Healthcare computer application week 6

profileSCOOBYR
9781133787778_PPT_ch07.pptx

Introduction to Healthcare Information Technology

Chapter Seven

Basic Healthcare Information Security

1

Objectives

Define information security

List and describe the different elements of physical security

Explain how computer security can protect data

Describe different types of data backups

2

Introduction to Healthcare Information Technology

2

Healthcare IT: Challenges and Opportunities

The need for security is a significant aspect of life today

Personal physical security

Security of our information

Defending against information attacks

Particularly important in the healthcare industry

HIPAA provides for significant penalties for unauthorized disclosure of protected patient information

3

Introduction to Healthcare Information Technology

3

What Is Information Security?

Describes tasks of securing information that is in a digital format

Information security protection goals

Confidentiality

Only authorized parties can access information

Integrity

Ensures information is correct

Availability

Data is accessible to authorized users

4

Introduction to Healthcare Information Technology

4

What Is Information Security? (cont’d.)

Goals apply to devices that store, manipulate, and transmit the information

Information security is achieved through:

Products

People

Procedures

5

Introduction to Healthcare Information Technology

5

Figure 7-1 Information security components

© Cengage Learning 2013

Table 7-1 Information security layers

© Cengage Learning 2013

Physical Security

Involves securing devices so unauthorized users cannot access them

Physical access security includes:

Securing the environment, office hardware, and equipment

Regulating access

8

Introduction to Healthcare Information Technology

Environment

Securing the surrounding environment

First step in physical security

Achieved with security guards in the past

Security technology tools

Lighting and fencing

Video surveillance

Fire suppression equipment

Backup power generators

HVAC

9

Introduction to Healthcare Information Technology

Environment (cont’d.)

Security perimeter

Can include a barrier, such as fencing

Often consists of a fence together with other deterrents

Security lighting can be installed on:

Poles

Building exteriors

Canopies

Landscaping

10

Introduction to Healthcare Information Technology

Table 7-2 Fencing deterrents

© Cengage Learning 2013

Environment (cont’d.)

Video surveillance

Monitoring activity with a video camera

Closed circuit television (CCTV)

Using video cameras to transmit a signal to a specific set of receivers

Cameras may be fixed or allow movement

Used in banks, casinos, airports, and military installations

12

Introduction to Healthcare Information Technology

Environment (cont’d.)

Fire suppression

Fire represents a constant threat to people and property

Four required entities for fire to occur

Fuel

Oxygen

Heat

Chemical reaction

13

Introduction to Healthcare Information Technology

Figure 7-2 Fire triangle

© Cengage Learning 2013

Table 7-3 Fire types

© Cengage Learning 2013

Environment (cont’d.)

Types of stationary fire suppression systems

Water sprinkler systems

Dry chemical systems

Clean agent systems

Power generator

Backup generator to be used in event of power loss

Can be powered by diesel, natural gas, or propane

16

Introduction to Healthcare Information Technology

Environment (cont’d.)

Heating, ventilation, and air conditioning (HVAC)

Control and maintenance of temperature and humidity levels

Can reduce electrostatic discharge which can damage equipment

Data closets

Rooms that house computer systems and network equipment

Typically have special cooling requirements

17

Introduction to Healthcare Information Technology

Office Hardware

Privacy screen

Freestanding panel to divide a work area

Also refers to a cover over a computer monitor to create a narrow viewing angle

Residential hardware door lock types

Keyed entry locks

Privacy locks

Patio locks

Passage locks

All provide minimal security

18

Introduction to Healthcare Information Technology

Office Hardware (cont’d.)

Deadbolt locks

Often used in commercial buildings

Solid metal bar extends into door frame

More difficult to defeat than keyed entry locks

19

Figure 7-4 Deadbolt lock

© Cengage Learning 2013

Introduction to Healthcare Information Technology

Equipment

Network hardware should be located behind a locked door

Uninterruptible power supply (UPS)

Device that maintains power to the equipment in case of interruption in main power

Offline UPS (standby mode)

Can quickly begin supplying power when needed

Online UPS

Always running off its battery while the main power runs the battery charger

Not affected by dips or sags in voltage

20

Introduction to Healthcare Information Technology

Equipment (cont’d.)

UPS systems can communicate with network operating system on a server to ensure orderly shutdown occurs

Important to secure office imaging equipment

Attackers could access images in digital memory

21

Introduction to Healthcare Information Technology

Regulating Access

Disadvantages of using keys to access a secured area

Keys must be managed

Keys can be lost, stolen, or duplicated

Keys must be securely stored

Cipher lock system

Alternative to a key lock

Push-button code required to open the door

22

Introduction to Healthcare Information Technology

Regulating Access (cont’d.)

Types of physical tokens

ID badge containing bearer’s photograph

ID with barcode that is “swiped”

ID badge read by a proximity reader

RFID tags read by an RFID proximity reader

Electronic keyfob (automobile keyless entry)

Biometrics

Uses person’s unique physical characteristics to authenticate

Example: fingerprint scanner

23

Introduction to Healthcare Information Technology

Figure 7-5 Cipher lock

Figure 7-6 RFID tag

© Cengage Learning 2013

© Cengage Learning 2013

Regulating Access (cont’d.)

Types of fingerprint scanners

Static

User places entire finger on scanner window

Dynamic

User slides finger across reader

Disadvantages to standard biometrics

Cost

Not 100% accurate

25

Introduction to Healthcare Information Technology

Computer Security

Providing security for data stored on a computer

Critical function for a healthcare IT professional

Aspects of computer security

Password security

Computer permissions

Defending against common security risks

26

Introduction to Healthcare Information Technology

Passwords

Secret combination of letters, numbers, and characters that only the user should know

Most common type of authentication today

Offer weak protection

Password weaknesses

Relies on human memory

Long and complex passwords difficult to recall

Users must recall passwords for many different accounts

27

Introduction to Healthcare Information Technology

Passwords (cont’d.)

Password defenses

Creating and managing strong passwords

Creating strong passwords

Most passwords consist of a root word and a suffix or prefix

Guidelines for creating strong passwords

Do not use dictionary or phonetic words

Do not use personal information

Do not repeat characters or use sequences

Use long passwords (12 characters or more)

28

Introduction to Healthcare Information Technology

Passwords (cont’d.)

Another way to make passwords stronger

Use non-keyboard characters

Create by holding down ALT key and simultaneously pressing a number on the numeric keypad

Good password management

Change passwords frequently

Do not reuse old passwords

Never write a password down

29

Introduction to Healthcare Information Technology

Figure 7-8 Windows character map

© Cengage Learning 2013

Passwords (cont’d.)

Good password management (cont’d.)

Have a unique password for each account

Set up a temporary password for the case when another user needs to access your account

Do not allow a computer to automatically sign in or store password so that a login is unnecessary

Do not enter passwords on public computers

Never share a password with another person

31

Introduction to Healthcare Information Technology

Passwords (cont’d.)

Password supplements

Autocomplete passwords used in modern browsers

Stored encrypted in the Microsoft Windows registry

Password management applications

Digital equivalent of a written sticky note

32

Introduction to Healthcare Information Technology

Table 7-4 Password management applications

© Cengage Learning 2013

Permissions

Identification

Example: delivery person ID badge

Authentication

Process of checking the identification

Authorization

Granting permission to take action

34

Introduction to Healthcare Information Technology

Permissions (cont’d.)

One type of computer access control

Objects (such as files) given an owner

Access control list defines who is allowed to access the object

Types of access permissions

Read, write, modify, full control, read and execute

Least privilege

Allocate minimum amount of privileges needed to perform the job

35

Introduction to Healthcare Information Technology

Figure 7-9 Windows permissions

© Cengage Learning 2013

Common Security Risks

Malware

Software that enters a computer system without the user’s knowledge or consent

Performs an unwanted or harmful action

Types of malware

Viruses

Worms

Spyware

37

Introduction to Healthcare Information Technology

Common Security Risks (cont’d.)

Virus

Computer code that reproduces itself on the same computer

Worm

Malicious program designed to take advantage of a vulnerability in an application or operating system

Uses a network to send copies of itself to other network devices

Spyware

Software that gathers information on users without consent

38

Introduction to Healthcare Information Technology

Table 7-5 Technologies used by spyware

© Cengage Learning 2013

Common Security Risks (cont’d.)

Social engineering

Means of gathering information for an attack by relying on weaknesses of individuals

Clever manipulation of human nature to persuade the victim to provide information or take actions

Phishing

Sending a deceptive e-mail that claims to be from a legitimate enterprise

Attempts to trick user into surrendering private information

40

Introduction to Healthcare Information Technology

Common Security Risks (cont’d.)

Key defense against fishing

Provide security awareness and training to users

Spamming

Unsolicited e-mail

Used for advertising or distributing malware

Profit for spammers can be substantial

E-mail spam filters attempt to block spam before it reaches the host

41

Introduction to Healthcare Information Technology

Data Backups

Copying digital information to different medium

Stored separately so it can be used in event of a disaster

Disaster recovery plan answers five basic questions:

What information should be backed up?

How often should it be backed up?

What media should be used?

Where should the backup be stored?

What hardware or software should be used?

42

Introduction to Healthcare Information Technology

Data Backups (cont’d.)

Archive bit

Used to flag which files need to be backed up

Types of backups

Full or daily backup

Differential backup

Incremental backup

Backups should be stored at a separate location

Reduces risk of backup being destroyed in a disaster

43

Introduction to Healthcare Information Technology

Figure 7-11 Archive bit

© Cengage Learning 2013

Table 7-6 Types of data backups

© Cengage Learning 2013

Summary

Information security creates a defense to ward off attacks designed to steal information

Three types of protections

Confidentiality

Integrity

Availability

Securing the devices themselves is an important aspect of information security

Backup generators can be used to provide power in the event of power loss

46

Introduction to Healthcare Information Technology

46

Summary (cont’d.)

Sensitive information should be placed in a room secured by a deadbolt lock

Various types of ID badges can be used to control access to a secured area

Biometrics uses human physical characteristics to provide authentication

Passwords provide a weak degree of protection

Malware is unwanted software that is often harmful

Types of data backups include full, differential, and incremental

47

Introduction to Healthcare Information Technology

47