Data security in healthcare: Key Scenarios

Questions and Answers

In the context of data security, which scenario most critically threatens the integrity of electronic health records?

• A denial-of-service attack that temporarily prevents doctors from accessing patient information.
• A ransomware attack that encrypts patient records, demanding payment for decryption.
• A phishing scam where an attacker gains unauthorized access and alters a patient's medication list. (correct)
• An unencrypted database backup being stolen, potentially exposing patient information.

An organization's data classification policy categorizes data based on security objectives and potential impact. Which factor would be LEAST relevant when determining the classification level of a dataset containing employee personal information?

• The potential legal and financial ramifications of a data breach involving the dataset.
• The measures required to maintain continuous access to the dataset during a power outage. (correct)
• The degree to which the dataset is susceptible to unauthorized modification or deletion.
• The ease with which unauthorized individuals could access the dataset.

A hospital implements audit logging for all database access. Which security objective is MOST directly supported by this practice?

• Ensuring the confidentiality of patient data.
• Preventing phishing attacks targeting hospital staff.
• Guaranteeing the availability of patient data.
• Maintaining the integrity of patient data. (correct)

A healthcare provider mandates two-factor authentication for all employees accessing patient records. While this enhances security, what is a potential disadvantage of this approach regarding the security objective of availability?

It relies on users having a secondary device, the loss of which could temporarily impede access to records. (C)

What is the MOST effective measure an individual can take to mitigate the risk of falling victim to a phishing attack?

Verifying the legitimacy of requests for personal information through official channels. (B)

What is the primary function of domain name providers in the context of the World Wide Web?

They reserve unique addresses for websites and associate them with the site's content. (C)

How does the 'Semantic Web' enhance the functionality of the existing World Wide Web?

By enabling automated agents to interpret and utilize data through metadata tags. (D)

What is the role of the Resource Description Framework (RDF) in the Semantic Web?

It serves as a means to describe documents and images with metadata. (D)

In the context of the Internet of Things (IoT), what is a key characteristic of 'smart' devices?

They are equipped with sensors, software, and connectivity that enable data exchange. (A)

Within the context of Health IoT, what is a significant risk associated with the extensive collection and transmission of patient data?

The security vulnerabilities and potential breaches of privacy. (A)

What distinguishes data from information in the context of data processing and knowledge management?

Data represents raw symbols or observations, while information is data that has been given context and meaning. (A)

How does the concept of 'linked data,' promoted by Sir Timothy Berners-Lee, contribute to the evolution of the World Wide Web?

It establishes a method for creating interconnected datasets, enabling machines to understand relationships between data points. (C)

Considering the future trends of the Internet, what impact might widespread adoption of IoT devices have on data centers?

Data centers will need to significantly increase their storage and processing capabilities to handle the massive influx of data. (C)

Which of the following best describes the primary role of dictionaries, such as ICD-10-CM and SNOMED-CT, in the conversion of data to information?

Providing meaning and context to raw data. (B)

In the context of clinical data, what is the key distinction between 'justified' knowledge and 'proven fact'?

'Justified' knowledge is supported by evidence, while 'proven fact' is considered irrefutable. (A)

Which of the following is NOT a typical characteristic of a Clinical Data Warehouse (CDW)?

Real-time updates of data. (B)

What is the primary purpose of ETL (Extract, Transform, Load) processes in the context of Clinical Data Warehouses (CDWs)?

To standardize and consolidate data from disparate sources into the CDW. (D)

Which of the following analytics is LEAST likely to be performed using a Clinical Data Warehouse (CDW)?

Tracking real-time vital signs of patients in the ICU. (D)

Consider a scenario where a hospital wants to identify patients who are at high risk of developing diabetes based on their historical data. Which of the following methods would be most suitable for this task, using a Clinical Data Warehouse (CDW)?

Complex analytics and machine learning algorithms. (D)

Why is interoperability important when transmitting data across different clinical platforms?

To maintain consistency of interpretation in the context of a specific task. (A)

Which of the following is the best application of Natural Language Processing (NLP) in converting information to knowledge within a Clinical Data Warehouse (CDW)?

Extracting structured data from unstructured clinical notes. (B)

Which scenario most accurately demonstrates the concept of 'feature creep' in software development?

A popular photo editing application adds a new feature to directly order prints, despite low customer demand, in an attempt to outperform its competitors. (B)

Which scenario most accurately demonstrates the use of SSL/TLS?

A user entering their credit card information on an e-commerce website. (D)

How does an operating system facilitate multitasking?

By rapidly switching CPU time between different programs in a manner that gives the user the impression they are running simultaneously. (B)

What is the fundamental role of an API (Application Programming Interface) in the context of software and hardware interaction?

To provide a set of pre-defined functions and protocols allowing software components to communicate regardless of their underlying architecture. (B)

A web developer is deciding on the best approach to store user-specific preferences for a website. Given considerations for privacy and data persistence, which solution is most appropriate?

Combining cookies for non-sensitive preferences with server-side sessions for sensitive user data to balance persistence, performance, and security. (D)

An organization wants to establish a presence on the internet, enabling users to access its resources and services. Which combination of the following components is essential for achieving this goal?

A domain name, a web hosting service, and a web server. (D)

Examine the following scenario: A user is working on a large video editing project and needs to store the final rendered video file. Considering long-term storage characteristics, what is the most appropriate storage medium?

Magnetic Storage (Hard Disk Drive) (D)

In the context of computer architecture, what is the primary distinction between hardware and software?

Hardware refers to the physical components of a computer system, while software consists of non-physical instructions and data. (D)

Consider a scenario where a user reports that a website they frequently visit now displays a warning indicating the connection is not secure. What is the most likely cause of this issue?

The website's SSL/TLS certificate has expired or is misconfigured. (B)

When designing a website, which of the following considerations are most important for ensuring cross-device compatibility and optimal user experience?

Implementing responsive web design principles, testing the website on various devices and browsers, and optimizing images for different screen sizes. (C)

A software program needs immediate access to frequently changing data for real-time processing. Which type of memory is most suitable for this purpose, and why?

RAM (Random Access Memory), because it allows fast, random access to data with low latency. (D)

A web development team is debating the best approach for managing user sessions in a high-traffic e-commerce application. Considering scalability and security, which strategy is most suitable?

Using server-side sessions with a distributed cache (e.g., Redis or Memcached) for session data storage, coupled with secure cookie-based session identifiers. (C)

Consider a scenario where a legacy computer system is being upgraded. The goal is to improve data access speed while maintaining a balance between cost and storage capacity. Which storage solution offers the best compromise?

Implementing a hybrid solution with a small SSD for the operating system and frequently accessed files, complemented by the existing HDD for bulk storage. (B)

Why is the Operating System considered a 'master program'?

Because the OS manages interactions between hardware and software. (A)

A small business owner wants to create a website. Which of the following indicates the correct relationship between a web server, a web host and an ISP, in order to give the business a website online.

The business owner requires web hosting and an ISP, but they do not need a web server. (C)

How does an Operating System translate electrical signals to interact with computer hardware?

By translating electrical signals into binary code (1s and 0s) that are then used as software commands for controlling hardware. (B)

A software engineer is tasked with optimizing the performance of a web application. Which of the following strategies would most effectively reduce latency and improve the user experience?

Minimizing HTTP requests by concatenating and minifying CSS and JavaScript files, leveraging browser caching, and using a Content Delivery Network (CDN) for static assets. (B)

Within the OS, which function determines the sequence and duration for program execution and hardware access?

Resource Management (C)

In the process of resolving a domain name, what critical function does the authoritative DNS server perform?

It provides the final IP address associated with the requested domain name. (B)

Why is DNS caching implemented by both the device and the DNS resolver?

To reduce latency and network traffic by storing previously resolved IP addresses for quicker future access. (A)

What is the primary risk associated with DNS spoofing (DNS cache poisoning)?

Redirecting users to malicious websites to steal sensitive information by inserting fake DNS records. (A)

How does TCP ensure reliable data transmission over the internet?

By dividing data into packets, confirming their delivery, and reassembling them at the destination. (A)

In the context of web browsing, what is the purpose of HTTP?

To enable communication between a web browser and a website's server for exchanging information. (A)

What role does a router play in network communication?

It connects different networks and directs data between them, ensuring it reaches the correct destination. (C)

How does a URL enable a web browser to access a specific resource on the internet?

It provides the address of the resource, allowing the browser to locate and retrieve it from the server. (D)

What role do Top-Level Domain (TLD) servers play in the DNS resolution process?

They direct the DNS resolver to the appropriate authoritative DNS server for a domain. (B)

Flashcards

DNS Resolver

A server that translates domain names to IP addresses.

DNS Spoofing

A cyberattack that inserts false DNS information into a server's cache.

Router

A device that connects different networks, directing data between them.

TCP

A protocol that ensures reliable data transmission over the internet.

Web Browser

Software used to access and interact with websites online.

URL

The address used to access resources on the internet.

HTTP

A protocol for sending requests and responses over the web.

HTML

A markup language for creating web pages and applications.

GUI

A Graphical User Interface allows users to interact with electronic devices visually.

Code bloat

When programmers add unnecessary code due to having excessive programming power.

Feature creep

The tendency to add features to software beyond what is necessary.

RAM

Random Access Memory is short-term memory used for active processes.

HDD

Hard Disk Drive, a form of long-term magnetic storage for data.

SSD

Solid State Drive, a faster long-term memory with no moving parts.

Operating System

Software that manages hardware and software resources on a computer.

API

Application Programming Interface, a set of rules for software programs to communicate.

Multi-tasking

The ability of an OS to manage multiple tasks by switching between them rapidly.

Cookie

A small data file that stores user preferences and information on a device.

Web

A system for accessing information on the Internet, used for various online activities.

Web Host

A service that stores websites and makes them accessible online.

Web Server

A computer or software that delivers website files to users upon request.

Data Center

Facilities that house computers and servers for data storage and management.

World Wide Web (WWW)

A system of interconnected web pages accessed through URLs.

Semantic Web

An extension of the web allowing data to be shared and reused across applications.

Resource Description Framework (RDF)

A framework for describing resources and data on the web.

Internet of Things (IoT)

A network of connected devices that communicate and share data via the Internet.

Health IoT

IoT applications in healthcare involving sensors and data sharing.

Data vs Information vs Knowledge vs Wisdom

Hierarchy: Data is raw; Information is organized data; Knowledge is applied information; Wisdom is informed decisions.

Data to Information

The process of assigning meaning to raw data using tools like dictionaries or ontologies.

Interoperability

The ability to maintain consistent interpretations of data across different systems.

Information to Knowledge

The transformation of information into knowledge through evidence-based justification.

Clinical Data Warehouse (CDW)

A system that collects and stores clinical data from multiple sources for analysis.

Structured vs Unstructured Data

Structured data is highly organized; unstructured data is raw and less organized.

Analytics in CDWs

Methods used to analyze patient groups and trends in clinical data.

Methods to Convert Information to Knowledge

Techniques like NLP, AI, and metadata used to extract knowledge from information.

Phishing Scam

A trick by cybercriminals pretending to be trusted sources to steal personal info.

Weak Passwords

Most common cause of a computer being hacked is weak or stolen passwords.

Two-Factor Authentication

An extra layer of security requiring two methods to verify identity.

Data Confidentiality

Prevention of unauthorized access to data, ensuring privacy.

Data Integrity

Assures data is trustworthy and unaltered by unauthorized users.

Study Notes

Materials for Medical Informatics Exam

• PPT - L1, L2, book Chapter 1: Introduction to informatics, evolution of computers, overview of health informatics, computer architectures
• PPT - L3, book Chapter 3: Network architectures, the Internet and the World Wide Web
• PPT - L4, L5 (part 1), book Chapter 3: Healthcare data, information and knowledge, quantification of data
• PPT - L5 (part 2), L6, book Chapter 2: Information Retrieval from Medical Knowledge Resources
• PPT - L7, book Chapter 15: Cybersecurity
• PPT - L8, book Chapter 10: Health Information Privacy and Security
• PPT - L9, book Chapter 4: Electronic Health Records
• PPT - L10, book Chapter 8: Clinical Decision Support Systems
• PPT - L11 + TBL 1 resources (Chapter 7), PPT - L12, book Chapter 16, + DICOM from Chapter 5, page 111: Healthcare Data Analytics
• PPT - L13, TBL 2 resources (Chapter 14), PPT - L14, book Chapter 12: Medical Imaging Informatics, Evidence-Based Medicine and Clinical Practice Guidelines, Consumer Health Informatics

Lecture 1: What is Informatics?

• Informatics is the discipline focused on the acquisition, storage, and use of information in a specific setting or domain.
• Medical informatics is a subset of informatics concerned with the management of healthcare data and information through the application of computers and other information technologies.
• Health information technology is the application of computers and technology in healthcare settings.

Numbering systems

• Binary, Decimal, Octal, Hexadecimal
• Ancient numbering systems: Roman numerals, Hebrew numerals, Indian numerals, Greek numerals, Phoenician numerals, Chinese rod numerals, Ge'ez numerals, Armenian numerals, Khmer numerals, Thai numerals, Abjad numerals, Eastern Arabic numerals, Western Arabic numerals

Lecture 2: Evolution of Computers

• First generation computers (1940-1954): Vacuum tube technology.
• Second generation computers (1955-1965): Transistor technology.
• Third generation computers (1970-present): Microprocessors, Large Scale Integration (LSI), Very large scale Integration (VLSI), high emphasis on software development
• History of computers in medicine, including 1949-1960s, German Society for Medical Documentation, Computer Science and Statistics, 1960s - MEDLINE and MEDLARIS, 1970s - Artificial intelligence (Al), and 1970s - EHR, 1991 - formally recommended in USA, 1996 - mobile technology, 2003- Human Genome Project

The natural diffusion of technology

• Wi-Fi
• Mobile technologies
• Voice recognition
• Digital imaging
• Wearable devices
• 3D printing

Types of Computers

• Supercomputer: Used for computationally intensive tasks (quantum mechanics, weather forecasting, etc.)
• Mainframe computer: Highly reliable, large, and capable of processing enormous amounts of data
• Server: Handles many transactions across a network
• Desktop PC
• Laptop PC
• Mobile devices (Tablets and Smartphones): Lower processing power but high portability
• Mobile devices (Smartphones): Highly portable, handheld computers
• Mobile and wearable devices and gadgets
• Various other computer types, including those used for specific medical tasks or needs.

Lecture 3: Hardware Architecture of Computers

• Hardware: Physical components of a computer (CPU, Cooler, Memory, Graphics Card, Motherboard, etc.)
• Software: Non-physical components of a computer (computer programs, operating systems)
• Memory: Short-term RAM and Long-term magnetic and solid state storage, optical storage.
• CPU (Central Processing Unit): The processor that carries out instructions
• Memory (RAM): Used for tasks, operations, and processing
• Long-term memory: Stores data permanently, magnetic and solid-state drives. Optical Storage with different advantages and disadvantages for different tasks
• File Extensions and formats. File extensions specify the type of file.
• Software and data storage methods

Lecture 4 : Networks

• What is a computer network?: A digital telecommunications network allowing nodes to share resources.
• Main characteristics: Connectivity, Reliability, Scalability, Modularity
• Key network hardware components: PCs, Servers, Routers, Switches, Fiber-optics, Cables, Wires, Radio Transmitters, etc.
• Key network services: Email, File-sharing, Instant messaging, Video streaming, Audio streaming, Searching
• Difference between networks: PAN (Personal Area Network), LAN (Local Area Network), WAN (Wide Area Network)

Lecture 5: Internet Protocols and Web Technology

• TCP/IP (Transmission Control Protocol/Internet Protocol): Ensures data transfer reliability.
• Web browser: Software for accessing and interacting with websites. Details about different browsers, including Google Chrome, Firefox, and Safari
• URL (Uniform Resource Locator): Webpage addresses.
• HTTP (Hypertext Transfer Protocol): System for communication between computers.
• HTML (HyperText Markup Language): Standard language for creating web content.
• Cookies: Small pieces of data stored on devices to remember user preferences.
• SSL/TLS (Secured Sockets Layer/Transport Layer Security): Encryption technology for secure communication..
• Web host: Service that stores and makes websites available online

Lecture 6: Data in Computers

• Data vs. information vs. knowledge vs. wisdom: Definition and examples. The hierarchical relationship between these terms
• Data in computers: Bits, Bytes, Kilobytes, File formats and extensions, how data is stored and handled numerically, Data types in computers.
• How to quantify Data, and what considerations to make, such as taking account of content, storage and transfer properties.
• Information technology (IT), Computer Science and Informatics.

Lecture 7: Search and Information Retrieval

• Search engines: How they work, role of 'spiders', search index content (keywords, content, metadata, links).
• The main challenge of search engines in delivering results.
• What is 'machine learning'?
• The responsibility for the reliability of the information provided in search results.
• Different types of knowledge: Primary research, Secondary knowledge based information, and the distinction between them

Lecture 8: Encryption and Cybersecurity

• What is encryption?: Process of converting data for secure code.
• What is decryption?: Turning encrypted data back into readable text.
• Types of Encryption keys.
• Public and private keys, their importance in the context of encryption
• Cybersecurity: Strategies, issues and concerns related to data security

Lecture 9: Electronic Health Records

• Brief history of EHRs, steps towards digitisation, evolution of computers, Internet's role.
• EHR key components: Electronic patient encounters and referral management feature.
• Challenges and issues in the use of EHRs, including financial barriers, physician resistance, loss of productivity, work flow changes, reduced interaction, and usability issues.

Lecture 10: Clinical Decision Support Systems (CDSS)

• Definition of Clinical Decision Support (CDS):Providing clinicians knowledge and information for better care.
• The Five Rights of CDS: Importance of the best evidence, providing to the correct person, the format best suited to communicating, delivery at the right time, and delivery in the right channel.
• Different types of CDSS: Methods used in information development and evaluation.

Lecture 11: Medical Imaging Informatics

• Medical imaging informatics (MII): Study and application of information and communication technology for medical image data.
• Picture Archiving and Communication Systems (PACS)
• Biomedical Imaging Informatics (BII): a broader discipline. It describes processes (and associated data), tools and systems for analysis, storage and handling of images.

Lecture 12: Evidence-Based Medicine

• Importance and necessity of using Evidence-based medicine
• Reasons for using EBM resources in clinical practice
• Methods of using EBM: Systematic approach, critical appraisal, external and internal validity, the evidence pyramid, the importance of clinical circumstances
• Different approaches, like Meta-analysis and systematic reviews

Lecture 13: Data Analytics Terminology

• Data Analytics definitions: Use of data, tools, statistical methods, various kinds of models (explanatory, predictive, cognitive, other models).
• Fact-based decisionmaking, levels of data analytics usage.

Lecture 14: Consumer Health Informatics

• Definition of Consumer Health Informatics (CHI): The interaction of consumers, patients, and other parties with health information systems.
• Emergence of CHI: Rise in consumer empowerment through availability of the internet.
• Focus of CHI: Enhancing health literacy, consumer-friendly language, personal health records and internet-based strategies, as well as methods for improving access and usability.

Lecture 15: Personal Health Records and Information Sharing

• Personal Health Records (PHRs): Definition and types of PHRs.
• Policy issues and considerations regarding personal health records.
• Ownership of personal medical data: The rights and responsibilities of patients and providers.
• Implications of PHRs and data ownership in healthcare.

Description

Evaluate threats to integrity of electronic records, data classification policies, audit logging, and authentication methods. Learn to identify phishing attacks and improve the security of healthcare data.