Security of Health Care Information Systems - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Security of Health Care Information Systems

Description:

Threats to Health Care Information. HIPAA Security ... A health care provider who transmits protected health information (phi) in an electronic form ... – PowerPoint PPT presentation

Number of Views:1261
Avg rating:3.0/5.0
Slides: 28
Provided by: mye9
Category:

less

Transcript and Presenter's Notes

Title: Security of Health Care Information Systems


1
Security of Health Care Information Systems
  • Chapter 10

2
Outline
  • Define Security Program
  • Threats to Health Care Information
  • HIPAA Security Regulations
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Wireless Security Issues

3
Security Program
  • Identifying potential threats
  • Implementing processes to remove or mitigate
    threats
  • Protects not only patient-specific information
    but also IT assets
  • Balance need for security with cost of security
  • Balance need for information access with security

4
Threats to Health Care Information
  • Human Threats
  • Natural or Environmental Threats
  • Technology Malfunctions

5
Human Threats
  • Intentional or Unintentional
  • Internal or External
  • Examples
  • Virusesintentional external
  • Installing unauthorized softwareintentional or
    unintentional internal
  • Cause of unintentional may be lack of training

6
HIPAA Security Standards
  • Key Terms
  • Covered entity
  • Required implementation specification
  • Addressable implementation specification

7
Covered Entity (CE)
  • A health plan
  • A health care clearinghouse
  • A health care provider who transmits protected
    health information (phi) in an electronic form

8
Required Specification
  • Must be implemented by the CE

9
Addressable Specification
  • Implement as stated
  • Implement an alternative to accomplish the same
    purpose
  • Demonstrate that specification is not reasonable

10
HIPAA Overview
  • Technology Neutral
  • Includes
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Policies, Procedures and Documentation

11
Administrative Safeguards
  • Security management functions
  • Assigned security responsibility
  • Workforce security
  • Information access management
  • Security awareness and training
  • Security incident reporting
  • Contingency plan
  • Evaluation
  • Business associate contacts and other arrangements

12
Physical Safeguards
  • Facility access controls
  • Workstation use
  • Workstation security
  • Device and media controls

13
Technical Safeguards
  • Access control
  • Audit controls
  • Integrity
  • Person or entity authentication
  • Transmission security

14
Policies, Procedures and Documentation
  • Policies and Procedures
  • Documentation

15
Administrative Safeguard Practices
  • Risk analysis and management (Weil, 2004)
  • Boundary definition
  • Threat identification
  • Vulnerability identification
  • Security control analysis
  • Risk likelihood determination
  • Impact analysis
  • Risk determination
  • Security control recommendations

16
Administrative Safeguard Practices
  • Chief Security Officer
  • System Security Evaluation

17
Physical Safeguard Practices
  • Assigned security responsibilities
  • Media controls
  • Physical access controls
  • Workstation security

18
Technical Safeguard Practices
  • Access control
  • User-based access
  • Role-based access
  • Context-based access

19
Technical Safeguard Practices
  • Entity Authentication
  • Password systems
  • PINs
  • Biometric id systems
  • Telephone callback systems
  • Tokens
  • Layered systems

20
Technical Safeguard Practices
  • Two-factor authentication (Walsh, 2003)
  • Use two of the following
  • Something you knowpassword, etc
  • Something you havetoken or card, etc
  • Something you arefingerprint, etc

21
Password Dos and Donts
  • Dont
  • Pick a password that can be guessed
  • Pick a word that can be found
  • Pick a word that is newsworthy
  • Pick a word similar to previous
  • Share your password
  • Do
  • Pick a combination of letters and at least one
    number
  • Pick a word that you can remember
  • Change your password often

22
Technical Safeguard Practices
  • Audit Trails
  • Data Encryption
  • Firewall Protection
  • Virus Checking

23
Wireless Security
  • Same problems with security
  • Plusdifficult to limit the transmission of media
    to just the areas under your control
  • Need clear policies appropriate sanctions
  • Assign responsibility for hardware

24
TED Talk Eve Ensler on Security and insecurity
Playwright Eve Ensler explores our modern craving
for security -- and why it makes us less secure.
http//www.ted.com/index.php/talks/eve_ensler_on_s
ecurity.html
25
Summary Slide
  • Security Program
  • Threats to Health Care Information
  • HIPAA Definitions
  • Covered Entity (CE)
  • Required Specification
  • Addressable Specification

26
Summary Slide (cont.)
  • HIPAA Overview
  • Administrative Safeguards
  • Physical Safeguards
  • Technical Safeguards
  • Policies, Procedures and Documentation

27
Summary Slide (cont.)
  • Administrative Safeguard Practices
  • Physical Safeguard Practice
  • Technical Safeguard Practices
  • Wireless Security Issues
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Security of Health Care Information Systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!