Working with Health IT Systems
Protecting Privacy, Security, and Confidentiality in HIT Systems
Lecture b
This material (Comp7_Unit7b) was developed by Johns Hopkins University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC00013.
Protecting Privacy, Security, and Confidentiality in HIT Systems Learning Objectives─Lecture a
• Explain and illustrate privacy, security, and confidentiality in HIT settings.
• Identify common threats encountered when using HIT.
• Formulate strategies to minimize threats to privacy, security, and confidentiality in HIT systems.
2Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Physical Safeguards
Facility Access Controls
3Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Physical Safeguards
Examples
• Workstation Use
• Workstation Security
• Device and Media Controls (e.g., media disposal, access to backup and storage media)
4Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Physical Safeguards
Examples
• Device and Media Controls– media disposal– access to backup and storage media
5Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Technical Safeguards
Examples
• Access Control– Unique user identification– Emergency access– Automatic logoff– Encryption/decryption
6Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Technical Safeguards
Examples
• Audit Controls
• Integrity
7Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Technical Safeguards
Examples• Person or Entity Authentication
– Password/passphrase/PIN– Smart card/token/key– Biometrics– Two factor
authentication
8Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Technical Safeguards
Examples• Transmission Security
– Integrity controls– Encryption
9Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Risk Analysis and Management
• Analysis– Gather data on potential threats and
vulnerabilities– Assess current security measures– Determine likelihood, impact and level of risk– Identify needed security measures
• Management– Develop a plan for implementation– Evaluate and maintain security measures
10Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Meaningful Use
• Criteria for meaningful use of EHRs related to privacy, security, and confidentiality meant to align with HIPAA
• Emphasizes need to conduct a risk analysis
• Some specific requirements for EHR vendors
11Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Protecting Privacy, Security, and Confidentiality in HIT Systems
Summary—Lecture b
• Privacy, security, and confidentiality in HIT settings
• Common threats encountered when using HIT• Strategies to minimize threats to privacy,
security, and confidentiality in HIT systems
12Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Protecting Privacy, Security, and Confidentiality in HIT Systems
References—Lecture b
13Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Protecting Privacy, Security, and Confidentiality in HIT Systems
References—Lecture b
14Health IT Workforce Curriculum Version 3.0/Spring 2012
Working with Health IT Systems Protecting Privacy, Security, and Confidentiality
in HIT Systems─Lecture b
Images• Slide 3: HIPPA Security Bulletins. Courtesy HIPPA. Available from: http://www.hhs.gov/ocr/privacy• Slide 5: Logo of the Federal Trade Commission. Courtesy Federal Trade Commission.• Slide 6: Cloud Computing will Challenge Security Policies. Courtesy U.S. Dept. of Commerce• Slide 7: The Field of Security Has to Adapt. Courtesy National Institutes of Health (NIH)• Slide 8: A Sophisticated Users’ Station. Courtesy National Science Foundation (NSF) Available from:
http://www.nsf.gov/od/lpa/news/press/00/stim5.htm• Slide 9: Transmission Security Controls Prevent Unauthorized Access to ePHI.
Available from: http://blog.tsa.gov/2008/08/encryption-is-issue-in-case-of-missing.html.