Security of Health Care Information Systems - PowerPoint PPT Presentation

Loading...

PPT – Security of Health Care Information Systems PowerPoint presentation | free to view - id: 499f8-NDQ0Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Security of Health Care Information Systems

Description:

Threats to Health Care Information. HIPAA Security ... A health care provider who transmits protected health information (phi) in an electronic form ... – PowerPoint PPT presentation

Number of Views:660
Avg rating:3.0/5.0
Slides: 28
Provided by: mye9
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Security of Health Care Information Systems


1
Security of Health Care Information Systems
  • Chapter 10

2
Outline
  • Define Security Program
  • Threats to Health Care Information
  • HIPAA Security Regulations
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Wireless Security Issues

3
Security Program
  • Identifying potential threats
  • Implementing processes to remove or mitigate
    threats
  • Protects not only patient-specific information
    but also IT assets
  • Balance need for security with cost of security
  • Balance need for information access with security

4
Threats to Health Care Information
  • Human Threats
  • Natural or Environmental Threats
  • Technology Malfunctions

5
Human Threats
  • Intentional or Unintentional
  • Internal or External
  • Examples
  • Virusesintentional external
  • Installing unauthorized softwareintentional or
    unintentional internal
  • Cause of unintentional may be lack of training

6
HIPAA Security Standards
  • Key Terms
  • Covered entity
  • Required implementation specification
  • Addressable implementation specification

7
Covered Entity (CE)
  • A health plan
  • A health care clearinghouse
  • A health care provider who transmits protected
    health information (phi) in an electronic form

8
Required Specification
  • Must be implemented by the CE

9
Addressable Specification
  • Implement as stated
  • Implement an alternative to accomplish the same
    purpose
  • Demonstrate that specification is not reasonable

10
HIPAA Overview
  • Technology Neutral
  • Includes
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Policies, Procedures and Documentation

11
Administrative Safeguards
  • Security management functions
  • Assigned security responsibility
  • Workforce security
  • Information access management
  • Security awareness and training
  • Security incident reporting
  • Contingency plan
  • Evaluation
  • Business associate contacts and other arrangements

12
Physical Safeguards
  • Facility access controls
  • Workstation use
  • Workstation security
  • Device and media controls

13
Technical Safeguards
  • Access control
  • Audit controls
  • Integrity
  • Person or entity authentication
  • Transmission security

14
Policies, Procedures and Documentation
  • Policies and Procedures
  • Documentation

15
Administrative Safeguard Practices
  • Risk analysis and management (Weil, 2004)
  • Boundary definition
  • Threat identification
  • Vulnerability identification
  • Security control analysis
  • Risk likelihood determination
  • Impact analysis
  • Risk determination
  • Security control recommendations

16
Administrative Safeguard Practices
  • Chief Security Officer
  • System Security Evaluation

17
Physical Safeguard Practices
  • Assigned security responsibilities
  • Media controls
  • Physical access controls
  • Workstation security

18
Technical Safeguard Practices
  • Access control
  • User-based access
  • Role-based access
  • Context-based access

19
Technical Safeguard Practices
  • Entity Authentication
  • Password systems
  • PINs
  • Biometric id systems
  • Telephone callback systems
  • Tokens
  • Layered systems

20
Technical Safeguard Practices
  • Two-factor authentication (Walsh, 2003)
  • Use two of the following
  • Something you knowpassword, etc
  • Something you havetoken or card, etc
  • Something you arefingerprint, etc

21
Password Dos and Donts
  • Dont
  • Pick a password that can be guessed
  • Pick a word that can be found
  • Pick a word that is newsworthy
  • Pick a word similar to previous
  • Share your password
  • Do
  • Pick a combination of letters and at least one
    number
  • Pick a word that you can remember
  • Change your password often

22
Technical Safeguard Practices
  • Audit Trails
  • Data Encryption
  • Firewall Protection
  • Virus Checking

23
Wireless Security
  • Same problems with security
  • Plusdifficult to limit the transmission of media
    to just the areas under your control
  • Need clear policies appropriate sanctions
  • Assign responsibility for hardware

24
TED Talk Eve Ensler on Security and insecurity
Playwright Eve Ensler explores our modern craving
for security -- and why it makes us less secure.
http//www.ted.com/index.php/talks/eve_ensler_on_s
ecurity.html
25
Summary Slide
  • Security Program
  • Threats to Health Care Information
  • HIPAA Definitions
  • Covered Entity (CE)
  • Required Specification
  • Addressable Specification

26
Summary Slide (cont.)
  • HIPAA Overview
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Policies, Procedures and Documentation

27
Summary Slide (cont.)
  • Administrative Safeguard Practices
  • Physical Safeguard Practice
  • Technical Safeguard Practices
  • Wireless Security Issues
About PowerShow.com