Difference between revisions of "Information security"
From Clinfowiki
(→References) |
|||
| Line 1: | Line 1: | ||
| − | + | '''Information security''' is maintaining [[confidentiality]] and availability simultaneously. Information should be hidden, safe, private, and also ready for immediate use. | |
| − | '''Information security''' is maintaining confidentiality and availability simultaneously. Information should be hidden, safe, private, and also ready for immediate use. | + | |
| − | == | + | == Introduction == |
| − | Everything that handles information needs to be protected: Hardware, software, and data, | + | Everything that handles information needs to be protected: Hardware, software, and data, etc. Anything that is confidential or non-replaceable, or loss of would cost time and money. The most common culprits are natural hazards, computer failure, media failure, malicious people, and sometimes, yourself. |
| − | + | ==Information Security Goals== | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | ==Information Security Goals | + | |
* Data Integrity | * Data Integrity | ||
| Line 24: | Line 16: | ||
* Often a casualty of information security | * Often a casualty of information security | ||
| − | == | + | ==[[EMR|Electronic medical record]] security== |
| − | ==Pros== | + | ===Pros=== |
EHRs can provide great privacy and security, e.g., | EHRs can provide great privacy and security, e.g., | ||
| Line 35: | Line 27: | ||
* Encryption can provide confidentiality and data integrity | * Encryption can provide confidentiality and data integrity | ||
| − | ==Cons== | + | ===Cons=== |
* Information flows more easily, risk of mishap is greater | * Information flows more easily, risk of mishap is greater | ||
| Line 43: | Line 35: | ||
== Flow of information in health care have many points to “leak” == | == Flow of information in health care have many points to “leak” == | ||
| − | |||
==Direct patient care:== | ==Direct patient care:== | ||
| Line 97: | Line 88: | ||
* organization | * organization | ||
* responsibilities | * responsibilities | ||
| − | |||
==Technologies to secure information:== | ==Technologies to secure information:== | ||
| Line 107: | Line 97: | ||
* [[Audit trails]] | * [[Audit trails]] | ||
| − | == | + | == System management precautions== |
-Software management | -Software management | ||
| Line 125: | Line 115: | ||
==Conclusion== | ==Conclusion== | ||
| − | + | The threats are real and dangerous and recovery costs are large. We must shield ourselves in as many ways as possible with a reasonable loss of accessibility | |
| − | + | ||
| − | + | ||
==References== | ==References== | ||
Revision as of 14:51, 17 November 2011
Information security is maintaining confidentiality and availability simultaneously. Information should be hidden, safe, private, and also ready for immediate use.
Contents
- 1 Introduction
- 2 Information Security Goals
- 3 Electronic medical record security
- 4 Flow of information in health care have many points to “leak”
- 5 Direct patient care:
- 6 Support activity:
- 7 “Social” uses:
- 8 Commercial uses:
- 9 The Shields:
- 10 1-Risk assessment
- 11 2-Access Restriction
- 12 Security Policies
- 13 Technologies to secure information:
- 14 Deterrents
- 15 System management precautions
- 16 Obstacles
- 17 Conclusion
- 18 References
Introduction
Everything that handles information needs to be protected: Hardware, software, and data, etc. Anything that is confidential or non-replaceable, or loss of would cost time and money. The most common culprits are natural hazards, computer failure, media failure, malicious people, and sometimes, yourself.
Information Security Goals
- Data Integrity
- Data is correct
- No unauthorized modification
- Data Confidentiality
- Only authorized parties can view
- Data Accessibility
- Authorized parties can easily and quickly access
- Often a casualty of information security
Electronic medical record security
Pros
EHRs can provide great privacy and security, e.g.,
- Access controls can be more granular
- Authentication mechanisms provide audit trails and non-repudiation
- Disaster recovery plans assure greater availability
- Encryption can provide confidentiality and data integrity
Cons
- Information flows more easily, risk of mishap is greater
- Collection of large volumes of data more feasible and risky
- Sharing of information for treatment, payment, and operations misunderstood
- New methods to attack data are continuously being developed
Flow of information in health care have many points to “leak”
Direct patient care:
- Provider
- Clinic
- Hospital
Support activity:
- Payers
- Quality reviews
- Administration
“Social” uses:
- Insurance eligibility
- Public health
- Medical research
Commercial uses:
- Marketing
- Managed care
- Drug usage
NB: Even de-identified data is not necessarily secure
The Shields:
1-Risk assessment
We should balance :
- risk,
- benefit,
- cost and
- loss of accessibility
2-Access Restriction
- Authentication
- Access Control
- Accounting
Security Policies
We should set documented:
- goals
- procedures
- organization
- responsibilities
Technologies to secure information:
Deterrents
- Alerts
- Audit trails
System management precautions
-Software management
-Analysis of vulnerability
Obstacles
- Authentication
- Authorization
- Integrity management
- Digital signatures
- Encryption
- Firewalls
- Rights management
Conclusion
The threats are real and dangerous and recovery costs are large. We must shield ourselves in as many ways as possible with a reasonable loss of accessibility
References
- Introduction to Biomedical Informatics, William Hersh; 2007
- EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by: Margret Amatayakul, RHIA, CHPS, FHIMSS Steven S. Lazarus, PhD, FHIMSS
- Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.
