Introduction to Information and Computer Science - PowerPoint PPT Presentation

Loading...

PPT – Introduction to Information and Computer Science PowerPoint presentation | free to download - id: 733b2c-YzYyO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Introduction to Information and Computer Science

Description:

Introduction to Information and Computer Science Security Lecture c This material (Comp4_Unit8c) was developed by Oregon Health and Science University, funded by the ... – PowerPoint PPT presentation

Number of Views:303
Avg rating:3.0/5.0
Slides: 22
Provided by: Oreg50
Learn more at: http://media.fdtc.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Introduction to Information and Computer Science


1
Introduction to Information and Computer Science
  • Security
  • Lecture c
  • This material (Comp4_Unit8c) was developed by
    Oregon Health and Science University, funded by
    the Department of Health and Human Services,
    Office of the National Coordinator for Health
    Information Technology under Award Number
    IU24OC000015.

2
SecurityLearning Objectives
  • List and describe common security concerns
    (Lecture a)
  • Describe safeguards against common security
    concerns (Lecture b)
  • Describe security concerns for wireless networks
    and how to address them (Lectures b and c)
  • List security concerns/regulations for health
    care applications (Lecture c)
  • Describe security safeguards used for health care
    applications (Lecture c)

Introduction to Information and Computer Science

Security

Lecture c
3
Security and Wireless Networking
  • Wireless networks unsecure by their very nature
  • Home networks
  • Hot spots
  • Campus environments
  • Wireless networks are everywhere in medical
    environment
  • Doctors and nurses move from room to room
    constantly

3
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
4
Wireless Device Security
  • Wireless Access Points (WAPs) must be configured
    for security
  • Change default password
  • Select unique SSID
  • Do not broadcast SSID
  • Require WPA2 authentication
  • Restrict access to known devices
  • Can program MAC addresses into WAP memory

4
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
5
Wireless Device Security (continued)
  • Install digital certificates on sensitive devices
  • Only devices with known/valid certificates can
    communicate on network
  • Requires use of special servers
  • Not usually for small offices
  • The image below shows a partial browser address
    bar with a valid bank certificate.
  • Clicking the gold lock will display the banks
    certificate.

(PD-US, 2006)
5
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
6
Wireless Device Security (continued)
  • Smartphones
  • All portable devices connecting to network need
    AV protection
  • Do not use a portable device for sensitive
    transactions unless it is AV protected
  • Do not open email or attachments from unsolicited
    sources
  • Known sources might be virus-infected, meaning
    that they did not send the email/attachment
  • No exceptions

6
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
7
Health Care Applications and Security
  • US Governments stated goal
  • Most Americans to have access to electronic
    health records (EHRs) by 2014
  • Why EHRs?
  • Improve quality of care
  • Decrease cost
  • Ensure privacy and security
  • Outsourcing introduces risk
  • Medical transcriptionists in countries with
    different cultural values and EHR regulations

7
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
8
Concerned About Security of Health Data?
  • Incorrect health data recorded
  • Someone elses information in anothers record
  • Job discrimination
  • Denied employment or health coverage based on
    pre-existing condition
  • Personal privacy violated
  • Friends and family find out about embarrassing
    but non-infectious condition
  • Sharing of data between providers adds risk
  • Use of Internet always introduces risk

8
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
9
What is an EHR System?
  • Collection of health data about the business,
    patients, doctors, nurses
  • Health data stored as records in database system
  • Records represent a complete event
  • What is stored in a database as one record?
  • A patients personal information
  • An office visit to a doctor
  • A blood test
  • An x-ray

9
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
10
EHRs Used by Health Care Providers
  • EHRs maintained by health care providers
  • EHRs covered by HIPAA rules
  • EHRs use centralized database systems to
    integrate patient intake, medical care, pharmacy,
    billing into one system
  • Departments/entities may not be in same physical
    location, so patient data must travel over the
    Internet
  • People can view own health record, taking
    ownership of its contents, ensuring accuracy

10
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
11
EHR Security Q A
  • How is data sent over the Internet?
  • It should be sent in an encrypted, secure manner
    over the Internet
  • Is data safe?
  • Much depends on each organizations physical
    record and network security practices
  • No data is 100 secure against theft or misuse
  • Who can view my health records?
  • Only those who need to know or view the contents
    of a health record should be able to view it
  • Patient must authorize all other access

11
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
12
Federal Regulations
  • HIPAA (Health Insurance Portability and
    Accountability Act) was enacted in 1996 by the
    federal government
  • HIPAA requires that health care providers,
    insurance companies, and employers abide by
    privacy and security standards

12
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
13
HIPAA and Privacy
  • Privacy Rule
  • HIPAA requires those covered by the act to
    provide patients a Notice of Privacy Practices
    when care is first provided
  • The Privacy Rule covers paper and electronic
    private health information
  • Security Rule
  • Covers administrative, physical, and technical
    data safeguards that secure electronic health
    record data

13
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
14
What is Privacy?
  • Most privacy law revolves around privacy between
    a person and the government
  • According to Wikipedia, The law of privacy
    regulates the type of information which may be
    collected and how this information may be used
    and stored.
  • Privacy relates to people

14
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
15
What is Confidentiality?
  • Not same as privacy
  • According to Wikipedia, Confidentiality is
    commonly applied to conversations between doctors
    and patients. Legal protections prevent
    physicians from revealing certain discussions
    with patients, even under oath in court. The rule
    only applies to secrets shared between physician
    and patient during the course of providing
    medical care.
  • i.e., confidentiality relates to data

15
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
16
Steps to Secure EHR Records
  • Authenticate and authorize all record access
  • Only those with need to know can view
  • Only pertinent people can change records
  • Limit who can print electronic documents
  • All views and changes recorded for audit trail
  • Examples
  • A clerk can view the dates and charges related to
    an office visit but nothing about treatment
  • Nurses and doctors can view medical records for
    patients under their care and no one else

16
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
17
Steps to Secure EHR Records (continued)
  • Device security
  • Apply OS critical updates immediately
  • AV definitions always current
  • Restrict physical access to servers
  • Allow only authenticated device access
  • Secure electronic communications
  • Encrypt all EHR communications
  • Client-server environment
  • Configure user accounts and groups
  • Implement network access protection mechanisms

17
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
18
Steps to Secure EHR Records (continued)
  • Web environment considerations
  • Implement HTTPS for all Web transactions
  • Validate all data entered into Web forms
  • Perform regular audits of access and changes
  • Implement redundant devices
  • Ensures that devices are available as expected
  • Load-balance heavily used hardware devices
  • Prosecute security violations vigorously
  • Backup EHR data with secure storage

18
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
19
SecuritySummary Lecture c
  • Wireless networks
  • Security concerns for healthcare applications
  • Regulations for healthcare applications

19
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
20
SecuritySummary
  • Common security concerns
  • Safeguards
  • Wireless networks security
  • Concerns, mitigations, regulations re healthcare
    applications

20
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
21
SecurityReferences Lecture c
  • References
  • Wikipedia. Network security. Internet. 2010
    cited 2011 Nov 07. Available from
    http//en.wikipedia.org/wiki/Network_security.
  • Wikipedia. Wireless security. Internet. 2010
    cited 2011 Nov 07. Available from
    http//en.wikipedia.org/wiki/Wireless_security.
  • Wikipedia. Wireless LAN security. Internet.
    2010 cited 2011 Nov 07. Available from
    http//en.wikipedia.org/wiki/Wireless_LAN_security
    .
  • Wikipedia. Electronic health record. Internet.
    2010 cited 2011 Nov 07. Available from
    http//en.wikipedia.org/wiki/Electronic_health_rec
    ord.
  • Wikipedia. Electronic medical record. Internet.
    2010 cited 2011 Nov 07. Available from
    http//en.wikipedia.org/wiki/Electronic_medical_re
    cord.
  • Health and Human Services. HHS Announces Project
    to Help 3.6 Million Consumers Reap Benefits of
    Electronic Health Records. Internet. 2010
    cited 2011 Nov 07. Available from
    http//www.hhs.gov/news/press/2007pres/10/pr200710
    30a.html.
  • Informatics Professor, Meaningful Use A Highly
    Useful Construct for Informatics. Internet.
    2010 May cited 2011 Nov 07. Available from
    http//informaticsprofessor.blogspot.com/2010/05/m
    eaningful-use-highly-useful-construct.html.
  • Images
  • Slide 5 Screenshot of a partial browser address
    bar with a valid bank certificate. (PD-US, 2006)

21
Introduction to Information and Computer Science

Security

Lecture c
Health IT Workforce Curriculum
Version 3.0/Spring 2012
About PowerShow.com