Security of Health Information - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Security of Health Information

Description:

Security of Health Information. Nancy Clark, M.Ed. FSU ... Health Information ... of all personal health information, regardless of who creates, stores ... – PowerPoint PPT presentation

Number of Views:99
Avg rating:3.0/5.0
Slides: 33
Provided by: Nancy9
Category:

less

Transcript and Presenter's Notes

Title: Security of Health Information


1
Security of Health Information
  • Nancy Clark, M.Ed.
  • FSU College of Medicine
  • http//www.med.fsu.edu/informatics

2
Objectives
  • Demonstrate knowledge of issues surrounding the
    privacy and security of clinical data, including
  • Health Insurance Portability and Accountability
    Act (HIPAA)
  • Patient confidentiality
  • E-Mail with patients and colleagues
  • Role of technology

3
Issues
  • HIPAA and privacy
  • Threats to security and privacy
  • Using good passwords
  • Using virus software
  • Hardware/software options
  • Backing up your system
  • E-Mail with Patients

4
HIPAA
  • Health Insurance Portability and Accountability
    Act of 1996
  • Insurance Reform Carry health insurance to
    different plans
  • Administrative Simplification Standards for
    electronically stored and transmitted data
  • Improve efficiency of sharing health data
  • Protecting privacy and confidentiality

5
Security, Privacy, Confidentiality
  • Privacy The Right
  • Right of individual to have anonymity
  • Confidentiality The Expectation
  • Obligation of the user of an individuals
    information to respect and uphold that
    individuals privacy
  • Security The Mechanism
  • Policies, procedures, mechanisms, tools,
    technologies, and accountability methods to
    support Privacy
  • PHI - Protected Health Information
  • Patient identifiable information protected
    (paper or electronic)

6
Illustration
  • Husband's note on refrigerator to his wife
  • Someone from the
  • Gyna College called-
  • They said Pabst beer
  • is normal.

7
Compliance Deadlines
8
Significance of HIPAA
  • What You Need to Know About HIPAA Now
  • In my opinion, the unmistakable legacy of
    HIPAA will be to encourage computerization of all
    personal health information, regardless of who
    creates, stores or transmits it. How else can
    providers meet HIPAA's exhaustive requirements
    The alternative to computerizing patients'
    medical information will be to maintain massive
    paper logs kept under lock and key. David C.
    Kibbe, MD, MBA

9
Categories of Security Regulations
  • Administrative procedures
  • Contingency planning
  • Information access controls
  • Staff training

10
Categories of Security Regulations
  • Administrative Procedures
  • Physical safeguards
  • Medical records storage areas
  • Printers, copiers, fax machines
  • Workstations
  • Server locations

11
Categories of Security Regulations
  • Administrative Procedures
  • Physical safeguards
  • Technical security
  • Passwords
  • Authentication
  • Digital signatures
  • Firewalls
  • Virus protection, VPN, encryption

12
Security The Three As
  • Authentication
  • You are who you say you are
  • Authorization
  • You can see and do what you are permitted by
    policy to see and do
  • Accountability
  • You are held responsible for what you see and do

13
Authentication
  • Passwords simplest form of authentication
  • Can be very secure, but one breach can spread
    rapidly
  • Can be too secure if you forget your password

14
Selecting Good Passwords
  • Using Good Passwords
  • Suggestions for Selecting Good Passwords
  • not guessable by any program
  • easily remembered
  • private
  • Secret
  • Change them regularly

15
Biometric Authentication
  • Identify who you are by a physical attribute
  • Signature
  • Facial Points
  • Voice Print
  • Typing Style

16
Biometric Authentication
  • Fingerprint
  • Optical, Digital
  • Hmmm would someone in a hospital have access to
    a severed finger?
  • Iris
  • Highly accurate
  • Same issue as with a dead finger
  • Requires a camera

17
Authorization
  • Im a valid user or the system, and Ive been
    authenticated. I want to see EVERYTHING on
    EVERYONE!!!
  • The system can define who is authorized to see
    and do what

18
Authorization Models
  • User Based
  • I have certain authorization rights based on who
    I am as an individual
  • Role Based
  • I have authority based on my role e.g. doctor vs.
    nurse vs. lab technologist
  • Context Based
  • Who you are Where you are What you are When
    you are What you are

19
Accountability
  • You are held responsible for what you see and do
  • Difficult to develop systems-based ways of
    ensuring accountability
  • An ethics problem

20
Accountability
  • Security can help ensure accountability
  • Audit Logging We know where youve been
  • Password policies
  • Alert capabilities

21
Ethics and Morals
  • One definition
  • Morals choice between right and wrong
  • Ethics choice between right and right
  • Example 1
  • Famous person in hospital, and youre curious
    about their lab results

22
Workplace Ethics
  • Many people may have access to patient data
  • Trust
  • Knowledge of Rules - Training
  • Awareness of Consequences

23
Technology Solutions
  • Data Encryption
  • Data Aging remove data after a certain time
  • Data Transmission Security cant move what
    isnt authorized
  • Local Authentication
  • Includes time-out function

24
Threats to Data Security and Privacy
  • Viruses, worms, etc
  • Hackers/snoopers
  • Crashes
  • Theft
  • Power failure/surges
  • Trauma/loss

25
Virus Protection
  • Norton
  • McAfee
  • Others - Computer Security Software
  • Updating

26
Unauthorized Access Protection
  • Firewalls
  • Home PC Firewall Guide
  • Secure Network Devices
  • Secure Modems
  • Encryption devices
  • Virtual Private Networks (VPN)
  • Introduction to Network Security

27
Hardware Solutions
  • UPS uninterruptible power supply
  • Surge protector power/modem
  • APC
  • Tape backup
  • RAID/mirrored system
  • Protective cases (laptops and PDAs)
  • Compucage

28
Backing Up Your Data
Backing up your data
  • What
  • email files
  • word processor files
  • databases
  • web bookmarks
  • files you directly create
  • Where
  • Zip/Jaz disk
  • CD-R or RW
  • Compact Flash (PDA)
  • DVD
  • Tape
  • Remote sites

29
E-Mail
30
Smart E-mailing with Patients
  • Tips to avoid legal problems
  • Get informed consent
  • Include instructions when and how e-mail should
    escalate to phone call or office visit.
  • Use password-protected screen savers.
  • Never forward patient-identifiable information to
    3rd party
  • Never use patient's e-mail address in marketing
    scheme.

31
Tips to avoid legal problems
  • Don't share e-mail accounts with family members.
  • Use encryption when available and practical.
  • Double-check "to" fields before sending.
  • Commit policy decisions to writing and electronic
    form.
  • Save e-mail communication electronically or on
    paper.

32
Wrap Up
  • Keep HIPAA on radar screen
  • Observe how clerkship faculty practices are
    dealing with security
  • Read policies
  • Ask questions
  • Follow as unfolds
Write a Comment
User Comments (0)
About PowerShow.com