Scribd Logo
Upload

Welcome to Scribd!

  • 09 - Networking and Health Information Exchange - Unit 9 - Privacy, Confidentiality, and Security Issues and Standards - Lecture B

    Uploaded by

    Health IT Workforce Curriculum - 2012
    22 views19 pages
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License (http://creativecommons.org/licenses/by-nc-sa/3.0/). The course description, learning objectives, author information, and other details may be found athttp://www.merlot.org/merlot/viewPortfolio.htm?id=842513. The full collection may also be accessed at http://knowledge.amia.org/onc-ntdc.

    Original Title

    09- Networking and Health Information Exchange- Unit 9- Privacy, Confidentiality, and Security Issues and Standards- Lecture B

    Copyright

    © Attribution Non-Commercial ShareAlike (BY-NC-SA)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License (http://creativecommons.org/licenses/by-nc-sa/3.0/). The course description, learning objectives, author information, and other details may be found athttp://www.merlot.org/merlot/viewPortfolio.htm?id=842513. The full collection may also be accessed at http://knowledge.amia.org/onc-ntdc.

    Copyright:

    Attribution Non-Commercial ShareAlike (BY-NC-SA)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views19 pages

    09 - Networking and Health Information Exchange - Unit 9 - Privacy, Confidentiality, and Security Issues and Standards - Lecture B

    Uploaded by

    Health IT Workforce Curriculum - 2012
    The Health IT Workforce Curriculum was developed for U.S. community colleges to enhance workforce training programmes in health information technology. The curriculum consist of 20 courses of 3 credits each. Each course includes instructor manuals, learning objectives, syllabi, video lectures with accompanying transcripts and slides, exercises, and assessments. The materials were authored by Columbia University, Duke University, Johns Hopkins University, Oregon Health & Science University, and University of Alabama at Birmingham. The project was funded by the U.S. Office of the National Coordinator for Health Information Technology. All of the course materials are available under a Creative Commons Attribution Noncommercial ShareAlike (CC BY NC SA) License (http://creativecommons.org/licenses/by-nc-sa/3.0/). The course description, learning objectives, author information, and other details may be found athttp://www.merlot.org/merlot/viewPortfolio.htm?id=842513. The full collection may also be accessed at http://knowledge.amia.org/onc-ntdc.

    Copyright:

    Attribution Non-Commercial ShareAlike (BY-NC-SA)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Networking and Health Information

    Exchange
    Privacy, Confidentiality, and
    Security Issues and Standards
    This material Comp9_Unit9b was developed by Duke University, funded by the Department of Health and Human Services,
    Office of the National Coordinator for Health Information Technology under Award Number IU24OC000024.
    Lecture b
    Privacy, Confidentiality, and Security
    Issues and Standards
    Learning Objectives
    2
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    1. Explain the concepts of privacy and confidentiality
    requirements and policies and learn how to implement
    the requirements. (Lecture a )
    2. Describe how to secure data storage and transmission
    using data encryption, signatures, validation, non-
    repudiation, and integrity. (PKI, certificates, and security
    protocols). (Lecture a)
    3. Define access control methods. (Lecture b)
    4. Analyze access restrictions to data storage and
    retrieval (physical and software). (Lecture b)

    3
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Access Control
    Who or what is allowed access to a particular
    resource and what level of access are they
    allowed.

    Terminology
    Identification
    Authentication
    Authorization
    4
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Access Control Best Practices
    Separation of duties
    Require more than 1 person to perform an
    action
    Least privilege
    Only give user the access needed
    5
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Access Control Models
    Discretionary Access Control (DAC)
    Mandatory Access Control (MAC)
    Role Based Access Control (RBAC)
    6
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Access Control Types
    Logical
    Access to data files, programs and networks
    Access Control Lists (ACLs)
    Account Restrictions
    Passwords

    Physical
    Access to physical locations
    Locks
    Badges
    Mantraps
    7
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Access Control List (ACL)
    An ACL is a list that
    is associated with
    file, directory or
    object that lists who
    has access to it and
    what access
    they have.
    Image courtesy of Michele Parrish
    Account expiration
    Time of day
    Login location
    8
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Account Restrictions
    Image courtesy of Michele Parrish
    9
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Passwords
    Combination of letters, numbers and special
    characters
    Recommend upper and lower case characters
    The more characters the better
    Should be changed frequently
    10
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Passwords Should Never
    Be default passwords
    Should never be written down
    Should never be a word in a dictionary, words
    spelled backwards, common misspellings, and
    abbreviations (English or other languages)
    11
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Passwords Should Never
    (Continued)

    Substitute letters with numbers
    Be used for more than one account
    Contain personal information
    Social engineering
    12
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    One-Time Passwords (OTP)
    Change frequently
    Only used once
    Synchronized with authentication server
    13
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Physical Access Control
    Location
    Doors
    Video surveillance
    Access log
    Mantrap


    14
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Fingerprints
    Faces
    Hands
    Irises/Retinas
    Behavioral
    Keystroke
    Voice
    Cognitive
    Biometrics
    Authentication Practices
    Layering
    Multi-factor
    Single Sign-On
    (SSO)
    15
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Image courtesy of Michele Parrish
    Virtual Private Networks (VPNs)
    Internet technology to transmit data between
    sites
    Data is encrypted
    16
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    17
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Security Policies
    A collection of policies that lay out specific
    rules and requirements that must be followed in
    order to provide a secure environment.
    Privacy, Confidentiality, and
    Security Issues and Standards
    Summary
    Concepts of privacy and confidentiality
    How to secure data
    Access control methods
    Access restrictions to data storage and retrieval
    18
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b
    Privacy, Confidentiality, and
    Security Issues and Standards
    References Lecture b
    References
    References were not used for this lecture


    Images
    Slide 7: ACLs. Courtesy Michele Parrish. Used with permission.
    Slide 8: Time Restrictions. Courtesy Michele Parrish. Used with permission.
    Slide 15: Single Sign-On. Courtesy Michele Parrish. Used with permission.
    19
    Health IT Workforce Curriculum
    Version 3.0/Spring 2012
    Networking and Health Information Exchange
    Privacy, Confidentiality, and Security Issues and Standards
    Lecture b

    You might also like