SlideShare a Scribd company logo

Confidentiality Privacy and Security.ppt

Download as PPT, PDF
J
JohnLagman3

This presentation talks about the confidentiality privacy and security. What are the difference between confidentiality, privacy and security.

Education
1 of 69
Confidentiality, Privacy and Security
Privacy  The desire of a person to control the disclosure of personal health information
Confidentiality  The ability of a person to control release of personal health information to a care provider or information custodian under an agreement that limits further release of that information
Security  Protection of privacy and confidentiality through policies, procedures and safeguards.
Why do they matter?  Ethically, privacy and confidentiality are considered to be rights (in our culture)  Information revealed may result in harm to interests of the individual  The provision of those rights tends to ensure that the information is accurate and complete  Accurate and complete information from individuals benefits society in limiting spread of diseases to society (i.e. HIV)
Why do they matter?  The preservation of confidentiality assists research which in turn assists patients
Users of health information  Patient  Historical information for current and future care  Insurance claims  MD’s  Patient’s medical needs  Documentation  Interface with other providers  Billing
Users  Health insurance company  Claims processing  Approve consultation requests  Laboratory  Process specimens  Results reporting  Billing
Users  Pharmacy  Fill prescription  Billing  Hospital  Care provision  Record of services  Billing  Vital statistics  Regulatory agencies
Users  State bureau  Birth statistics  Epidemiology  Accrediting organization  Hospital review  Employer  Request claims data  Review claims for $ reduction  Benefits package adjustments
Users  Life insurance companies  Process applications  Process claims  Risk assessment  Medical information bureau  Fraud reduction for life insurance companies  Managed care company  Process claims  Evaluate MD’s
Users  Lawyers  Adherence to standard of practice  Malpractice claims  Researcher  Evaluate research program
Security  Availability  Accountability  Perimeter definition  Rule-limited access  Comprehensibility and control
Privacy solutions  Forbid the collection of data that might be misused  Allow the collection of health information within a structure, but with rules and penalties for violation pertaining to collecting organizations  Generate policies to which individual information handlers must adhere
Security controls  Management controls  Program management/risk management  Operational controls  Operated by people  Technical controls  Operated by the computer system
Management controls  Establishment of key security policies, i.e. policies pertaining to remote access  Program policy  Definition, scope, roles and responsibilities of the computer security program  Issue specific policy  Example: Y2K  System specific policy  Who can access what functions where
Core security policies  Confidentiality  Email  System access  Virus protection  Internet/intranet use  Remote access  Software code of ethics  Backup and recovery  Security training and awareness
Biometrics  The scientific discipline of measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics  Can be used to evaluate changes over time for medical monitoring or diagnosis  Can be used for security
Approaches to identification  Token based simple security  House key, security card, transponder  Knowledge based  SSN, password, PIN  Two-factor  Card + PIN Card PIN ID Authentication Access +
Approaches to identification  Authoritative ID ID Authent- ication Policy Access Audit T F
Identification  Certain and unambiguous  Deterministic  Certain with small probability of error  Probabilistic  Uncertain and ambiguous  Biometric schemes are probabilistic
Probabilistic  False acceptance rate (type I error)  Percentage of unauthorized attempts that will be accepted  Also relevant for medical studies  False rejection rate (type II error)  Percentage of authorized attempts that will be rejected  Also relevant for medical studies  Equal error rate  Intersection of the lowest FAR and FRR
Biometric ID  Acquire the biometric ID  How do you ensure that you got the right guy  Localize the attribute  Eliminate noise  Develop a template (reduced data set)  Check for duplicates
Biometric applications  Identification  Search the database to find out who the unknown is  Check entire file  Authentication  Verify that the person is who he says he is  Check his file and match
Biometric identifiers  Should be universal attribute  Consistent – shouldn’t change over time  Unique  Permanent  Inimitable (voice can be separated from the individual)  Collectible – easy to gather the attribute  Tamper resistant  (Cheaply) comparable - template
Biometric technologies  Fingerprint  Automated fingerprint ID systems (law enforcement)  Fingerprint recognition – derives template form features for ID  Validating temp and /or pulse  Optical vs. solid state (capacitance)  Low FAR and FRR
Fingerprint
Hand geometry  Dimensions of fingers and location of joints unique  Low FAR FRR
Retinal scan  Very reliable  More expensive than hand or fingerprint  Extremely low FAR FRR
Retinal scan
Voice recognition  Automatic speaker verification (ASV) vs. automatic speaker identification (ASI)  ASV = authentication in a two-factor scheme  ASI = who is speaker  Feature extraction and matching  Problems with disease/aging etc.
Iris scanning  Less invasive than retinal scanning  Technically challenging balancing optics, ambient light etc.  Can be verified (live subject) by iris response to light
Face recognition/thermography  Facial architecture and heat signature  Relatively high FAR/FRR  Useful in two factor scenarios
Hand vein  Infrared scanning of the architecture of the hand vessels
Signature  Architecture of the signature  Dynamics of the signature (pressure and velocity)
Biometric identification issues  Privacy, anonymity  Legal issues not defined
Security: availability  Ensures that accurate, up-to-date information is available when needed at appropriate places
Security: accountability  Ensures that users are responsible for their access to and use of information based on a documented need and right to know
Security: perimeter definition  Allows the system to control the boundaries of trusted access to an information system both physically and logically
Security: rule-limited access  Enables access for personnel to only that information essential to the performance of their jobs and limits the real or perceived temptation to access information beyond a legitimate need
Security: comprehensibility and control  Ensures that record owners, data stewards and patients can understand and have effective control over appropriate aspects of information confidentiality and access
Availability  Backups with local and off-site copies of the data  Secure housing and power sources for CPU even during disasters (when system availability may be crucial)  Virus protection
Accountability  Audit trails and warnings  User  Authentication – unique ID process  Authorization – to perform set of actions, i.e. access only their own patients
Perimeter definition  System knows users and how they are using the system  Define the boundaries of the system (i.e. within the firewall) Princeton-Penn-HUP  How do you permit/monitor off-site access  Modems?  Tools  Cryptographic authentication
Perimeter definition  Public key-private key  Encryption  Privacy and confidentiality  Digital signatures  Prescription signature  Content validation  Message hasn’t been messed with  Nonrepudiation  “I didn’t say that”
Role limited access  Spheres of access  Patient list: patients one has a role in the care of  Content specific: billing clerk/billing info  Relevant data: researcher on heart disease shouldn’t be able to learn about HIV status
Taxonomy of organizational threats  Motive  Health records have economic value to insurers, employers, journalists, enemy states etc.  Curiosity about the health status of friends, romantic interests, coworkers or celebrities  Clandestine observation of employees (GE)  Desire to gain advantage in contentious situations (divorce)
Resources  Attackers may range from  Individuals  Small group (e.g. law firm)  Large group (e.g. insurer, employer)  Intelligence agency  Organized crime
Initial access  Site access  System authorization  Data authorization Site Data System Worker Billing clerk Computer vendor MD, RN
Technical capability  Aspiring attacker (limited skills)  Research target  Masquerade as an employee  Guess password  Dumpster diving  Become temporary employee
Technical capability  Script runner  Acquire software from web-sites for automated attacks  Accomplished attacker  Able to use scripted or unscripted (ad-hoc) attacks
Levels of threat  Threat 1  Insiders who make “innocent” mistakes and cause accidental disclosure  Elevator discussion, info left on screen, chart left in hallway etc.  Threat 2  Insiders who abuse their privileges
Threat  Threat 3  Insiders who access information inappropriately for spite or profit  London Times reported that anyone’s electronic record could be obtained for $300  Threat 4  Unauthorized physical intruder  Fake labcoat
Threats  Threat 5  Vengeful employees or outsiders bent on destruction or degradation, e.g. deletion, system damage, DOS attacks  Latent problem
Countering threats  Deterrence  Create sanctions  Depends on identification of bad actors  Imposition of obstacles  Firewalls  Access controls  Costs, decreased efficiency, impediments to appropriate access
Countermeasures Type System Data Site Threat Counter 1 Y Y Y Mistake Org and technical measures 2 Y Y N/A Improper use of access privileges Authentication and auditing 3 Y N N/A Unauthorized for spite of money Authentication and auditing 4 Y N Y Unauthorized physical intrusion Physical security and access control 5 Y N N Technical breakin Authentication, access and crypto
Counter threat 1  Behavioral code  Screen savers, automated logout  ? Patient pseudonyms
Counter threat 2  Deterrence  Sanctions  Audit  Encryption (user must obtain access keys)
Counter threat 3  Audit trails  Sanctions appropriate to crime
Counter threat 4  Deterrence  Strong technical measures (surveillance tapes)  Strong identification and authentication measures
Counter threat 5  Obstacles  Firewalls
Issues with countermeasures  Internet interface  Legal and national jurisdiction  Best balance is relatively free internal environment with strong boundaries  Requires strong ID/auth
Recommendations  Individual user ID and authentication  Automated logout  Password discipline  Access controls  Role limited  Role definitions  Cardiologist vs. MD  Audit trails
Recommendations  Physical security and disaster recovery  Location of terminals  Handling of paper printouts  Remote access points  VPN’s  Encrypted passwords  Dial-ins
Recommendations  External communications  Encrypt all patient related data over publicly available networks  Software discipline  Virus checking programs  System assessment  Run scripted attacks against one’s own system
Recommendations  Develop security and confidentiality policies  Publish  Committees  ISO’s  Sanctions  Patient access to audit logs  Who saw my record and why
Future recommendations  Strong authentication  Token based authentication (two factor)  Enterprise wide authentication  One-time login to authorized systems  Access validation  Masking  Expanded audit trails  Electronic signatures
Universal patient identifier  Methodology should have an explicit framework specifying linkages that violate patient privacy  Facilitate the identification of parties that make improper linkages  Unidirectional – should facilitate helpful linkages of health records but prevents identification of patient from health records or the identifier

Recommended

Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Association agggregation and composition
Association agggregation and compositionAssociation agggregation and composition
Association agggregation and compositionbaabtra.com - No. 1 supplier of quality freshers
 
Lisrel
LisrelLisrel
LisrelNaveen Chopra
 
DBMS vs RDBMS
DBMS vs RDBMSDBMS vs RDBMS
DBMS vs RDBMSDheenadayalan18
 
Communication with Artificial intelligence
Communication with Artificial intelligenceCommunication with Artificial intelligence
Communication with Artificial intelligenceMOHIT AGARWAL
 
Mis
MisMis
Misanujrai001
 
Human in-the-loop in Machine Learning
Human in-the-loop in Machine LearningHuman in-the-loop in Machine Learning
Human in-the-loop in Machine LearningDinesh V
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 

Recommended

Information system and security control
Information system and security controlInformation system and security control
Information system and security controlCheng Olayvar
 
Association agggregation and composition
Association agggregation and compositionAssociation agggregation and composition
Association agggregation and compositionbaabtra.com - No. 1 supplier of quality freshers
 
Lisrel
LisrelLisrel
LisrelNaveen Chopra
 
DBMS vs RDBMS
DBMS vs RDBMSDBMS vs RDBMS
DBMS vs RDBMSDheenadayalan18
 
Communication with Artificial intelligence
Communication with Artificial intelligenceCommunication with Artificial intelligence
Communication with Artificial intelligenceMOHIT AGARWAL
 
Mis
MisMis
Misanujrai001
 
Human in-the-loop in Machine Learning
Human in-the-loop in Machine LearningHuman in-the-loop in Machine Learning
Human in-the-loop in Machine LearningDinesh V
 
Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)Sylvia hipaa powerpoint presentation 2010(2)
Sylvia hipaa powerpoint presentation 2010(2)bholmes
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfarestuimrozsm
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityAbbas Shojaee MD, CHDA
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 
Confidential data management_key_concepts
Confidential data management_key_conceptsConfidential data management_key_concepts
Confidential data management_key_conceptsMicah Altman
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Overview
OverviewOverview
Overviewphanleson
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to BiometricsYogeshIJTSRD
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
Class paper final
Class paper finalClass paper final
Class paper finalAnusha Manchala
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsESET North America
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsKristie Allison
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptxRiyaMathur18
 
8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentation8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentationJohnLagman3
 
7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentation7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentationJohnLagman3
 

More Related Content

Similar to Confidentiality Privacy and Security.ppt

Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsKimarie Brown
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfarestuimrozsm
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityAbbas Shojaee MD, CHDA
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsGanbayar Sukhbaatar
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextNawanan Theera-Ampornpunt
 
Confidential data management_key_concepts
Confidential data management_key_conceptsConfidential data management_key_concepts
Confidential data management_key_conceptsMicah Altman
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsAHMED ZINHOM
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf503SaranyaS
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic conceptsDr. Lasantha Ranwala
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06gbroadbent67
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to BiometricsYogeshIJTSRD
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishRSIS International
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsESET North America
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsKristie Allison
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfSparity1
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptxRiyaMathur18
 

Similar to Confidentiality Privacy and Security.ppt (20)

Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfare
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Medical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And SecurityMedical Records Privacy Confidentiality And Security
Medical Records Privacy Confidentiality And Security
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Ethical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's ContextEthical & Legal Issues for Health IT in Thailand's Context
Ethical & Legal Issues for Health IT in Thailand's Context
 
Confidential data management_key_concepts
Confidential data management_key_conceptsConfidential data management_key_concepts
Confidential data management_key_concepts
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
STUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdfSTUCOR_CS8792-LL.pdf
STUCOR_CS8792-LL.pdf
 
Health information security 2 : Basic concepts
Health information security 2 : Basic conceptsHealth information security 2 : Basic concepts
Health information security 2 : Basic concepts
 
M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06M014 Confluence Presentation 08 15 06
M014 Confluence Presentation 08 15 06
 
Overview
OverviewOverview
Overview
 
Security Issues Related to Biometrics
Security Issues Related to BiometricsSecurity Issues Related to Biometrics
Security Issues Related to Biometrics
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Class paper final
Class paper finalClass paper final
Class paper final
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptx
 

More from JohnLagman3

8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentation8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentationJohnLagman3
 
7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentation7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentationJohnLagman3
 
1._Introduction_to_HTML5 powerpoint presentation
1._Introduction_to_HTML5 powerpoint presentation1._Introduction_to_HTML5 powerpoint presentation
1._Introduction_to_HTML5 powerpoint presentationJohnLagman3
 
bufferoverflow-151214121251 presentation
bufferoverflow-151214121251 presentationbufferoverflow-151214121251 presentation
bufferoverflow-151214121251 presentationJohnLagman3
 
Variables in MIT App Inventor powerpoint
Variables in MIT App Inventor powerpointVariables in MIT App Inventor powerpoint
Variables in MIT App Inventor powerpointJohnLagman3
 
Web-Development Powerpoint Presentation.
Web-Development Powerpoint Presentation.Web-Development Powerpoint Presentation.
Web-Development Powerpoint Presentation.JohnLagman3
 
History of Android powerpoint presentation
History of Android powerpoint presentationHistory of Android powerpoint presentation
History of Android powerpoint presentationJohnLagman3
 
Mobile Application Development powerpoint
Mobile Application Development powerpointMobile Application Development powerpoint
Mobile Application Development powerpointJohnLagman3
 
Presentation of Hyper Text Markup Language
Presentation of Hyper Text Markup LanguagePresentation of Hyper Text Markup Language
Presentation of Hyper Text Markup LanguageJohnLagman3
 
html-150424090224-conversion-gate0.2.pdf
html-150424090224-conversion-gate0.2.pdfhtml-150424090224-conversion-gate0.2.pdf
html-150424090224-conversion-gate0.2.pdfJohnLagman3
 
Hypertext Mark Up Language Introduction.
Hypertext Mark Up Language Introduction.Hypertext Mark Up Language Introduction.
Hypertext Mark Up Language Introduction.JohnLagman3
 
Multiple_Linear_Regression Presentation.
Multiple_Linear_Regression Presentation.Multiple_Linear_Regression Presentation.
Multiple_Linear_Regression Presentation.JohnLagman3
 
Lesson 4 - Introduction to Filmora.pptx
Lesson 4 - Introduction to Filmora.pptxLesson 4 - Introduction to Filmora.pptx
Lesson 4 - Introduction to Filmora.pptxJohnLagman3
 
1.-Introduction-report.pdf
1.-Introduction-report.pdf1.-Introduction-report.pdf
1.-Introduction-report.pdfJohnLagman3
 
Lesson 1 Animation.pdf
Lesson 1 Animation.pdfLesson 1 Animation.pdf
Lesson 1 Animation.pdfJohnLagman3
 
physicalsecurity-150317020111-conversion-gate01.pdf
physicalsecurity-150317020111-conversion-gate01.pdfphysicalsecurity-150317020111-conversion-gate01.pdf
physicalsecurity-150317020111-conversion-gate01.pdfJohnLagman3
 
Introduction to BIOMETRICS Security.pptx
Introduction to BIOMETRICS Security.pptxIntroduction to BIOMETRICS Security.pptx
Introduction to BIOMETRICS Security.pptxJohnLagman3
 
1.-Introduction-report.pptx
1.-Introduction-report.pptx1.-Introduction-report.pptx
1.-Introduction-report.pptxJohnLagman3
 
ORIENTATION-CIS.pdf
ORIENTATION-CIS.pdfORIENTATION-CIS.pdf
ORIENTATION-CIS.pdfJohnLagman3
 

More from JohnLagman3 (20)

8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentation8.-Javascript-report powerpoint presentation
8.-Javascript-report powerpoint presentation
 
7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentation7.-Bootstrap-5-report powerpoint presentation
7.-Bootstrap-5-report powerpoint presentation
 
1._Introduction_to_HTML5 powerpoint presentation
1._Introduction_to_HTML5 powerpoint presentation1._Introduction_to_HTML5 powerpoint presentation
1._Introduction_to_HTML5 powerpoint presentation
 
bufferoverflow-151214121251 presentation
bufferoverflow-151214121251 presentationbufferoverflow-151214121251 presentation
bufferoverflow-151214121251 presentation
 
Variables in MIT App Inventor powerpoint
Variables in MIT App Inventor powerpointVariables in MIT App Inventor powerpoint
Variables in MIT App Inventor powerpoint
 
Web-Development Powerpoint Presentation.
Web-Development Powerpoint Presentation.Web-Development Powerpoint Presentation.
Web-Development Powerpoint Presentation.
 
History of Android powerpoint presentation
History of Android powerpoint presentationHistory of Android powerpoint presentation
History of Android powerpoint presentation
 
Mobile Application Development powerpoint
Mobile Application Development powerpointMobile Application Development powerpoint
Mobile Application Development powerpoint
 
Presentation of Hyper Text Markup Language
Presentation of Hyper Text Markup LanguagePresentation of Hyper Text Markup Language
Presentation of Hyper Text Markup Language
 
html-150424090224-conversion-gate0.2.pdf
html-150424090224-conversion-gate0.2.pdfhtml-150424090224-conversion-gate0.2.pdf
html-150424090224-conversion-gate0.2.pdf
 
Hypertext Mark Up Language Introduction.
Hypertext Mark Up Language Introduction.Hypertext Mark Up Language Introduction.
Hypertext Mark Up Language Introduction.
 
Multiple_Linear_Regression Presentation.
Multiple_Linear_Regression Presentation.Multiple_Linear_Regression Presentation.
Multiple_Linear_Regression Presentation.
 
Lesson 4 - Introduction to Filmora.pptx
Lesson 4 - Introduction to Filmora.pptxLesson 4 - Introduction to Filmora.pptx
Lesson 4 - Introduction to Filmora.pptx
 
1.-Introduction-report.pdf
1.-Introduction-report.pdf1.-Introduction-report.pdf
1.-Introduction-report.pdf
 
Lesson 1 Animation.pdf
Lesson 1 Animation.pdfLesson 1 Animation.pdf
Lesson 1 Animation.pdf
 
Lesson 1.pdf
Lesson 1.pdfLesson 1.pdf
Lesson 1.pdf
 
physicalsecurity-150317020111-conversion-gate01.pdf
physicalsecurity-150317020111-conversion-gate01.pdfphysicalsecurity-150317020111-conversion-gate01.pdf
physicalsecurity-150317020111-conversion-gate01.pdf
 
Introduction to BIOMETRICS Security.pptx
Introduction to BIOMETRICS Security.pptxIntroduction to BIOMETRICS Security.pptx
Introduction to BIOMETRICS Security.pptx
 
1.-Introduction-report.pptx
1.-Introduction-report.pptx1.-Introduction-report.pptx
1.-Introduction-report.pptx
 
ORIENTATION-CIS.pdf
ORIENTATION-CIS.pdfORIENTATION-CIS.pdf
ORIENTATION-CIS.pdf
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 

Recently uploaded (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

Confidentiality Privacy and Security.ppt

  • 2. Privacy  The desire of a person to control the disclosure of personal health information
  • 3. Confidentiality  The ability of a person to control release of personal health information to a care provider or information custodian under an agreement that limits further release of that information
  • 4. Security  Protection of privacy and confidentiality through policies, procedures and safeguards.
  • 5. Why do they matter?  Ethically, privacy and confidentiality are considered to be rights (in our culture)  Information revealed may result in harm to interests of the individual  The provision of those rights tends to ensure that the information is accurate and complete  Accurate and complete information from individuals benefits society in limiting spread of diseases to society (i.e. HIV)
  • 6. Why do they matter?  The preservation of confidentiality assists research which in turn assists patients
  • 7. Users of health information  Patient  Historical information for current and future care  Insurance claims  MD’s  Patient’s medical needs  Documentation  Interface with other providers  Billing
  • 8. Users  Health insurance company  Claims processing  Approve consultation requests  Laboratory  Process specimens  Results reporting  Billing
  • 9. Users  Pharmacy  Fill prescription  Billing  Hospital  Care provision  Record of services  Billing  Vital statistics  Regulatory agencies
  • 10. Users  State bureau  Birth statistics  Epidemiology  Accrediting organization  Hospital review  Employer  Request claims data  Review claims for $ reduction  Benefits package adjustments
  • 11. Users  Life insurance companies  Process applications  Process claims  Risk assessment  Medical information bureau  Fraud reduction for life insurance companies  Managed care company  Process claims  Evaluate MD’s
  • 12. Users  Lawyers  Adherence to standard of practice  Malpractice claims  Researcher  Evaluate research program
  • 13. Security  Availability  Accountability  Perimeter definition  Rule-limited access  Comprehensibility and control
  • 14. Privacy solutions  Forbid the collection of data that might be misused  Allow the collection of health information within a structure, but with rules and penalties for violation pertaining to collecting organizations  Generate policies to which individual information handlers must adhere
  • 15. Security controls  Management controls  Program management/risk management  Operational controls  Operated by people  Technical controls  Operated by the computer system
  • 16. Management controls  Establishment of key security policies, i.e. policies pertaining to remote access  Program policy  Definition, scope, roles and responsibilities of the computer security program  Issue specific policy  Example: Y2K  System specific policy  Who can access what functions where
  • 17. Core security policies  Confidentiality  Email  System access  Virus protection  Internet/intranet use  Remote access  Software code of ethics  Backup and recovery  Security training and awareness
  • 18. Biometrics  The scientific discipline of measuring relevant attributes of living individuals or populations to identify active properties or unique characteristics  Can be used to evaluate changes over time for medical monitoring or diagnosis  Can be used for security
  • 19. Approaches to identification  Token based simple security  House key, security card, transponder  Knowledge based  SSN, password, PIN  Two-factor  Card + PIN Card PIN ID Authentication Access +
  • 20. Approaches to identification  Authoritative ID ID Authent- ication Policy Access Audit T F
  • 21. Identification  Certain and unambiguous  Deterministic  Certain with small probability of error  Probabilistic  Uncertain and ambiguous  Biometric schemes are probabilistic
  • 22. Probabilistic  False acceptance rate (type I error)  Percentage of unauthorized attempts that will be accepted  Also relevant for medical studies  False rejection rate (type II error)  Percentage of authorized attempts that will be rejected  Also relevant for medical studies  Equal error rate  Intersection of the lowest FAR and FRR
  • 23. Biometric ID  Acquire the biometric ID  How do you ensure that you got the right guy  Localize the attribute  Eliminate noise  Develop a template (reduced data set)  Check for duplicates
  • 24. Biometric applications  Identification  Search the database to find out who the unknown is  Check entire file  Authentication  Verify that the person is who he says he is  Check his file and match
  • 25. Biometric identifiers  Should be universal attribute  Consistent – shouldn’t change over time  Unique  Permanent  Inimitable (voice can be separated from the individual)  Collectible – easy to gather the attribute  Tamper resistant  (Cheaply) comparable - template
  • 26. Biometric technologies  Fingerprint  Automated fingerprint ID systems (law enforcement)  Fingerprint recognition – derives template form features for ID  Validating temp and /or pulse  Optical vs. solid state (capacitance)  Low FAR and FRR
  • 28. Hand geometry  Dimensions of fingers and location of joints unique  Low FAR FRR
  • 29. Retinal scan  Very reliable  More expensive than hand or fingerprint  Extremely low FAR FRR
  • 31. Voice recognition  Automatic speaker verification (ASV) vs. automatic speaker identification (ASI)  ASV = authentication in a two-factor scheme  ASI = who is speaker  Feature extraction and matching  Problems with disease/aging etc.
  • 32. Iris scanning  Less invasive than retinal scanning  Technically challenging balancing optics, ambient light etc.  Can be verified (live subject) by iris response to light
  • 33. Face recognition/thermography  Facial architecture and heat signature  Relatively high FAR/FRR  Useful in two factor scenarios
  • 34. Hand vein  Infrared scanning of the architecture of the hand vessels
  • 35. Signature  Architecture of the signature  Dynamics of the signature (pressure and velocity)
  • 36.
  • 37. Biometric identification issues  Privacy, anonymity  Legal issues not defined
  • 38. Security: availability  Ensures that accurate, up-to-date information is available when needed at appropriate places
  • 39. Security: accountability  Ensures that users are responsible for their access to and use of information based on a documented need and right to know
  • 40. Security: perimeter definition  Allows the system to control the boundaries of trusted access to an information system both physically and logically
  • 41. Security: rule-limited access  Enables access for personnel to only that information essential to the performance of their jobs and limits the real or perceived temptation to access information beyond a legitimate need
  • 42. Security: comprehensibility and control  Ensures that record owners, data stewards and patients can understand and have effective control over appropriate aspects of information confidentiality and access
  • 43. Availability  Backups with local and off-site copies of the data  Secure housing and power sources for CPU even during disasters (when system availability may be crucial)  Virus protection
  • 44. Accountability  Audit trails and warnings  User  Authentication – unique ID process  Authorization – to perform set of actions, i.e. access only their own patients
  • 45. Perimeter definition  System knows users and how they are using the system  Define the boundaries of the system (i.e. within the firewall) Princeton-Penn-HUP  How do you permit/monitor off-site access  Modems?  Tools  Cryptographic authentication
  • 46. Perimeter definition  Public key-private key  Encryption  Privacy and confidentiality  Digital signatures  Prescription signature  Content validation  Message hasn’t been messed with  Nonrepudiation  “I didn’t say that”
  • 47. Role limited access  Spheres of access  Patient list: patients one has a role in the care of  Content specific: billing clerk/billing info  Relevant data: researcher on heart disease shouldn’t be able to learn about HIV status
  • 48. Taxonomy of organizational threats  Motive  Health records have economic value to insurers, employers, journalists, enemy states etc.  Curiosity about the health status of friends, romantic interests, coworkers or celebrities  Clandestine observation of employees (GE)  Desire to gain advantage in contentious situations (divorce)
  • 49. Resources  Attackers may range from  Individuals  Small group (e.g. law firm)  Large group (e.g. insurer, employer)  Intelligence agency  Organized crime
  • 50. Initial access  Site access  System authorization  Data authorization Site Data System Worker Billing clerk Computer vendor MD, RN
  • 51. Technical capability  Aspiring attacker (limited skills)  Research target  Masquerade as an employee  Guess password  Dumpster diving  Become temporary employee
  • 52. Technical capability  Script runner  Acquire software from web-sites for automated attacks  Accomplished attacker  Able to use scripted or unscripted (ad-hoc) attacks
  • 53. Levels of threat  Threat 1  Insiders who make “innocent” mistakes and cause accidental disclosure  Elevator discussion, info left on screen, chart left in hallway etc.  Threat 2  Insiders who abuse their privileges
  • 54. Threat  Threat 3  Insiders who access information inappropriately for spite or profit  London Times reported that anyone’s electronic record could be obtained for $300  Threat 4  Unauthorized physical intruder  Fake labcoat
  • 55. Threats  Threat 5  Vengeful employees or outsiders bent on destruction or degradation, e.g. deletion, system damage, DOS attacks  Latent problem
  • 56. Countering threats  Deterrence  Create sanctions  Depends on identification of bad actors  Imposition of obstacles  Firewalls  Access controls  Costs, decreased efficiency, impediments to appropriate access
  • 57. Countermeasures Type System Data Site Threat Counter 1 Y Y Y Mistake Org and technical measures 2 Y Y N/A Improper use of access privileges Authentication and auditing 3 Y N N/A Unauthorized for spite of money Authentication and auditing 4 Y N Y Unauthorized physical intrusion Physical security and access control 5 Y N N Technical breakin Authentication, access and crypto
  • 58. Counter threat 1  Behavioral code  Screen savers, automated logout  ? Patient pseudonyms
  • 59. Counter threat 2  Deterrence  Sanctions  Audit  Encryption (user must obtain access keys)
  • 60. Counter threat 3  Audit trails  Sanctions appropriate to crime
  • 61. Counter threat 4  Deterrence  Strong technical measures (surveillance tapes)  Strong identification and authentication measures
  • 62. Counter threat 5  Obstacles  Firewalls
  • 63. Issues with countermeasures  Internet interface  Legal and national jurisdiction  Best balance is relatively free internal environment with strong boundaries  Requires strong ID/auth
  • 64. Recommendations  Individual user ID and authentication  Automated logout  Password discipline  Access controls  Role limited  Role definitions  Cardiologist vs. MD  Audit trails
  • 65. Recommendations  Physical security and disaster recovery  Location of terminals  Handling of paper printouts  Remote access points  VPN’s  Encrypted passwords  Dial-ins
  • 66. Recommendations  External communications  Encrypt all patient related data over publicly available networks  Software discipline  Virus checking programs  System assessment  Run scripted attacks against one’s own system
  • 67. Recommendations  Develop security and confidentiality policies  Publish  Committees  ISO’s  Sanctions  Patient access to audit logs  Who saw my record and why
  • 68. Future recommendations  Strong authentication  Token based authentication (two factor)  Enterprise wide authentication  One-time login to authorized systems  Access validation  Masking  Expanded audit trails  Electronic signatures
  • 69. Universal patient identifier  Methodology should have an explicit framework specifying linkages that violate patient privacy  Facilitate the identification of parties that make improper linkages  Unidirectional – should facilitate helpful linkages of health records but prevents identification of patient from health records or the identifier