SlideShare a Scribd company logo

Article on The Electronic Health Record

Anurag Deb
Anurag Deb

The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter, as well as supporting other care-related activities directly or indirectly via interface including evidence-based decision support, quality management, and outcomes reporting.

EducationTechnologyBusiness
1 of 16
Download to read offline
Electronic Health Records Introduction The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter, as well as supporting other care-related activities directly or indirectly via interface including evidence-based decision support, quality management, and outcomes reporting. EHR is generated and maintained within an institution, such as a hospital, integrated delivery network, clinic, or physician office. Advantages of EHR  Tools for Quality Improvement  Greater Efficiency  Tools to Monitor Population Health  Tools to Monitor Privacy & Security Since EHR contains important patient records the security of EHR systems is a major concern. If EHR systems are not secure, patients may get improper health care or have life-shattering or embarrassing information exposed due to privacy breaches. The Nationwide Health Information Network (NHIN) is being developed to provide a secure, nationwide, interoperable health information infrastructure that will connect providers, consumers, and others involved in supporting health and healthcare. Goals of NHIN  Developing capabilities for standards-based, secure data exchange nationwide.  Improving the coordination of care information among hospitals, laboratories, physicians offices, pharmacies, and other providers.
 Ensuring appropriate information is available at the time and place of care.  Ensuring that consumers’ health information is secure and confidential.  Giving consumers new capabilities for managing and controlling their personal health records as well as providing access to their health information from electronic health records (EHRs) and other sources.  Reducing risks from medical errors and supporting the delivery of appropriate, evidence- based medical care.  Lowering healthcare costs resulting from inefficiencies, medical errors, and incomplete patient information. The American and Reinvestment Act of 2009(ARRA) provides $34 billion of incentives to heath care providers to deploy EHRs that are certified for meaningful use. Certification of EHRs began in 2006, conducted primarily by the Certification Commission of Healthcare IT (CCHIT). The CCHIT Certified program is an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security using criteria developed by CCHIT’s broadly representative, expert work groups. EHR systems contain many assets that are just as valuable to attackers as they are to health care providers including patient’s health records, the service the EHR system provides, patient identity, billing information and the audit trail of the transactions that have occurred in the system. The goal is to improve the security assessment within EHR system certification processes by empirically accessing the ability of current security certification criteria to surface a range of vulnerability types. This paper performed exploratory security analysis on to web based EHR systems that are seeking CCHIT certification: OpenEMR, an Open source EHR system and proprietaryMed, a proprietary EHR system. The next chapter provides requisite background information on CCHIT, misuse cases and insider threats.
Relationship to Other Domains American’s financial institution have recognized the impact of information security threats and, in lieu of “security checklist” certification, recommend that banks who develop applications in- house should follow an enterprise-wide effort that incorporates attack models and systematic application testing. A similar problem exists in voting machine. Voting machine have no quality control in the development of their source code, resulting in exploits such as impersonating legitimate voting terminals and linking voters with their votes. In the realm of healthcare, many security analysts have studied the security of implantable pacemakers, and discovered that their wireless communication protocols can be reverse-engineered and manipulated by someone other than patient’s doctor. Insider Attacks An insider attack occurs when employees of an organization with legitimate access to their organization information systems use these systems to sabotage their organization IT infrastructure or commit fraud. Researchers at the Software Engineering Institute at Carnegie Mellon released a comprehensive study on insider threats that reviewed 49 cases of Insider IT Sabotage between 1996 and 2002. [1] According to the study:  90% of insider attackers were given administrative or high level privileges to the target system.  81% of the incidents involved losses to the organization, with dollar amounts estimated between “five hundred dollars” and “tens of millions of dollars.”  The majority of attackers attacked after they were terminated from the organization.  Lack of access controls facilitated IT sabotage.  Attackers created or used access paths unknown to management to set up their attacks and conceal their identities.
Use Cases vs. Misuse Cases Both use cases and misuse cases can be used for software security requirements. A use case is a “description of the possible sequences of interactions between the system under discussion and its external actors, related to a particular goal”. Use cases can be helpful to express functional security, such as the ability to change a user’s password or the requirement that passwords should be stored using the most up-to-date cryptographic techniques. A misuse case specifies a “negative” use case, that is: behavior that is not allowed in the proposed system. Like a misuse case might read: “An attacker spoofs another user’s identity” or “An attacker causes a denial of service by rending the homepage to be blank for all future users,” or “An attacker executes applications on the client’s computer.” Only misuse cases can specify the functionality that system should not have. Software security testing involves creating a plan of attack and attempting to expose vulnerabilities in software by forcing the system to do what is not allowed by the specification or requirements. [1] Certification of EHR Systems The Office of the National Coordinator for Health Information Technology (ONC) maintains the standards that certifying bodies must use in evaluating EHR systems. This section presents information on the leading certification body, CCHIT. Next, we describe the conformance test methods being developed by NIST in concert with the ONC. CCHIT Criteria CCHIT (Certification Commission for Health Information Technology) certified an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security. Products that are CCHIT Certified are tested against criteria developed by the Commission’s broadly representative, expert work groups. This program is intended to serve health care providers looking for greater assurance that a product
will meet their complex needs. As part of this independent evaluation, successful use is verified at live sites and product usability is rated. Goals of CCHIT:  Reduce the risk of Healthcare Information Technology (HIT) investment by physicians and other providers.  Ensure interoperability (compatibility) of HIT products.  Assure payers and purchasers providing incentives for electronic health records (EHR) adoption that the ROI (Return on Investment) will be improved quality.  Protect the privacy of patients' personal health information. NIST Meaningful Use Test Methods NIST Certifications has to do with "verifying that a specific piece of equipment does what it's supposed to do within the specifications documented by the manufacturer". N.I.S.T. stands for the "National Institute of Standards and Technology" located in Boulder, CO. This NIST Certification is acknowledged in many different ways. Other names for NIST Certification maybe Certificate of Calibration, Traceable Calibration, Certificate of Traceability, etc. The NIST security criteria are similar to the CCHIT security criteria in that they focus on functional security aspects such as passwords and hashing. The NIST test scripts, however, contain a few test scripts that assess whether the EHR system properly enforces its authorization specifications. The NIST test procedures state that a tester should try to authenticate with a deleted account and that the authentication attempt should fail. [1] EHR System Attacker Motivation An analysis of software system security must consider the motivation of possible attackers. EHR applications have valuable assets, such as the following:  Health Records, protected by Health Insurance Portability and Accountability Act (HIPAA, protects health insurance coverage for workers and their families when they change or lose their jobs), Privacy and Security rules, contain personal and sensitive information
about what procedures and tests a patient has had, as well as diagnoses that a patient has received from doctors. For example, some medical diagnoses are stigmatized, like a sexually transmitted disease diagnoses. Other information can be life threatening, such as allergies. Insurance companies as well as employers are interested in knowing a patient’s health record to make unethical decisions about whether to cover a patient or whether to hire a patient, respectively.  The Service provided by the software system is invaluable to the medical practice that deploys it. Without a working health record system (as in the case of soft denial of service), a medical practice can be rendered non functional, since much of medicine is based on prior history. Further, not being able to access a patient health records could cause serious threats to patient safety.  Identity and Billing Information, including credit card numbers, social security numbers, home addresses and telephone numbers, make for attractive targets for any attacker wishing to steal patient’s identities or commit credit card fraud. The Authenticity and Audit Trail (or repudiation) of the data contained within the health record system is essential. Just as with the service the system provides by itself, doctors and healthcare practitioners depend on the accuracy and availability of the data to make critical decision about patient care. If a patient has an incorrect listing or no listing of a certain allergy due to a malicious attack, that patient could die by being given the wrong prescription. Further, patients and doctors alike could forge health records with no chance of getting caught. For example, a patient would be motivated to alter the record of a disease or doctor's visit to get worker's compensation or to get access to narcotics. A doctor could retroactively create the record of the completion of a certain medical procedure to exonerate his or herself from a medical malpractice charge. Firebug Firebug is a web development plug-in for the Mozilla Firefox browser that allows the debugging, editing, and monitoring of any website's CSS, HTML, DOM, and JavaScript, and provides other Web development tools. It also allows the tracking and analysis of HTTP traffic. It is a tool that is used for web security testing and for web site performance analysis. Here, Firebug is used for
examining hidden control fields within web pages and monitoring the progress and status of various attacks. In addition, it contains a JavaScript debugging utility that executes any script live that the user enters into the console. This functionality made Firebug a solid choice to add to our attack arsenal because we could more quickly and easily manipulate HTML components and test JavaScript attacks without having to compose additional web pages to hold those attacks or store those attacks on our test servers. WebScarab WebScarab is designed to expose the workings of an HTTP(S) based application, whether to allow the developer to debug or to allow a security specialist to identify vulnerabilities. WebScarab is a portable framework written in Java for analyzing applications for the information security that communicate using the HTTP and HTTPS protocols. In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review the conversations (requests and responses) that have passed through WebScarab. WebScarab is based on a plug-in architecture; Where WebScarab has several modes of operation, implemented by a number of plug-ins. Here, the paper configured the browsers to use WebScarab as an HTTP proxy, which allowed WebScarab to monitor and store any traffic between the computers and the test servers that ran the target application. In its basic mode of functionality, WebScarab records and then forwards any HTTP requests and responses that come to and from any browser that is configured to use WebScarab as a proxy. Many modern web applications use the POST method for HTTP requests; meaning parameters that are passed through the URL are ignored. For example, in the request: http://localhost/script.php?test=abc The POST parameter test is empty, where as the GET parameter test contains the string abc. If the web application is using GET parameters to receive user input, then an attacker need only modify the URL to change the value of the parameter test. However, in a POST request, the parameter is not included in the URL, and is only accessible from an HTML form or by examining the HTTP request that is sent to the server.
Both of our targeted applications used JavaScript to disallow certain characters to be input into a certain field on various form fields, a technique known as Client side filtering. Attack Environment Figure1. Detailed Diagram of Network Setup The above figure shows the detailed view of our testing network setup. Here they deployed OpenEMR on a Linux server running Ubuntu v8.04.4 and Apache v2.2.8 with 800MB of RAM and an Intel Premium4 2.40GHz processor. Each team member used WebScarab as a proxy and Firebug as a JavaScript debugger. They also used a separate server to host various attack scripts to make them generally accessible to the team. The additional server simplified the process of saving user’s session cookies. The additional server was hosted on a Linux machine running Ubuntu v9.10 and Apache v2.2.12 with 512MB of RAM and an Intel Celeron 2.40GHz processor. OpenEMR OpenEMR is an open source EHR web application written in PHP and licensed under the GNU General Public License (GPL). OpenEMR is actively pursuing CCHIT certification. OpenEMR is supported and maintained by Open Source Medical Software (OSMS), which is an
all-volunteer medical organization committed to the development of open source EHR applications can provide equal technological access to people who are typically considered to be at a socioeconomic disadvantage. OpenEMR has five user roles:  Accounting  Administrator  Clinician  Front Office  Physician ProprietaryMed ProprietaryMed is a web-based EHR created for use in primary care practices. ProprietaryMed uses the Microsoft ASP.NET15 with JavaScript on the front end. PropreitaryMed is closed-source, is a paid product, and uses a different architecture of frameworks than does OpenEMR. Additionally, ProprietaryMed has an install base of 14 physician practices, 17 physicians, and about 80 clinical and non-clinical staff. The practices are maintaining the electronic health records of over 21,000 patients. It allows eight distinct user roles:  Medical Assistant,  Practice Administrator  Lab Technician  Doctor  Profile Setup  Office Manager  Nurse Practitioner and  Physician's Assistant.
Successful Exploits Each of the exploits described here falls into one of two groups :  Implementation bugs  design flaws Implementation bugs are code-level software problems, such as cross-site scripting. Design flaws are high-level problems associated with the architecture and design of the system, such as allowing an administrator to view every user's records. In the next section, we present seven types discovered implementation bugs. Implementation Bugs Implementation bugs are code-level security problems. In the following situations, the EHRs we examined did not fulfill certain security goals that pertain to keeping patient records confidential or ensuring the availability of the system.
Cross-Site Scripting It’s a computer security vulnerability that enables malicious attackers to inject client side script into web-page viewed by other users. Phishing It is an attempt to acquire sensitive information such as user names, passwords etc. by masking as a trustworthy entity.
SQL Injections SQL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.  Misuse case(s): An Attacker obtains every user's username and password.  Violates CCHIT Criteria: SC 06.12 – The system shall verify that a person or entity seeking access to electronic health information across a network is the one claimed and is authorized to access such information.  Exposed by CCHIT Test Script: None.  Vulnerable Application(s): OpenEMR.
When an attacker exploits a lack of input validation to force unintended system behavior by inserting reserved words or characters into input fields that alter the logical structure of a SQL statement is known SQL Injection attack.
Conclusion In this paper a representative set of implementation bugs and design flaws are exploited that could lead to critical consequences to patient privacy. The paper discusses about the two major weaknesses of CCHIT certification process. The first is that the CCHIT test script fail to test for the existence of implementation bugs or security issues that deal with the way the system achieves security requirements.
Bibliography 1) Research paper from ACM portal 2) http://www.ncrr.nih.gov/publications/informatics/ehr.pdf 3) http://www.hhs.gov/health/healthnetwork/background/ 4) Wikipedia. 5) http://mhcc.maryland.gov/electronichealth/mhitr/EHR%20Links/challenges_to_ehr.pdf 6) www.drivencompany.com/nist.cfm 7) http://go4webapps.com/2010/04/24/webscarab-web-security-application-testing-tool/

Recommended

Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on CloudSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Compliance Today
Compliance TodayCompliance Today
Compliance TodayBernard T. McClellan
 
HIPAA compliance MA Healthcare scenario
HIPAA compliance MA Healthcare scenarioHIPAA compliance MA Healthcare scenario
HIPAA compliance MA Healthcare scenarioBrian Wong
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewjournalBEEI
 
Cyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comCyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comMcdonaldRyan80
 
Cst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comCst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comDavis10a
 

Recommended

Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on CloudSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Compliance Today
Compliance TodayCompliance Today
Compliance TodayBernard T. McClellan
 
HIPAA compliance MA Healthcare scenario
HIPAA compliance MA Healthcare scenarioHIPAA compliance MA Healthcare scenario
HIPAA compliance MA Healthcare scenarioBrian Wong
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewjournalBEEI
 
Cyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comCyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comMcdonaldRyan80
 
Cst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comCst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comDavis10a
 
Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2CitiusTech
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeMedSafe
 
Csec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comCsec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comDavis10a
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comMcdonaldRyan78
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_Appsian
 
CSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comCSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
Scary acronyms
Scary acronymsScary acronyms
Scary acronymsDeven McGraw
 
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...IJERA Editor
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Csec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comCsec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comrobertlesew5
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comKeatonJennings104
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comVSNaipaul15
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comagathachristie112
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...CitiusTech
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comkopiko146
 
Federated architecture
Federated architectureFederated architecture
Federated architectureACCESS Health Digital
 
CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.comjonhson198
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla borokayla_ann_30
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfJacob Li
 

More Related Content

What's hot

Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataCitiusTech
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2CitiusTech
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeMedSafe
 
Csec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comCsec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comDavis10a
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comMcdonaldRyan78
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_Appsian
 
CSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comCSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Mark Merrill
 
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...IJERA Editor
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Csec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comCsec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comrobertlesew5
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comKeatonJennings104
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comVSNaipaul15
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comagathachristie112
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...CitiusTech
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comkopiko146
 
CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.comjonhson198
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare ApplicationCitiusTech
 

What's hot (20)

Challenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials DataChallenges and Opportunities Around Integration of Clinical Trials Data
Challenges and Opportunities Around Integration of Clinical Trials Data
 
Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2Speeding up Healthcare Application with HTTP/2
Speeding up Healthcare Application with HTTP/2
 
What Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafeWhat Is Security Risk Analysis? By: MedSafe
What Is Security Risk Analysis? By: MedSafe
 
Csec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comCsec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.com
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.com
 
4. data security eb__1_
4. data security eb__1_4. data security eb__1_
4. data security eb__1_
 
CSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comCSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.com
 
Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected? Cyber Risk in Healthcare Industry- Are you Protected?
Cyber Risk in Healthcare Industry- Are you Protected?
 
Scary acronyms
Scary acronymsScary acronyms
Scary acronyms
 
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
An Effective Security Mechanism for M-Commerce Applications Exploiting Ontolo...
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com
 
Csec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comCsec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.com
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.com
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.com
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.com
 
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
Artificial Intelligence - Potential Game Changer for Medical Technology Compa...
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.com
 
Federated architecture
Federated architectureFederated architecture
Federated architecture
 
CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 

Similar to Article on The Electronic Health Record

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla borokayla_ann_30
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfJacob Li
 
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxSTUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxhanneloremccaffery
 
Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)nikita024
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare SystemAmanda Gray
 
New Age Technology in Healthcare
New Age Technology in HealthcareNew Age Technology in Healthcare
New Age Technology in HealthcareMarcus Selvide
 
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207Erik Ginalick
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxssuserf9c51d
 
Cis evaluation final_presentation, nur 3563 sol1
Cis evaluation final_presentation, nur 3563 sol1Cis evaluation final_presentation, nur 3563 sol1
Cis evaluation final_presentation, nur 3563 sol1SBU
 
Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordComputer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordRebotto89
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxArti Parab Academics
 
Survey of open source health information systems
Survey of open source health information systemsSurvey of open source health information systems
Survey of open source health information systemshiij
 
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS hiij
 
Healthcare software development Companies
Healthcare software development CompaniesHealthcare software development Companies
Healthcare software development Companiestdbhupendrasharma
 
Cain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxCain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxRAHUL126667
 
Nursing Informatics Part 2 Paper.docx
Nursing Informatics Part 2 Paper.docxNursing Informatics Part 2 Paper.docx
Nursing Informatics Part 2 Paper.docx4934bk
 
HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007Richard Moore
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 

Similar to Article on The Electronic Health Record (20)

Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
 
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docxSTUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
STUDY PROTOCOL Open AccessSafety Assurance Factors for Ele.docx
 
Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)Evaluation of a clinical information system (cis)
Evaluation of a clinical information system (cis)
 
Questions On The Healthcare System
Questions On The Healthcare SystemQuestions On The Healthcare System
Questions On The Healthcare System
 
New Age Technology in Healthcare
New Age Technology in HealthcareNew Age Technology in Healthcare
New Age Technology in Healthcare
 
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
Electronic Health Records Protecting Assets With A Solid Security Plan Wp101207
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 
Cis evaluation final_presentation, nur 3563 sol1
Cis evaluation final_presentation, nur 3563 sol1Cis evaluation final_presentation, nur 3563 sol1
Cis evaluation final_presentation, nur 3563 sol1
 
Computer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health RecordComputer Information Systems and the Electronic Health Record
Computer Information Systems and the Electronic Health Record
 
Mikhaela ripa
Mikhaela ripaMikhaela ripa
Mikhaela ripa
 
Evaluation of A CIS
Evaluation of A CISEvaluation of A CIS
Evaluation of A CIS
 
Health Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptxHealth Informatics- Module 5-Chapter 1.pptx
Health Informatics- Module 5-Chapter 1.pptx
 
Survey of open source health information systems
Survey of open source health information systemsSurvey of open source health information systems
Survey of open source health information systems
 
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
SURVEY OF OPEN SOURCE HEALTH INFORMATION SYSTEMS
 
Healthcare software development Companies
Healthcare software development CompaniesHealthcare software development Companies
Healthcare software development Companies
 
Cain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docxCain and AbelOphcrackStart H.docx
Cain and AbelOphcrackStart H.docx
 
Nursing Informatics Part 2 Paper.docx
Nursing Informatics Part 2 Paper.docxNursing Informatics Part 2 Paper.docx
Nursing Informatics Part 2 Paper.docx
 
HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007HIMSS GSA e-Authentication whitepaper June 2007
HIMSS GSA e-Authentication whitepaper June 2007
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 

More from Anurag Deb

Open Script (OATS)
Open Script (OATS)Open Script (OATS)
Open Script (OATS)Anurag Deb
 
Tutorials on Macro
Tutorials on MacroTutorials on Macro
Tutorials on MacroAnurag Deb
 
letter of appreciation 2
letter of appreciation 2letter of appreciation 2
letter of appreciation 2Anurag Deb
 
letter of appreciation 1
letter of appreciation 1letter of appreciation 1
letter of appreciation 1Anurag Deb
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health recordsAnurag Deb
 
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...Anurag Deb
 

More from Anurag Deb (8)

Git github
Git githubGit github
Git github
 
Open Script (OATS)
Open Script (OATS)Open Script (OATS)
Open Script (OATS)
 
Tutorials on Macro
Tutorials on MacroTutorials on Macro
Tutorials on Macro
 
letter of appreciation 2
letter of appreciation 2letter of appreciation 2
letter of appreciation 2
 
letter of appreciation 1
letter of appreciation 1letter of appreciation 1
letter of appreciation 1
 
Electronic health records
Electronic health recordsElectronic health records
Electronic health records
 
Let me design
Let me designLet me design
Let me design
 
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...
Virtual Memory In Contemporary Microprocessors And 64-Bit Microprocessors Arc...
 

Recently uploaded

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 

Recently uploaded (20)

BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 

Article on The Electronic Health Record

  • 1. Electronic Health Records Introduction The Electronic Health Record (EHR) is a longitudinal electronic record of patient health information generated by one or more encounters in any care delivery setting. Included in this information are patient demographics, progress notes, problems, medications, vital signs, past medical history, immunizations, laboratory data, and radiology reports. The EHR automates and streamlines the clinician's workflow. The EHR has the ability to generate a complete record of a clinical patient encounter, as well as supporting other care-related activities directly or indirectly via interface including evidence-based decision support, quality management, and outcomes reporting. EHR is generated and maintained within an institution, such as a hospital, integrated delivery network, clinic, or physician office. Advantages of EHR  Tools for Quality Improvement  Greater Efficiency  Tools to Monitor Population Health  Tools to Monitor Privacy & Security Since EHR contains important patient records the security of EHR systems is a major concern. If EHR systems are not secure, patients may get improper health care or have life-shattering or embarrassing information exposed due to privacy breaches. The Nationwide Health Information Network (NHIN) is being developed to provide a secure, nationwide, interoperable health information infrastructure that will connect providers, consumers, and others involved in supporting health and healthcare. Goals of NHIN  Developing capabilities for standards-based, secure data exchange nationwide.  Improving the coordination of care information among hospitals, laboratories, physicians offices, pharmacies, and other providers.
  • 2.  Ensuring appropriate information is available at the time and place of care.  Ensuring that consumers’ health information is secure and confidential.  Giving consumers new capabilities for managing and controlling their personal health records as well as providing access to their health information from electronic health records (EHRs) and other sources.  Reducing risks from medical errors and supporting the delivery of appropriate, evidence- based medical care.  Lowering healthcare costs resulting from inefficiencies, medical errors, and incomplete patient information. The American and Reinvestment Act of 2009(ARRA) provides $34 billion of incentives to heath care providers to deploy EHRs that are certified for meaningful use. Certification of EHRs began in 2006, conducted primarily by the Certification Commission of Healthcare IT (CCHIT). The CCHIT Certified program is an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security using criteria developed by CCHIT’s broadly representative, expert work groups. EHR systems contain many assets that are just as valuable to attackers as they are to health care providers including patient’s health records, the service the EHR system provides, patient identity, billing information and the audit trail of the transactions that have occurred in the system. The goal is to improve the security assessment within EHR system certification processes by empirically accessing the ability of current security certification criteria to surface a range of vulnerability types. This paper performed exploratory security analysis on to web based EHR systems that are seeking CCHIT certification: OpenEMR, an Open source EHR system and proprietaryMed, a proprietary EHR system. The next chapter provides requisite background information on CCHIT, misuse cases and insider threats.
  • 3. Relationship to Other Domains American’s financial institution have recognized the impact of information security threats and, in lieu of “security checklist” certification, recommend that banks who develop applications in- house should follow an enterprise-wide effort that incorporates attack models and systematic application testing. A similar problem exists in voting machine. Voting machine have no quality control in the development of their source code, resulting in exploits such as impersonating legitimate voting terminals and linking voters with their votes. In the realm of healthcare, many security analysts have studied the security of implantable pacemakers, and discovered that their wireless communication protocols can be reverse-engineered and manipulated by someone other than patient’s doctor. Insider Attacks An insider attack occurs when employees of an organization with legitimate access to their organization information systems use these systems to sabotage their organization IT infrastructure or commit fraud. Researchers at the Software Engineering Institute at Carnegie Mellon released a comprehensive study on insider threats that reviewed 49 cases of Insider IT Sabotage between 1996 and 2002. [1] According to the study:  90% of insider attackers were given administrative or high level privileges to the target system.  81% of the incidents involved losses to the organization, with dollar amounts estimated between “five hundred dollars” and “tens of millions of dollars.”  The majority of attackers attacked after they were terminated from the organization.  Lack of access controls facilitated IT sabotage.  Attackers created or used access paths unknown to management to set up their attacks and conceal their identities.
  • 4. Use Cases vs. Misuse Cases Both use cases and misuse cases can be used for software security requirements. A use case is a “description of the possible sequences of interactions between the system under discussion and its external actors, related to a particular goal”. Use cases can be helpful to express functional security, such as the ability to change a user’s password or the requirement that passwords should be stored using the most up-to-date cryptographic techniques. A misuse case specifies a “negative” use case, that is: behavior that is not allowed in the proposed system. Like a misuse case might read: “An attacker spoofs another user’s identity” or “An attacker causes a denial of service by rending the homepage to be blank for all future users,” or “An attacker executes applications on the client’s computer.” Only misuse cases can specify the functionality that system should not have. Software security testing involves creating a plan of attack and attempting to expose vulnerabilities in software by forcing the system to do what is not allowed by the specification or requirements. [1] Certification of EHR Systems The Office of the National Coordinator for Health Information Technology (ONC) maintains the standards that certifying bodies must use in evaluating EHR systems. This section presents information on the leading certification body, CCHIT. Next, we describe the conformance test methods being developed by NIST in concert with the ONC. CCHIT Criteria CCHIT (Certification Commission for Health Information Technology) certified an independently developed certification that includes a rigorous inspection of an EHR’s integrated functionality, interoperability and security. Products that are CCHIT Certified are tested against criteria developed by the Commission’s broadly representative, expert work groups. This program is intended to serve health care providers looking for greater assurance that a product
  • 5. will meet their complex needs. As part of this independent evaluation, successful use is verified at live sites and product usability is rated. Goals of CCHIT:  Reduce the risk of Healthcare Information Technology (HIT) investment by physicians and other providers.  Ensure interoperability (compatibility) of HIT products.  Assure payers and purchasers providing incentives for electronic health records (EHR) adoption that the ROI (Return on Investment) will be improved quality.  Protect the privacy of patients' personal health information. NIST Meaningful Use Test Methods NIST Certifications has to do with "verifying that a specific piece of equipment does what it's supposed to do within the specifications documented by the manufacturer". N.I.S.T. stands for the "National Institute of Standards and Technology" located in Boulder, CO. This NIST Certification is acknowledged in many different ways. Other names for NIST Certification maybe Certificate of Calibration, Traceable Calibration, Certificate of Traceability, etc. The NIST security criteria are similar to the CCHIT security criteria in that they focus on functional security aspects such as passwords and hashing. The NIST test scripts, however, contain a few test scripts that assess whether the EHR system properly enforces its authorization specifications. The NIST test procedures state that a tester should try to authenticate with a deleted account and that the authentication attempt should fail. [1] EHR System Attacker Motivation An analysis of software system security must consider the motivation of possible attackers. EHR applications have valuable assets, such as the following:  Health Records, protected by Health Insurance Portability and Accountability Act (HIPAA, protects health insurance coverage for workers and their families when they change or lose their jobs), Privacy and Security rules, contain personal and sensitive information
  • 6. about what procedures and tests a patient has had, as well as diagnoses that a patient has received from doctors. For example, some medical diagnoses are stigmatized, like a sexually transmitted disease diagnoses. Other information can be life threatening, such as allergies. Insurance companies as well as employers are interested in knowing a patient’s health record to make unethical decisions about whether to cover a patient or whether to hire a patient, respectively.  The Service provided by the software system is invaluable to the medical practice that deploys it. Without a working health record system (as in the case of soft denial of service), a medical practice can be rendered non functional, since much of medicine is based on prior history. Further, not being able to access a patient health records could cause serious threats to patient safety.  Identity and Billing Information, including credit card numbers, social security numbers, home addresses and telephone numbers, make for attractive targets for any attacker wishing to steal patient’s identities or commit credit card fraud. The Authenticity and Audit Trail (or repudiation) of the data contained within the health record system is essential. Just as with the service the system provides by itself, doctors and healthcare practitioners depend on the accuracy and availability of the data to make critical decision about patient care. If a patient has an incorrect listing or no listing of a certain allergy due to a malicious attack, that patient could die by being given the wrong prescription. Further, patients and doctors alike could forge health records with no chance of getting caught. For example, a patient would be motivated to alter the record of a disease or doctor's visit to get worker's compensation or to get access to narcotics. A doctor could retroactively create the record of the completion of a certain medical procedure to exonerate his or herself from a medical malpractice charge. Firebug Firebug is a web development plug-in for the Mozilla Firefox browser that allows the debugging, editing, and monitoring of any website's CSS, HTML, DOM, and JavaScript, and provides other Web development tools. It also allows the tracking and analysis of HTTP traffic. It is a tool that is used for web security testing and for web site performance analysis. Here, Firebug is used for
  • 7. examining hidden control fields within web pages and monitoring the progress and status of various attacks. In addition, it contains a JavaScript debugging utility that executes any script live that the user enters into the console. This functionality made Firebug a solid choice to add to our attack arsenal because we could more quickly and easily manipulate HTML components and test JavaScript attacks without having to compose additional web pages to hold those attacks or store those attacks on our test servers. WebScarab WebScarab is designed to expose the workings of an HTTP(S) based application, whether to allow the developer to debug or to allow a security specialist to identify vulnerabilities. WebScarab is a portable framework written in Java for analyzing applications for the information security that communicate using the HTTP and HTTPS protocols. In its simplest form, WebScarab records the conversations (requests and responses) that it observes, and allows the operator to review the conversations (requests and responses) that have passed through WebScarab. WebScarab is based on a plug-in architecture; Where WebScarab has several modes of operation, implemented by a number of plug-ins. Here, the paper configured the browsers to use WebScarab as an HTTP proxy, which allowed WebScarab to monitor and store any traffic between the computers and the test servers that ran the target application. In its basic mode of functionality, WebScarab records and then forwards any HTTP requests and responses that come to and from any browser that is configured to use WebScarab as a proxy. Many modern web applications use the POST method for HTTP requests; meaning parameters that are passed through the URL are ignored. For example, in the request: http://localhost/script.php?test=abc The POST parameter test is empty, where as the GET parameter test contains the string abc. If the web application is using GET parameters to receive user input, then an attacker need only modify the URL to change the value of the parameter test. However, in a POST request, the parameter is not included in the URL, and is only accessible from an HTML form or by examining the HTTP request that is sent to the server.
  • 8. Both of our targeted applications used JavaScript to disallow certain characters to be input into a certain field on various form fields, a technique known as Client side filtering. Attack Environment Figure1. Detailed Diagram of Network Setup The above figure shows the detailed view of our testing network setup. Here they deployed OpenEMR on a Linux server running Ubuntu v8.04.4 and Apache v2.2.8 with 800MB of RAM and an Intel Premium4 2.40GHz processor. Each team member used WebScarab as a proxy and Firebug as a JavaScript debugger. They also used a separate server to host various attack scripts to make them generally accessible to the team. The additional server simplified the process of saving user’s session cookies. The additional server was hosted on a Linux machine running Ubuntu v9.10 and Apache v2.2.12 with 512MB of RAM and an Intel Celeron 2.40GHz processor. OpenEMR OpenEMR is an open source EHR web application written in PHP and licensed under the GNU General Public License (GPL). OpenEMR is actively pursuing CCHIT certification. OpenEMR is supported and maintained by Open Source Medical Software (OSMS), which is an
  • 9. all-volunteer medical organization committed to the development of open source EHR applications can provide equal technological access to people who are typically considered to be at a socioeconomic disadvantage. OpenEMR has five user roles:  Accounting  Administrator  Clinician  Front Office  Physician ProprietaryMed ProprietaryMed is a web-based EHR created for use in primary care practices. ProprietaryMed uses the Microsoft ASP.NET15 with JavaScript on the front end. PropreitaryMed is closed-source, is a paid product, and uses a different architecture of frameworks than does OpenEMR. Additionally, ProprietaryMed has an install base of 14 physician practices, 17 physicians, and about 80 clinical and non-clinical staff. The practices are maintaining the electronic health records of over 21,000 patients. It allows eight distinct user roles:  Medical Assistant,  Practice Administrator  Lab Technician  Doctor  Profile Setup  Office Manager  Nurse Practitioner and  Physician's Assistant.
  • 10. Successful Exploits Each of the exploits described here falls into one of two groups :  Implementation bugs  design flaws Implementation bugs are code-level software problems, such as cross-site scripting. Design flaws are high-level problems associated with the architecture and design of the system, such as allowing an administrator to view every user's records. In the next section, we present seven types discovered implementation bugs. Implementation Bugs Implementation bugs are code-level security problems. In the following situations, the EHRs we examined did not fulfill certain security goals that pertain to keeping patient records confidential or ensuring the availability of the system.
  • 11. Cross-Site Scripting It’s a computer security vulnerability that enables malicious attackers to inject client side script into web-page viewed by other users. Phishing It is an attempt to acquire sensitive information such as user names, passwords etc. by masking as a trustworthy entity.
  • 12.
  • 13. SQL Injections SQL injection is a technique often used to attack a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.  Misuse case(s): An Attacker obtains every user's username and password.  Violates CCHIT Criteria: SC 06.12 – The system shall verify that a person or entity seeking access to electronic health information across a network is the one claimed and is authorized to access such information.  Exposed by CCHIT Test Script: None.  Vulnerable Application(s): OpenEMR.
  • 14. When an attacker exploits a lack of input validation to force unintended system behavior by inserting reserved words or characters into input fields that alter the logical structure of a SQL statement is known SQL Injection attack.
  • 15. Conclusion In this paper a representative set of implementation bugs and design flaws are exploited that could lead to critical consequences to patient privacy. The paper discusses about the two major weaknesses of CCHIT certification process. The first is that the CCHIT test script fail to test for the existence of implementation bugs or security issues that deal with the way the system achieves security requirements.
  • 16. Bibliography 1) Research paper from ACM portal 2) http://www.ncrr.nih.gov/publications/informatics/ehr.pdf 3) http://www.hhs.gov/health/healthnetwork/background/ 4) Wikipedia. 5) http://mhcc.maryland.gov/electronichealth/mhitr/EHR%20Links/challenges_to_ehr.pdf 6) www.drivencompany.com/nist.cfm 7) http://go4webapps.com/2010/04/24/webscarab-web-security-application-testing-tool/