Difference between revisions of "Information security"

From Clinfowiki
Jump to: navigation, search
Line 1: Line 1:
==Introduction:==
+
'''Security''' is the state of freedom from danger or risk.
 
+
'''Information security''' is maintaining confidentiality and availability  simultaneously. Information should be hidden, safe, private, and also ready for immediate use.
==Security==
+
state of freedom from danger or risk”.
+
 
+
==Information Security==
+
 
+
Maintaining:
+
 
+
* Confidentiality: Keeping your information:
+
** Hidden
+
** Safe
+
** Private
+
* Availability: Making sure IT resources are:
+
** Present
+
** Ready for immediate use!
+
* Integrity: Knowing and using information that is sound and unchanged by anyone who is not authorized.
+
  
 
==What do we need to protect?==
 
==What do we need to protect?==

Revision as of 20:14, 19 October 2011

Security is the state of freedom from danger or risk. Information security is maintaining confidentiality and availability simultaneously. Information should be hidden, safe, private, and also ready for immediate use.

What do we need to protect?

  • Hardware
  • Software
  • Data
    • Your time
    • Your money
    • Confidential or non-replaceable information

From whom?

  • Natural Hazard
  • Computer Failure / Media Failure
  • Malicious People
  • Sometimes, yourself

Information Security Goals:

  • Data Integrity
  • Data is correct
  • No unauthorized modification
  • Data Confidentiality
  • Only authorized parties can view
  • Data Accessibility
  • Authorized parties can easily and quickly access
  • Often a casualty of information security

EHR security

Pros

EHRs can provide great privacy and security, e.g.,

  • Access controls can be more granular
  • Authentication mechanisms provide audit trails and non-repudiation
  • Disaster recovery plans assure greater availability
  • Encryption can provide confidentiality and data integrity

Cons

  • Information flows more easily, risk of mishap is greater
  • Collection of large volumes of data more feasible and risky
  • Sharing of information for treatment, payment, and operations misunderstood
  • New methods to attack data are continuously being developed

Flow of information in health care have many points to “leak”

Direct patient care:

  • Provider
  • Clinic
  • Hospital

Support activity:

  • Payers
  • Quality reviews
  • Administration

“Social” uses:

  • Insurance eligibility
  • Public health
  • Medical research

Commercial uses:

  • Marketing
  • Managed care
  • Drug usage

NB: Even de-identified data is not necessarily secure


The Shields:

1-Risk assessment

We should balance :

  • risk,
  • benefit,
  • cost and
  • loss of accessibility

2-Access Restriction

  • Authentication
  • Access Control
  • Accounting

Security Policies

We should set documented:

  • goals
  • procedures
  • organization
  • responsibilities


Technologies to secure information:

Deterrents

* System management precautions

-Software management

-Analysis of vulnerability

Obstacles

Conclusion

  • The threats are real and dangerous
  • Recovery cost large
  • We must shield ourselves in as many ways as possible with a reasonable loss of accessibility

References

Introduction to Biomedical Informatics, William Hersh; 2007

EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by: Margret Amatayakul, RHIA, CHPS, FHIMSS Steven S. Lazarus, PhD, FHIMSS

Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.

Submitted by Dahlia Abd-Ellatif