AMC Security and Privacy Conference: Daily Track Report - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

AMC Security and Privacy Conference: Daily Track Report

Description:

AMC Security and Privacy Conference: Daily Track Report Security Track Rob Adams and Gordon Apple AKA Butch and Sundance! Sessions Being Reported On: E-mailing ePHI ... – PowerPoint PPT presentation

Number of Views:151
Avg rating:3.0/5.0
Slides: 13
Provided by: DaveK83
Category:

less

Transcript and Presenter's Notes

Title: AMC Security and Privacy Conference: Daily Track Report


1
AMC Security and Privacy Conference Daily Track
Report
  • Security Track
  • Rob Adams and Gordon Apple

2
AKA Butch and Sundance!
3
Sessions Being Reported On
  • E-mailing ePHI
  • Risky Business Analyzing Your AMCs Security Risk
  • Authentication Traditional Innovative
    Techniques

4
E-mailing ePHI
  • Two portals one content filtering
  • One portal integrated with EMR
  • Vanderbilt - high value beyond e-mail to promote
    acceptance
  • Process - move from intra-department to
    inter-department to patient messaging
  • Mapped to triage system - common basket approach
  • Penn - Content filtering - transparent to end
    user using lexicon to trigger encryption

5
E-mailing ePHI
  • Recipient options
  • Between clients (institutions)
  • Between clients ( providers)
  • SSL - pull technology
  • Authentication challenges
  • No physical presentation of credentials
  • Shared recipient accounts
  • UConn - portal approach
  • Desire to leverage IDX patient data
  • E-mail notification of mail in portal
  • Proxy MD authentication to internal directory

6
Risky Business - Analyzing Your AMCs Security
Risk
  • Can delegate authority but not responsibility
  • Need enterprise approach
  • You get what you inspect, but not what you
    expect!
  • IT Security posture establishes confidence with
    patients
  • Need to map beyond HIPAA
  • Identification of reasonably anticipated risks
    dependent on robust process

7
Risky Business - Analyzing Your AMCs Security
Risk
  • Balkanization is a major challenge!
  • System configuration debates
  • Vendor relationships
  • Resources dependent on senior management
    commitment
  • Can lead a horse to water, but you cant make it
    drink!

8
Authentication - Traditional and Innovative
Techniques
  • Diverse users - doctors, nurses weird people!
  • Need to track across systems
  • Need to track role changes
  • Ability of AMC to absorb change
  • Data Steward policy approach
  • Responsibility for safeguards at the lowest
    levels
  • If you access the network, YOU are a data
    steward!

9
Authentication Traditional and Innovative
Techniques
  • Authentication challenge - wetware interface!
  • Trust me, I have my own security methodology
  • We dont know what we dont know.
  • Application or database layer
  • User ID Password
  • Certificates for select applications
  • Domain level
  • Active directory
  • Becoming single point of turn-on/disconnect

10
Authentication Traditional and Innovative
Techniques
  • Authentication to network is a hot button
  • Not 100
  • Single sign-on..a career, not an initiative
  • Goalone identity, one password, one entitlement
    repository

11
Authentication Traditional and Innovative
Techniques
  • One identity
  • Unique user ID
  • Central directory
  • One password
  • Closestandardize on two authentication sources
    LDAP AD
  • Small victorymajor clinical applications
  • One entitlement repository
  • Policy and standards
  • Still looking for methods/applications

12
Authentication Traditional and Innovative
Techniques
  • Put responsibility on HR to initiate process of
    hire, change, terminationsprovides the feed to
    IT.
  • Challenge - within 6 months4600 transients!
Write a Comment
User Comments (0)
About PowerShow.com