Medication Use Process Part Two, Lecture # 6 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
-
Upload
melinda-daniels -
Category
Documents
-
view
213 -
download
0
Transcript of Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
![Page 1: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/1.jpg)
Patient Data Security and Privacy
Lecture # 7
PHCL 498
Amar Hijazi, Majed Alameel, Mona AlMehaid
![Page 2: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/2.jpg)
Agenda
Defining Information Security
Information Security Goals
Security Risks
Defining Information Privacy
![Page 3: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/3.jpg)
Introduction
In medical practice patients are unlikely to share sensitive information unless they trust that you will honor their confidentiality
Ponemon Institute released a 2011 research report on patient privacy and security with the following key findings:
Healthcare data breaches are on the rise; 32 % rise over the previous years
Widespread use of mobile technology is putting data at risk
In spite of breaches, many organizations have not set data privacy and security as a priority
Financial consequences of data breaches are very significant
Medical identity theft is a major problem
![Page 4: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/4.jpg)
Why does it Matter?
Ensuring Privacy and Security of health information, including information in EHR is the key component to
building the trust required to realize the potential benefits of electronic health information capture and
exchange
![Page 5: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/5.jpg)
Defining Information Security
Refers to protecting information and information systems from unauthorized:
Access
Use
Disclosure
Disruption
Modification
Destruction
![Page 6: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/6.jpg)
Information Security Pillars/Goals
Availability Confidentiality
Integrity
![Page 7: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/7.jpg)
Confidentiality
Is the avoidance of the unauthorized disclosure of information
Involves:
Protection of data
Providing access for those who are allowed to see the data
Disallowing non-allowed from learning anything about the data
![Page 8: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/8.jpg)
Tools for Confidentiality
Encryption
Access Control
Authentication
Authorization
Physical security
![Page 9: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/9.jpg)
Encryption
The transformation of information using a secret, called an encryption key, so that the transformed information can only be read using another secret, called the decryption key
Allowing two parties to establish confidential communication over an insecure channel that is subject to eavesdropping
![Page 10: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/10.jpg)
Access Control
Rules and policies that limit access to confidential information to those people and /or systems with a “need to know”
This need to know may be determined by identity, such as a person’s name or a computer’s serial number, or by a role that a person has, such as being a manager or a computer security specialist
![Page 11: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/11.jpg)
Authentication
The determination of the identity or role that someone has
Could be performed by different ways and usually based on a combination of:
Something a person has (e.g. Smart cards)
Something a person knows (e.g. Password)
Something a person is (e.g. Fingurprint)
![Page 12: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/12.jpg)
Authorization
The determination if a person or system is allowed access to resources, based on access control policy
![Page 13: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/13.jpg)
Physical Security
The establishment of physical barriers to limit access to protected computational resources
Such barriers include locks on cabinets and doors, the placement of computers in windowless rooms and even the construction of buildings or rooms with walls incorporating copper meshes so that electromagnetic signals cannot enter or exit enclosures
![Page 14: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/14.jpg)
Integrity
Ensuring that information has not been altered in an unauthorized way
Tools:
Backups
Capturing Data Correction
![Page 15: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/15.jpg)
Availability
Ensuring that information is accessible and modifiable in a timely manner by those authorized to do so
Tools:
Physical protection: infrastructure meant to keep information available
Computational redundancies: computers and storage devices that serve as fallbacks in the case of failure
![Page 16: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/16.jpg)
Safeguards Required by HIPPA Security Rule
Administrative
Physical
Technical
![Page 17: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/17.jpg)
Security Risks needed to be Analyzed
Vulnerabilities: weaknesses in a system that could be used to cause harm (e.g. user access controls are not properly configured allowing staff to inappropriately view patient information)
Threats: sets of circumstances with the potential to cause harm (e.g. theft of portable device that stores or can access patient information)
Attacks: occur when vulnerabilities are deliberately exploited
![Page 18: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/18.jpg)
Defining Information Privacy
Is a set of rules and standards for the use and disclosure of individually identifiable health information – often referred to as protected health information – by specific entities, as well as standards for providing individuals with privacy rights helping them controlling how their health information is used The patient has the right to:
Examine and obtain a copy of their health records
Have corrections added to their health information
Receive a notice that discusses how health information can be used or shared for certain purposes
Provide permission on whether health information can be used or shared
Get reports on when and why health information was shared
File a complaint if rights are being denied or health information is not being protected
![Page 19: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/19.jpg)
HIPPA Privacy Rule
There is a method that can be employed to use and release data without restrictions
The privacy rule mandates that organizations de-identify the data by removing:
Names
Geographic subdivisions smaller than a state
Birth dates, admission date, discharge date, date of death
Telephone number
Facsimile numbers
Medical record number
![Page 20: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/20.jpg)
HIPPA Information Privacy, Con’d
Health plan beneficiary number
Account number
Certificate/license number
Vehicle identifiers
Device identifiers
URL (web Universal Recourse Locator)
IP (internet protocol) address number
Biometric identifier (fingerprint)
Photographic images
Any other unique identifier
![Page 21: Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.](https://reader030.fdocuments.us/reader030/viewer/2022032709/56649eb35503460f94bbb2f5/html5/thumbnails/21.jpg)
Properly Configured HER should Provide
Unique passwords and user names
User and role based access controls
Backup and recovery
Encryption
Appropriate and properly installed wireless capabilities