PrepComp_PPT_AFD_Lec09(2) (2).pdf
Document Details
Uploaded by ExuberantCommonsense9304
Imam Abdulrahman Bin Faisal University
Related
- A Concise History of the World: A New World of Connections (1500-1800)
- Lg 5 International Environmental Laws, Treaties, Protocols, and Conventions
- Ziraat Finans Grubu Uygulamaları
- Psychoanalytic Diagnosis: Understanding Personality Structure
- Dynamics of the Cell Membrane PDF - Istanbul Atlas University
- Health Education Chapter 1 Notes PDF
Full Transcript
Computer Skills Introduction to Health Information Systems (HIS) HIS Security 1 Content o Introduction o Data, Information, and knowledge o The characteristics of valuable information o Health Information Systems (HIS) basics o EMR vs HER vs PHR and...
Computer Skills Introduction to Health Information Systems (HIS) HIS Security 1 Content o Introduction o Data, Information, and knowledge o The characteristics of valuable information o Health Information Systems (HIS) basics o EMR vs HER vs PHR and e-Prescribing: (definitions, benefits and differences) Electronic medical records (EMR) Electronic Health Records (EHR) Personal Health Records (PHR) Electronic prescribing (e-Prescribing) o Health Information Exchange (HIE) o HIS Security 2 Learning Objectives At the end of this lesson you should be able to: 1. Describe the distinction that system access does not imply authorization to view or use. 2. List the healthcare worker’s responsibilities in relation to patient confidentiality within a HIS: access only to patient information when necessary. 3. Explain patient right not-to-know issues. 4. Explain the different kinds of attacks. 5. Give real life examples of attacks: malicious, non-malicious, and natural. 3 Health Information System Security o To reap the promise of digital health information to achieve better health outcomes, smarter spending, and healthier people, providers and individuals alike must trust that an individual’s health information is private and secure. If HIS are not secure and they have security breaches then patients do not trust such systems. o This lack of trust may incur: Reputational and financial harm. Harm to your patients. Vulnerability of patient information in your health information system. The risk of successful cyber-attack.. 4 Health Information System security The main principles of security within HIS o Information security is the protection of information and information systems from: Unauthorized access Use Disclosure Disruption Modification, or destruction o Information security is achieved by ensuring: The confidentiality The integrity, and The availability of information Figure: The CIA triad 5 Health Information System security The main principles of security within HIS Confidentiality o Confidentiality requires health care providers to keep a patient’s personal health information private. o Creating a trusting environment by respecting patient privacy encourages the patient to seek health care. o In accordance with the Health Information Portability and Accountability Act of 1997 (HIPAA), institutions are required to have policies to protect the privacy of patients’ electronic information. 6 Health Information System security The main principles of security within HIS Integrity o Integrity means that a health institution’s data is dependable and accurate. o It also means that only authorized users can have access to patient data and that the data is not altered or destroyed in any manner. 7 Health Information System security The main principles of security within HIS Availability o Availability means that HIS is available for end users. o Availability is ensured by: Proper maintenance of all hardware Keeping current with all system upgrades Providing adequate communication bandwidth Fast and adaptive disaster recovery. 8 Information Security in Health Care Security threats o The object of security is to protect valuable or sensitive organizational information while making it readily available. o Attackers trying to harm a system or disrupt normal business operations. They exploit vulnerabilities by using various techniques, methods, and tools. o System administrators need to understand the various aspects of security to develop measures and policies to protect assets and limit their vulnerabilities. 9 Information Security in Health Care Security threats o Attackers generally have motives or goals—for example, to disrupt normal business operations or steal information. Security threats Human Natural desasters Floods, Fires, Malicious Non-Malicious Earthquakes, Hurricanes Outsiders Insiders Ignorant employees Like crackers or Like disgruntled hackers employees Figure: Security threats into different areas 10 Information Security in Health Care Natural disasters o Nobody can stop nature from taking its course. Earthquakes, hurricanes, floods, lightning, and fire can cause severe damage to computer systems. o Information can be lost, downtime or loss of productivity can occur, and damage to hardware can disrupt other essential services. o Few safeguards can be implemented against natural disasters. The best approach is to have disaster recovery plans and contingency plans in place. o Other threats such as riots, wars, and terrorist attacks could be included here. Although they are human-caused threats, they are classified as disastrous. 11 Information Security in Health Care Human threats – Malicious threats o Malicious threats consist of: Inside attacks by disgruntled or malicious employees, and Outside attacks by non-employees just looking to harm and disrupt an organization. o The most dangerous attackers are usually insiders (or former insiders), because they know many of the codes and security measures that are already in place. 12 Information Security in Health Care Human threats – Malicious threats o Malicious attackers normally will have a specific goal, objective, or motive for an attack on a system. These goals could be to disrupt services and the continuity of business operations. o Attackers are not the only ones who can harm an organization The primary threat to data integrity comes from authorized users who are not aware of the actions they are performing. o Errors and omissions can cause valuable data to be lost, damaged, or altered. 13 Information Security in Health Care Human threats – Malicious threats o The goal of some attacks is not the physical destruction of the computer system but the penetration and removal or copying of sensitive information. o Attackers want to achieve these goals either for personal satisfaction or for a reward. o Malicious attackers can gain access or deny services in numerous ways. Examples: Virus, Trojan horses, worms, password cracking, and Email hacking. 14 Information Security in Health Care Human threats – Non-malicious threats o Non-malicious threats usually come from employees who are untrained in computers and are unaware of security threats and vulnerabilities. Example: Users who open up Microsoft Word documents using Notepad, edit the documents, and then save them could cause serious damage to the information stored on the document. o Users, data entry clerks, system operators, and programmers frequently make unintentional errors that contribute to security problems, directly and indirectly. o Sometimes the error is the threat, such as a data entry error or a programming error that crashes a system. In other cases, errors create vulnerabilities. Errors can occur in all phases of the system life cycle. 15 16
