Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.

Working with Health IT Systems

Protecting Privacy, Security, and Confidentiality in HIT Systems

Lecture b

This material (Comp7_Unit7b) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.

Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives─Lecture a

• Explain and illustrate privacy, security, and confidentiality in HIT settings.

• Identify common threats encountered when using HIT.

• Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems.

2Health IT Workforce Curriculum Version 3.0/Spring 2012

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality

in HIT Systems─Lecture b

Physical Safeguards

Facility Access Controls




Physical Safeguards

Examples

• Workstation Use

• Workstation Security

• Device and Media Controls (e.g., media disposal, access to backup and storage media)




Physical Safeguards

Examples

• Device and Media Controls– media disposal– access to backup and storage media




Technical Safeguards

Examples

• Access Control– Unique user identification– Emergency access– Automatic logoff– Encryption/decryption





Examples

• Audit Controls

• Integrity





Examples• Person or Entity Authentication

– Password/passphrase/PIN– Smart card/token/key– Biometrics– Two factor

authentication





Examples• Transmission Security

– Integrity controls– Encryption




Risk Analysis and Management

• Analysis– Gather data on potential threats and

vulnerabilities– Assess current security measures– Determine likelihood, impact and level of risk– Identify needed security measures

• Management– Develop a plan for implementation– Evaluate and maintain security measures




Meaningful Use

• Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA

• Emphasizes need to conduct a risk analysis

• Some specific requirements for EHR vendors





Summary—Lecture b

• Privacy, security, and confidentiality in HIT settings

• Common threats encountered when using HIT• Strategies to minimize threats to privacy,

security, and confidentiality in HIT systems





References—Lecture b





References—Lecture b




Images• Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: http://www.hhs.gov/ocr/privacy• Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission.• Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce• Slide 7: The Field of Security Has to Adapt. Courtesy National Institutes of Health (NIH)• Slide 8: A Sophisticated Users’ Station. Courtesy National Science Foundation (NSF) Available from:

http://www.nsf.gov/od/lpa/news/press/00/stim5.htm• Slide 9: Transmission Security Controls Prevent Unauthorized Access to ePHI.

Available from: http://blog.tsa.gov/2008/08/encryption-is-issue-in-case-of-missing.html.

Working with Health IT Systems Protecting Privacy, Security, and Confidentiality in HIT Systems Lecture b This material (Comp7_Unit7b) was developed by.

Documents

department of health

workforce curriculum

health information technology

hit settings

systemsprotecting privacy

storage media

potential threats

common threats