Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and...
Transcript of Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and...
![Page 1: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/1.jpg)
Component 9 – Networking and Health Information
Exchange
Unit 9-2Privacy, Confidentiality, and
Security Issues and Standards
This material was developed by Duke University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000024.
![Page 2: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/2.jpg)
Unit 9-2 Objectives
• Define access control methods
• Analyze access restrictions to data storage and retrieval (physical and software)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20112
![Page 3: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/3.jpg)
Access Control
• Who or what is allowed access to a particular resource and what level of access are they allowed
• Terminology– Identification– Authentication– Authorization
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20113
![Page 4: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/4.jpg)
Access Control Best Practices
• Separation of duties– Require more than 1 person to perform an
action
• Least privilege– Only give user the access needed
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20114
![Page 5: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/5.jpg)
Access Control Models
• Discretionary Access Control (DAC)
• Mandatory Access Control (MAC)
• Role Based Access Control (RBAC)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20115
![Page 6: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/6.jpg)
Access Control Types• Logical
– Access to data files, programs and networks• Access Control Lists (ACLs)• Account Restrictions• Passwords
• Physical– Access to physical locations
• Locks• Badges• Mantraps
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20116
![Page 7: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/7.jpg)
Access Control List (ACL)
An ACL is a list that
is associated with
file, directory or
object that lists who
has access to it and
what access
they have.
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20117
![Page 8: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/8.jpg)
Account Restrictions
• Account expiration
• Time of day
• Login location
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20118
![Page 9: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/9.jpg)
Passwords
• Combination of letters, numbers and special characters
• Recommend upper and lower case characters
• The more characters the better
• Should be changed frequently
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 20119
![Page 10: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/10.jpg)
Passwords Should Never
• Be default passwords
• Should never be written down
• Should never be a word in a dictionary, words spelled backwards, common misspellings, and abbreviations (English or other languages)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201110
![Page 11: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/11.jpg)
Passwords Should Never (Continued)
• Substitute letters with numbers
• Be used for more than one account
• Contain personal information– Social engineering
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201111
![Page 12: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/12.jpg)
One-time Passwords (OTP)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201112
![Page 13: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/13.jpg)
Physical Access Control
• Location
• Doors
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201113
Key-in-knob Deadbolt Cipher lock RFID
![Page 14: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/14.jpg)
Physical Access Continued
• Video surveillance
• Access log
• Mantrap
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201114
![Page 15: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/15.jpg)
Biometrics
• Fingerprints
• Faces
• Hands
• Irises/Retinas
• Behavioral– Keystroke– Voice
• CognitiveComponent 9/Unit 9-2
Health IT Workforce Curriculum Version 2.0/Spring 2011
15
![Page 16: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/16.jpg)
Authentication Practices
• Layering
• Multi-factor
• Single Sign-On (SSO)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201116
![Page 17: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/17.jpg)
Virtual Private Networks (VPNs)
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201117
![Page 18: Component 9 – Networking and Health Information Exchange Unit 9-2 Privacy, Confidentiality, and Security Issues and Standards This material was developed.](https://reader036.fdocuments.us/reader036/viewer/2022062722/56649f275503460f94c3f78f/html5/thumbnails/18.jpg)
Security PoliciesA collection of policies that lay out specific
rules and requirements that must be followed in
order to provide a secure environment.
Component 9/Unit 9-2Health IT Workforce Curriculum
Version 2.0/Spring 201118