You arrive to give a presentation and cant find
  your USB key you wish youd copied it on to a
  CD, as well.

26
USB Key Data

• Security flap as Scottish council loses USB key
• Published Wednesday 21st March 2007 1304 GMT
• Pay details of workers of Perth and Kinross
  Council have been found on a memory stick left in
  the street.
• A USB key, containing 59 documents, was recovered
  near a bike shelter close to the council building
  at Pullar House .. and handed over to the local
  paper.
• Data on the key included 25 spreadsheets some of
  which included details of council workers' pay,
  National Insurance contributions, and overtime
  hours. It also contained health and safety
  reports, performance reviews, and budget
  information.

http//www.theregister.co.uk/2007/03/21/perth_coun
cil_usb_loss/
27
USB Key Data

• Inquiries by the Perth Advertiser established
  that the loss of the device had gone unnoticed,
  or at least unreported to police. A spokesman for
  the council thanked the paper for the recovery of
  the lost memory device, which he described as "an
  unfortunate accident".
• The council criticised the man who found the key
  for not returning it directly to the council.
• "The failure by the finder of the USB device to
  return it to the council constitutes theft and
  the council would like to thank the PA for its
  return," he said.

http//www.theregister.co.uk/2007/03/21/perth_coun
cil_usb_loss/
28
CD Data

• Georgia on the mind of three million after CD
  loss
• Published Wednesday 11th April 2007 0011 GMT
• Sensitive personal information on 2.9 million
  Georgia residents is at risk after a company lost
  a CD that contained the details.
• The CD lost by Affiliated Computer Systems (ACS),
  which was hired to handle the information,
  contained full names, addresses, birth dates,
  social security numbers and member identification
  for recipients of Medicaid and other medical
  programs, according to an advisory (PDF) from the
  Georgia Department of Community Health (DCH). The
  department said it has called on ACS to notify
  all those affected and assist them in monitoring
  their credit reports.

http//www.theregister.co.uk/2007/04/11/georgia_da
ta_loss/
29
Encryption Softwarehttp//www.newsoftwares.net/ab
out.html

• Files can be protected on USB Flash Drives,
  Memory Sticks, CD-RW, Floppies Notebooks.
• Protection works even if files are taken from one
  PC to another on a removable disk, without the
  need to install any software.

30
USB Theft Solutions

• Keep your USB key safe
• Consider attaching it to a neckband or keyring
• Password protection / Biometrics
• Dont forget CDs, DVDs, hard drives, floppies
• Keep data safe
• Avoid patient data on USB key, CD etc, if
  possible
• Anonymise data
• Encrypt data
• Back-up data
• Call ICT Helpline Ext 43000
• Advice re encryption software
• Advice re biometric-protected keys

http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
31
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 4
• Your computer password is changeme

32
Strong Passwords How to Create and Use Them

• Passwords are the keys to access personal
  information on your computer and online accounts.
• If criminals steal this information, they can use
  your name to open new credit card accounts, apply
  for a mortgage, or pose as you in online
  transactions.
• Fortunately, it is not hard to create strong
  passwords and keep them well protected.
• To an attacker, a strong password should appear
  to be a random string of characters.

http//www.microsoft.com/athome/security/privacy/p
assword.mspx
33
Strong Passwords How to Create and Use Them

• Make it lengthy use the entire keyboard
• Think of a sentence My son Aidan is 3 years
  old
• Add complexity mY SoN AiD3N iS tHree yeeRs Old
  or mSAi3yO
• Substitute special characters m8ni3y0
• Use a password checker (eg Microsoft site)
• Avoid sequences or repeated characters
  12345678, 2222222, abcdefg or qwertyuiop
• Avoid login name, changeme or common family or
  other names
• Avoid using the same password for all sites

http//www.microsoft.com/athome/security/privacy/p
assword.mspx
34
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 3
• You think that a Facebook is what is given to
  incoming students, faculty, and staff of colleges
  and preparatory schools, depicting members of the
  campus community

35
www.facebook.com
36
Concerns About Facebook

• Comments and photos on Facebook are available to
  the group unless they are, specifically, kept
  private
• Internet caching means that something posted to
  Facebook remains accessible to all on the
  internet, even if it is removed from your site
• Comments or photos on Facebook are not anonymous
• They can link employee and employer
• The use of Facebook to record work-related issues
  is, already, a problem in health care
• Facebook has been blocked for Ontario Government
  Employees

http//www.cbc.ca/canada/story/2007/05/03/ontario-
facebook.html http//en.wikipedia.org/wiki/Faceboo
k
37
Facebook

• Avoid Facebook for all work-related comments
• Forbidden at HHS (and most companies)
• Avoid Facebook for work-related pictures
• Forbidden at HHS
• Avoid Facebook for photos of colleagues (and
  yourself)
• Use the Privacy setting to avoid access by
  people outside your group
• Be aware that Facebook can be search by potential
  employers

http//www.cbc.ca/canada/story/2007/05/03/ontario-
facebook.html http//en.wikipedia.org/wiki/Faceboo
k
38
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 2
• You think that Hotmail is a great way to keep in
  touch with your office.

39
Concerns About Hotmail, Yahoo Gmail

• E-mails / data sent and received through Hotmail,
  etc are public domain
• They can be searched by US Homeland Security
• They are not necessarily secure from hackers
• They are not secure for transmission of sensitive
  / patient data
• They have limited filtering for spam
• They have very limited filtering for attachments
  that may harbour viruses, worms, etc
• A high proportion of HHS viruses, etc. come in
  with attachments to Hotmail, Yahoo, etc.

40
Hotmail, Yahoo Gmail Solutions

• Use HHS or McMaster e-mail systems for patient or
  work-related data
• xxxxx_at_hhsc.ca and xxxxx_at_mcmaster.ca secure and
  accepted for transmission of patient data
• Remote access is available using web-browser
  e-mail clients
• https//webmail.hhsc.ca/exchange/
• https//www.webmail.mcmaster.ca/exchange/
• Keep office PC and laptop updated with
  anti-virus, security software
• Call HHS ICT Helpdesk for help Ext 43000
• Watch for ONE Mail

41
ONE Mail

• The Smart Systems for Health Agency (SSHA) ONE
  Network Ontario's e-Health strategy through the
  Ontario Network for e-Health (ONE)
• ONE Network is the common connectivity
• ONE ID allows health care professionals access to
  applications and systems hosted or operated by
  SSHA
• ONE Mail is e-mail that is secure and reliable
  enough for health care providers to send health
  and personal information
• ONE Pages is the directory listing of health care
  providers to whom information can be e-mailed
  securely using ONE Mail.
• Health care providers will be able to share
  information about their patients over the
  Internet with full data protection

http//www.health.gov.on.ca/ehealth/initiatives/in
itiatives_mn.html
42
The Top Ten Signs that the Digital Information
Age has Caught You Unaware

• Number 1
• You think that www.ratemds.com is an non-biased
  website to be used by doctors, patients and
  prospective patients, to empower patients in
  their choice of physician.

43
http//www.ratemds.com

• RateMDs.com allows patients to rate and read
  about their doctors and dentists
• Soon to be joined by www. ratemymd.ca
• The comments and opinions appear to be anonymous
  and unmoderated
• Some entries are complimentary
• Some entries appear to be libelous
• Although it is, nominally, for patients,
  co-workers, colleagues, family and others can
  post to this website

44
With great power comes great responsibility!

• The Top Ten Signs that the Digital Information
  Age has Caught You Unaware.

45
(No Transcript)