Information security
From Clinfowiki
Revision as of 22:45, 13 October 2011 by Annathehybrid (Talk | contribs)
Contents
- 1 Introduction:
- 2 Security
- 3 Information Security
- 4 What do we need to protect?
- 5 From whom?
- 6 Information Security Goals:
- 7 EHR security
- 8 Pros
- 9 Cons
- 10 Flow of information in health care have many points to “leak”
- 11 Direct patient care:
- 12 Support activity:
- 13 “Social” uses:
- 14 Commercial uses:
- 15 The Shields:
- 16 1-Risk assessment
- 17 2-Access Restriction
- 18 Security Policies
- 19 Technologies to secure information:
- 20 Deterrents
- 21 * System management precautions
- 22 Obstacles
- 23 Conclusion
- 24 References
Introduction:
Security
state of freedom from danger or risk”.
Information Security
Maintaining:
- Confidentiality: Keeping your information:
- Hidden
- Safe
- Private
- Availability: Making sure IT resources are:
- Present
- Ready for immediate use!
- Integrity: Knowing and using information that is sound and unchanged by anyone who is not authorized.
What do we need to protect?
- Hardware
- Software
- Data
- Your time
- Your money
- Confidential or non-replaceable information
From whom?
- Natural Hazard
- Computer Failure / Media Failure
- Malicious People
- Sometimes, yourself
Information Security Goals:
- Data Integrity
- Data is correct
- No unauthorized modification
- Data Confidentiality
- Only authorized parties can view
- Data Accessibility
- Authorized parties can easily and quickly access
- Often a casualty of information security
EHR security
Pros
EHRs can provide great privacy and security, e.g.,
- Access controls can be more granular
- Authentication mechanisms provide audit trails and non-repudiation
- Disaster recovery plans assure greater availability
- Encryption can provide confidentiality and data integrity
Cons
- Information flows more easily, risk of mishap is greater
- Collection of large volumes of data more feasible and risky
- Sharing of information for treatment, payment, and operations misunderstood
- New methods to attack data are continuously being developed
Flow of information in health care have many points to “leak”
Direct patient care:
- Provider
- Clinic
- Hospital
Support activity:
- Payers
- Quality reviews
- Administration
“Social” uses:
- Insurance eligibility
- Public health
- Medical research
Commercial uses:
- Marketing
- Managed care
- Drug usage
NB: Even de-identified data is not necessarily secure
The Shields:
1-Risk assessment
We should balance :
- risk,
- benefit,
- cost and
- loss of accessibility
2-Access Restriction
- Authentication
- Access Control
- Accounting
Security Policies
We should set documented:
- goals
- procedures
- organization
- responsibilities
Technologies to secure information:
Deterrents
- Alerts
- Audit trails
* System management precautions
-Software management
-Analysis of vulnerability
Obstacles
- Authentication
- Authorization
- Integrity management
- Digital signatures
- Encryption
- Firewalls
- Rights management
Conclusion
- The threats are real and dangerous
- Recovery cost large
- We must shield ourselves in as many ways as possible with a reasonable loss of accessibility
References
Introduction to Biomedical Informatics, William Hersh; 2007
EHRs/NHII: HIPAA Security and EHRs, a Near Perfect Match by: Margret Amatayakul, RHIA, CHPS, FHIMSS Steven S. Lazarus, PhD, FHIMSS
Privacy, information technology, and health care, Thomas C. Rindfleisch;1997.
Submitted by Dahlia Abd-Ellatif