Title: The Top 10 Ways for Physicians to Avoid e-Trouble
1The Top 10 Ways for Physicians to Avoid e-Trouble
General Business MeetingHamilton Chamber of
Commerce14th May 2007
- David ArmstrongHamilton Health SciencesMedical
Staff Association
2(No Transcript)
3- The Top Ten Signs that the Digital Information
Age has Caught You Unaware.
4The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 10
- You think that flaming is a way to cook
hamburgers on the barbeque.
5E-mail Etiquette
- Flaming is the act of sending or posting messages
that are deliberately hostile and insulting - The word flaming is also sometimes used for
long, intensive and heated discussions, even
though insults do not occur - It is noted that Internet users are more likely
to flame online than insult others in the real
world, as the latter can lead to embarrassment
and physical altercations, which online
"anonymity" can avoid
http//en.wikipedia.org/wiki/Flame_war
6E-mail Etiquette
- Comments
- The lack of body language and voice inflection in
e-mail make it difficult to show emotions in a
nuanced way - If you wouldnt say it face-to-face or in a
written letter, dont put in an e-mail - Be parsimonious with Cc and Bcc
- Count to ten before clicking the ltSendgt button
- Recalling an e-mail does nothing of the sort!
- E-mails are generally unerasable
http//en.wikipedia.org/wiki/Flame_war
7The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 9
- Your last newsletter from the CMPA was addressed
to Dr. Paparazzo.
8Photography
- Paparazzi is a plural term (paparazzo being the
singular form) for photographers who take candid
photographs of celebrities, usually by shadowing
them relentlessly in their public and private
activities. - Paparazzo - someone who takes photos without the
subjects permission - The photograph may be intentional or inadvertent
9Inadvertent Pictures
I hope that Ralph Fiennes doesnt see this! If
for nothing else, hell sue me because I got his
name wrong!
10Clinical Photography
- Clinical photographs are permissible but
- Consent must be obtained from the patient
- HHS has a consent form for photos, etc.
- Ensure that there are no unexpected patients /
individuals in the picture - Ensure that your images are stored and used
appropriately
11The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 8
- You receive a letter from a casting agent asking
if you wish to audition for the part of Freddy
Kruger in Nightmare on Elm Street, Part XVII
The Laparotomy Continues.
12Amusing Photos Out of Context
13Amusing Photos
- The internet permits rapid and widespread
dissemination of photos - Digital photos are particularly portable
- Pictures showing you with
- A drink in your hand
- May raise concern about your sobriety and
judgement - A meat cleaver
- May raise concern about your surgical technique
14The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 7
- The camera on your new Blackberry really came in
handy when you saw a patient with an unusual skin
rash.
15Cell Phone Photography
- Waparazzi Amateur photographers who use mobile
phones to take pictures at major events - Snaparazzi Passers-by or witnesses to news
events who take images later used for broadcast
16Cell Phone Cameras
- There have already been instances of
inappropriate camera phone use in health care
settings - The images are rarely secure
- If the phone or memory card is stolen or lost,
the images are vulnerable - The images may be synchronised to a server or
home PC and will not necessarily be encrypted - Photos may include patients or other
individuals without their permission or consent - The images are often low resolution
- The use of camera phones in hospital is not
permitted by HHS
17Cell Phone Cameras
- Dont use the cell phone camera in the hospital
at HHS - Use a proper camera (digital or film) to take
photos - With the individuals permission
- With the individuals informed consent
- Anonymise images if at all possible
- Transfer images to a secure storage medium and
erase from the camera, as soon as possible - Dont post photos to unsecure sites be careful
to whom you distribute photos - Password protect your cellphone / PDA
- Call ICT Help desk, if concerned Ext 43000
18The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 6
- Your first thought, on realizing that your laptop
has been stolen from your car, is that it cost
over 1500.
19Laptop Theft
- Hospital laptop theft sparks concerns
- (28 March 2007)
- Nationwide fined 980,000 over stolen laptop
- (14 February 2007)
- 100m US records exposed by security blunders
- (18 December 2006)
- Metropolitan Police in laptop theft security flap
- (22 November 2006)
- Ohio child hospital hack exposes 230,000 files
- (30 October 2006)
- Florida laptop loss sparks ID theft fears
- (11 August 2006)
- Security flap after US Navy loses laptops
- (28 July 2006)
- Laptop with veterans' data recovered intact
- (30 June 2006)
http//www.theregister.co.uk/2007/03/28/hospital_l
aptop_theft/
20Laptop Theft Ontario
- Hospitals and businesses need to do a better job
of ensuring personal information doesn't fall
into the wrong hands - especially as increased
mobility leaves organizations even more exposed
to breaches of security, Ontario's privacy
commissioner warned (8 March 2007) - The commissioner issued an order urging the
Toronto Hospital for Sick Children to introduce
new protective measures following the theft of a
laptop in January that contained information
about 2,900 patients. - A doctor with the hospital, who is also a
researcher there, took a laptop from work,
intending to analyze some data at home. The
laptop was stolen when the doctor's minivan was
burglarized in a Toronto parking lot.
http//ca.news.yahoo.com/s/capress/070308/health/h
ealth_privacy_hospital_laptop
21Laptop Theft Ontario
- The Sick Kids laptop was password-protected, but
encryption is a much safer form of security,
experts say. - "It's much easier to crack a password than an
encryption code," Cavoukian said. Passwords are
relatively easy to crack, whereas encrypted data
looks like gibberish to someone without a complex
numerical key to unlock it. - "A password without encryption is pretty simple
to defeat - it's like locking your door but
leaving your key in the lock," said Simon Hunt,
the chief technology officer for SafeBoot, an
encryption company. - Technology analyst Rick Broadhead said the
software is freely available and relatively
cheap, but people don't use it for one simple
reason "It's a pain."
http//ca.news.yahoo.com/s/capress/070308/health/h
ealth_privacy_hospital_laptop
22Laptop Theft Ontario
- Among the provisions in the health order
(HO-004), the Commissioner, Ann Cavoukian, issued
today under the Personal Health Information
Protection Act (PHIPA) - THSC must develop implement a comprehensive
corporate policy that prohibits the removal of
identifiable personal health information in
electronic form from the hospital premises. In
the event that personal health information in an
identifiable form needs to be removed in
electronic form, it must be encrypted. - The hospital must also develop and implement a
hospital-wide endpoint electronic devices policy,
applicable to both desktop and laptops/ PDAs,
which mandates that any personal health
information not stored on secure servers must
either be de-identified or encrypted.
http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
23Why back up?
- One hard drive crashes every 15 seconds in the
US. - One out of every five hard drives will fail.
- Hardware or system failure causes 78 of all data
loss. - Web software or OS upgrades can cause unexpected
failures. - Viruses corrupt and delete data files
- 2,000 laptops are lost /stolen daily lt 1 are
recovered. - It takes 19 days to recreate 20 MB of lost
data. - Most pictures can never be recreated.
- Home computers laptops are rarely, if ever,
backed up. - Business data backup occurs once daily, at best,
and often misses critical files stored in
unexpected locations
24Laptop Theft Solutions
- Keep your laptop safe
- Locking cable
- Locked room
- Hidden in car
- Laptop tracking software
- Password protection / Biometrics
- Keep data safe
- Avoid patient data on laptop, if possible
- Anonymise data
- Encrypt data
- Back-up data
- Call ICT Helpline Ext 43000
http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
25The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 5
- You arrive to give a presentation and cant find
your USB key you wish youd copied it on to a
CD, as well.
26USB Key Data
- Security flap as Scottish council loses USB key
- Published Wednesday 21st March 2007 1304 GMT
- Pay details of workers of Perth and Kinross
Council have been found on a memory stick left in
the street. - A USB key, containing 59 documents, was recovered
near a bike shelter close to the council building
at Pullar House .. and handed over to the local
paper. - Data on the key included 25 spreadsheets some of
which included details of council workers' pay,
National Insurance contributions, and overtime
hours. It also contained health and safety
reports, performance reviews, and budget
information.
http//www.theregister.co.uk/2007/03/21/perth_coun
cil_usb_loss/
27USB Key Data
- Inquiries by the Perth Advertiser established
that the loss of the device had gone unnoticed,
or at least unreported to police. A spokesman for
the council thanked the paper for the recovery of
the lost memory device, which he described as "an
unfortunate accident". - The council criticised the man who found the key
for not returning it directly to the council. - "The failure by the finder of the USB device to
return it to the council constitutes theft and
the council would like to thank the PA for its
return," he said.
http//www.theregister.co.uk/2007/03/21/perth_coun
cil_usb_loss/
28CD Data
- Georgia on the mind of three million after CD
loss - Published Wednesday 11th April 2007 0011 GMT
- Sensitive personal information on 2.9 million
Georgia residents is at risk after a company lost
a CD that contained the details. - The CD lost by Affiliated Computer Systems (ACS),
which was hired to handle the information,
contained full names, addresses, birth dates,
social security numbers and member identification
for recipients of Medicaid and other medical
programs, according to an advisory (PDF) from the
Georgia Department of Community Health (DCH). The
department said it has called on ACS to notify
all those affected and assist them in monitoring
their credit reports.
http//www.theregister.co.uk/2007/04/11/georgia_da
ta_loss/
29Encryption Softwarehttp//www.newsoftwares.net/ab
out.html
- Files can be protected on USB Flash Drives,
Memory Sticks, CD-RW, Floppies Notebooks. - Protection works even if files are taken from one
PC to another on a removable disk, without the
need to install any software.
30USB Theft Solutions
- Keep your USB key safe
- Consider attaching it to a neckband or keyring
- Password protection / Biometrics
- Dont forget CDs, DVDs, hard drives, floppies
- Keep data safe
- Avoid patient data on USB key, CD etc, if
possible - Anonymise data
- Encrypt data
- Back-up data
- Call ICT Helpline Ext 43000
- Advice re encryption software
- Advice re biometric-protected keys
http//www.ipc.on.ca/images/Findings/up-ho_004.pdf
31The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 4
- Your computer password is changeme
32Strong Passwords How to Create and Use Them
- Passwords are the keys to access personal
information on your computer and online accounts. - If criminals steal this information, they can use
your name to open new credit card accounts, apply
for a mortgage, or pose as you in online
transactions. - Fortunately, it is not hard to create strong
passwords and keep them well protected. - To an attacker, a strong password should appear
to be a random string of characters.
http//www.microsoft.com/athome/security/privacy/p
assword.mspx
33Strong Passwords How to Create and Use Them
- Make it lengthy use the entire keyboard
- Think of a sentence My son Aidan is 3 years
old - Add complexity mY SoN AiD3N iS tHree yeeRs Old
or mSAi3yO - Substitute special characters m8ni3y0
- Use a password checker (eg Microsoft site)
- Avoid sequences or repeated characters
12345678, 2222222, abcdefg or qwertyuiop - Avoid login name, changeme or common family or
other names - Avoid using the same password for all sites
http//www.microsoft.com/athome/security/privacy/p
assword.mspx
34The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 3
- You think that a Facebook is what is given to
incoming students, faculty, and staff of colleges
and preparatory schools, depicting members of the
campus community
35www.facebook.com
36Concerns About Facebook
- Comments and photos on Facebook are available to
the group unless they are, specifically, kept
private - Internet caching means that something posted to
Facebook remains accessible to all on the
internet, even if it is removed from your site - Comments or photos on Facebook are not anonymous
- They can link employee and employer
- The use of Facebook to record work-related issues
is, already, a problem in health care - Facebook has been blocked for Ontario Government
Employees
http//www.cbc.ca/canada/story/2007/05/03/ontario-
facebook.html http//en.wikipedia.org/wiki/Faceboo
k
37Facebook
- Avoid Facebook for all work-related comments
- Forbidden at HHS (and most companies)
- Avoid Facebook for work-related pictures
- Forbidden at HHS
- Avoid Facebook for photos of colleagues (and
yourself) - Use the Privacy setting to avoid access by
people outside your group - Be aware that Facebook can be search by potential
employers
http//www.cbc.ca/canada/story/2007/05/03/ontario-
facebook.html http//en.wikipedia.org/wiki/Faceboo
k
38The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 2
- You think that Hotmail is a great way to keep in
touch with your office.
39Concerns About Hotmail, Yahoo Gmail
- E-mails / data sent and received through Hotmail,
etc are public domain - They can be searched by US Homeland Security
- They are not necessarily secure from hackers
- They are not secure for transmission of sensitive
/ patient data - They have limited filtering for spam
- They have very limited filtering for attachments
that may harbour viruses, worms, etc - A high proportion of HHS viruses, etc. come in
with attachments to Hotmail, Yahoo, etc.
40Hotmail, Yahoo Gmail Solutions
- Use HHS or McMaster e-mail systems for patient or
work-related data - xxxxx_at_hhsc.ca and xxxxx_at_mcmaster.ca secure and
accepted for transmission of patient data - Remote access is available using web-browser
e-mail clients - https//webmail.hhsc.ca/exchange/
- https//www.webmail.mcmaster.ca/exchange/
- Keep office PC and laptop updated with
anti-virus, security software - Call HHS ICT Helpdesk for help Ext 43000
- Watch for ONE Mail
41ONE Mail
- The Smart Systems for Health Agency (SSHA) ONE
Network Ontario's e-Health strategy through the
Ontario Network for e-Health (ONE) - ONE Network is the common connectivity
- ONE ID allows health care professionals access to
applications and systems hosted or operated by
SSHA - ONE Mail is e-mail that is secure and reliable
enough for health care providers to send health
and personal information - ONE Pages is the directory listing of health care
providers to whom information can be e-mailed
securely using ONE Mail. - Health care providers will be able to share
information about their patients over the
Internet with full data protection
http//www.health.gov.on.ca/ehealth/initiatives/in
itiatives_mn.html
42The Top Ten Signs that the Digital Information
Age has Caught You Unaware
- Number 1
- You think that www.ratemds.com is an non-biased
website to be used by doctors, patients and
prospective patients, to empower patients in
their choice of physician.
43http//www.ratemds.com
- RateMDs.com allows patients to rate and read
about their doctors and dentists - Soon to be joined by www. ratemymd.ca
- The comments and opinions appear to be anonymous
and unmoderated - Some entries are complimentary
- Some entries appear to be libelous
- Although it is, nominally, for patients,
co-workers, colleagues, family and others can
post to this website
44With great power comes great responsibility!
- The Top Ten Signs that the Digital Information
Age has Caught You Unaware.
45(No Transcript)