Difference between revisions of "Information security"

From Clinfowiki
Jump to: navigation, search
(What do we need to protect?)
(References)
Line 131: Line 131:
 
==References==
 
==References==
  
Introduction to Biomedical Informatics, William Hersh; 2007
+
# Introduction to Biomedical Informatics, William Hersh; 2007
 
+
# EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by:
EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by:
+
 
Margret Amatayakul, RHIA, CHPS, FHIMSS
 
Margret Amatayakul, RHIA, CHPS, FHIMSS
 
Steven S. Lazarus, PhD, FHIMSS
 
Steven S. Lazarus, PhD, FHIMSS
 
+
# Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.
Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.
+
+
Submitted by Dahlia Abd-Ellatif
+
[[category:BMI-512-W-08]]
+

Revision as of 20:40, 19 October 2011

Security is the state of freedom from danger or risk. Information security is maintaining confidentiality and availability simultaneously. Information should be hidden, safe, private, and also ready for immediate use.

What do we need to protect?

Everything that handles information needs to be protected: Hardware, software, and data, anything that is confidential or non-replaceable, or loss of would cost time and money.

From whom?

  • Natural Hazard
  • Computer Failure / Media Failure
  • Malicious People
  • Sometimes, yourself

Information Security Goals:

  • Data Integrity
  • Data is correct
  • No unauthorized modification
  • Data Confidentiality
  • Only authorized parties can view
  • Data Accessibility
  • Authorized parties can easily and quickly access
  • Often a casualty of information security

EHR security

Pros

EHRs can provide great privacy and security, e.g.,

  • Access controls can be more granular
  • Authentication mechanisms provide audit trails and non-repudiation
  • Disaster recovery plans assure greater availability
  • Encryption can provide confidentiality and data integrity

Cons

  • Information flows more easily, risk of mishap is greater
  • Collection of large volumes of data more feasible and risky
  • Sharing of information for treatment, payment, and operations misunderstood
  • New methods to attack data are continuously being developed

Flow of information in health care have many points to “leak”

Direct patient care:

  • Provider
  • Clinic
  • Hospital

Support activity:

  • Payers
  • Quality reviews
  • Administration

“Social” uses:

  • Insurance eligibility
  • Public health
  • Medical research

Commercial uses:

  • Marketing
  • Managed care
  • Drug usage

NB: Even de-identified data is not necessarily secure


The Shields:

1-Risk assessment

We should balance :

  • risk,
  • benefit,
  • cost and
  • loss of accessibility

2-Access Restriction

  • Authentication
  • Access Control
  • Accounting

Security Policies

We should set documented:

  • goals
  • procedures
  • organization
  • responsibilities


Technologies to secure information:

Deterrents

* System management precautions

-Software management

-Analysis of vulnerability

Obstacles

Conclusion

  • The threats are real and dangerous
  • Recovery cost large
  • We must shield ourselves in as many ways as possible with a reasonable loss of accessibility

References

  1. Introduction to Biomedical Informatics, William Hersh; 2007
  2. EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by:

Margret Amatayakul, RHIA, CHPS, FHIMSS Steven S. Lazarus, PhD, FHIMSS

  1. Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.
Retrieved from "http://www.clinfowiki.org/wiki/index.php?title=Information_security&oldid=12557"