Exploring Security Techniques for Integrated Access of HIT Systems
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems...
-
Upload
ashlie-grant -
Category
Documents
-
view
217 -
download
0
Transcript of Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems...
![Page 1: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/1.jpg)
Working with Health IT Systems
Protecting Privacy, Security, and Confidentiality in HIT Systems
Lecture b
This material (Comp7_Unit7b) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.
![Page 2: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/2.jpg)
Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives─Lecture a
• Explain and illustrate privacy, security, and confidentiality in HIT settings.
• Identify common threats encountered when using HIT.
• Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems.
2Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 3: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/3.jpg)
Physical Safeguards
Facility Access Controls
3Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 4: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/4.jpg)
Physical Safeguards
Examples
• Workstation Use
• Workstation Security
• Device and Media Controls (e.g., media disposal, access to backup and storage media)
4Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 5: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/5.jpg)
Physical Safeguards
Examples
• Device and Media Controls– media disposal– access to backup and storage media
5Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 6: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/6.jpg)
Technical Safeguards
Examples
• Access Control– Unique user identification– Emergency access– Automatic logoff– Encryption/decryption
6Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 7: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/7.jpg)
Technical Safeguards
Examples
• Audit Controls
• Integrity
7Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 8: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/8.jpg)
Technical Safeguards
Examples• Person or Entity Authentication
– Password/passphrase/PIN– Smart card/token/key– Biometrics– Two factor
authentication
8Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 9: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/9.jpg)
Technical Safeguards
Examples• Transmission Security
– Integrity controls– Encryption
9Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 10: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/10.jpg)
Risk Analysis and Management
• Analysis– Gather data on potential threats and
vulnerabilities– Assess current security measures– Determine likelihood, impact and level of risk– Identify needed security measures
• Management– Develop a plan for implementation– Evaluate and maintain security measures
10Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 11: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/11.jpg)
Meaningful Use
• Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA
• Emphasizes need to conduct a risk analysis
• Some specific requirements for EHR vendors
11Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 12: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/12.jpg)
Protecting Privacy, Security, and Confidentiality in HIT Systems
Summary—Lecture b
• Privacy, security, and confidentiality in HIT settings
• Common threats encountered when using HIT• Strategies to minimize threats to privacy,
security, and confidentiality in HIT systems
12Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 13: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/13.jpg)
Protecting Privacy, Security, and Confidentiality in HIT Systems
References—Lecture b
13Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
![Page 14: Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.](https://reader035.fdocuments.us/reader035/viewer/2022062321/56649f0d5503460f94c21142/html5/thumbnails/14.jpg)
Protecting Privacy, Security, and Confidentiality in HIT Systems
References—Lecture b
14Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Images• Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: http://www.hhs.gov/ocr/privacy• Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission.• Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce• Slide 7: The Field of Security Has to Adapt. Courtesy National Institutes of Health (NIH)• Slide 8: A Sophisticated Users’ Station. Courtesy National Science Foundation (NSF) Available from:
http://www.nsf.gov/od/lpa/news/press/00/stim5.htm• Slide 9: Transmission Security Controls Prevent Unauthorized Access to ePHI.
Available from: http://blog.tsa.gov/2008/08/encryption-is-issue-in-case-of-missing.html.