SlideShare a Scribd company logo

Health Informatics- Module 5-Chapter 1.pptx

Download as PPTX, PDF
Arti Parab Academics
Arti Parab Academics

Information Privacy and Security: The Value and Importance of Health Information Privacy, security of health data, potential technical approaches to health data privacy and security.

Education
1 of 24
Health Informatics BCA-2020: Semester-V
Module 5: Chapter 1 INFORMATION PRIVACY AND SECURITY HEALTH INFORMATICS ETHICS BIOINFORMATICS
Module Content  Information Privacy and Security:TheValue and Importance of Health Information Privacy, security of health data, potential technical approaches to health data privacy and security.  Health Informatics Ethics: Artificial Intelligence, Machine Learning, and Ethics with respect to Healthcare informatics. Standards and Public Policy.  Bioinformatics: Bioinformatics, Healthcare Informatics and Analytics for Improved Healthcare System, Intelligent Monitoring and Control for Improved Healthcare System.
LearningObjectives  TheValue and Importance of Health Information Privacy  Security of health data  Potential technical approaches to health data privacy and security
TheValue and Importance of Health Information Privacy  With a verifiable need to protect health information well established, there is a need to cover the information security aspects.  How is health data protected against exposure?  How does an increasingly targeted industry turn the tide against the news stories, hackers, criminals, and identity thieves?  More importantly, what mechanisms are medical professionals likely to witness firsthand in the battle to keep the attacks at bay?
TheValue and Importance of Health Information Privacy  There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information.  Some theorists depict privacy as a basic human good or right with intrinsic value.They see privacy as being objectively valuable in itself, as an essential component of human well-being.  They believe that respecting privacy (and autonomy) is a form of recognition of the attributes that give humans their moral uniqueness.  The more common view is that privacy is valuable because it facilitates or promotes other fundamental values, including ideals of personhood such as:  Personal autonomy (the ability to make personal decisions)  Individuality  Respect  Dignity and worth as human beings
BasicSecurity Principles  The shift towards electronic health records, personal health records, health information exchanges, and web- based health applications creates a security challenge of incredible proportions.  How does one secure the most private of personal information, health data?  According to the International Information Systems Security Certification Consortium (ISC), among others, there are three pillars of information security (confidentiality, availability, and integrity) that are fundamental to protecting information technology solutions such as health information technology (HIT).  Security measures are instituted collectively to meet one or more of these primary goals, with the end result being one where confidentiality, availability and integrity are all covered.
BasicSecurity Principles  The CIA SecurityTriad.  This concept combines three components—confidentiality, integrity, and availability—to help guide security measures, controls, and overall strategy. The CIA security triad is comprised of three functions: Confidentiality. A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data. Integrity. A system’s ability to ensure that the system and information is accurate and correct. Availability. A system’s ability to ensure that systems, information, and services are available the vast majority of time.
Confidentiality  In a non-security sense, confidentiality is your ability to keep something secret. In the real world, we might hang up blinds or put curtains on our windows.We might ask a friend to keep a secret.  Confidentiality also comes into play with technology. It can play out differently on a personal-use level, where we useVPNs or encryption for our own privacy-seeking sake.We might turn off in-home devices that are always listening.  But in enterprise security, confidentiality is breached when an unauthorized person can view, take, and/or change your files.  Confidentiality is significant because your company wants to protect its competitive edge—the intangible assets that make your company stand out from your competition.  Confidentiality is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
Integrity  In computer systems, integrity means that the results of that system are precise and factual.  In the data world, it’s known as data trustworthiness—can you trust the results of your data, of your computer systems?  When securing any information system, integrity is one function that you’re trying to protect.  You don’t want bad actors or human error to, on purpose or accidentally, ruin the integrity of your computer systems and their results.  Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
Availability  Availability is a term widely used in IT—the availability of resources to support your services. In security, availability means that the right people have access to your information systems.  If a user with privilege access has no access to her dedicated computer, then there is no availability.  Availability is a large issue in security because it can be attacked.  An attack on your availability could limit user access to some or all of your services, leaving your scrambling to clean up the mess and limit the downtime.  Availability means information should be consistently and readily accessible for authorized parties.This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
Security of health data  Protecting data in the healthcare industry is no easy feat. Healthcare providers and their business associates must balance protecting patient privacy while delivering quality patient care and meeting the strict regulatory requirements. Because protected health information (PHI) is among an individual’s most sensitive (and for criminals, valuable) private data, the guidelines for healthcare providers and other organizations that handle, use, or transmit patient information include strict data protection requirements that come with hefty penalties and fines if they’re not met.  The data protection best practices for healthcare organizations including: 1. Educating Healthcare Staff 2. Restricting Access to Data and Applications 3. Implementing Data Usage Controls 4. Logging and Monitoring Use 5. Encrypting Data 6. Securing Mobile Devices 7. Mitigating Connected Device Risks 8. Conducting Regular RiskAssessments 9. Utilizing Off-Site Data Backup 10. Carefully Evaluating theCompliance of Business Associates
Security of health data: HOWTO PROTECT HEALTHCARE DATA  1. EDUCATE HEALTHCARE STAFF  The human element remains one of the biggest threats to security across all industries, but particularly in the healthcare field. Simple human error or negligence can result in disastrous and expensive consequences for healthcare organizations. Security awareness training equips healthcare employees with the requisite knowledge necessary for making smart decisions and using appropriate caution when handling patient data.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  2. RESTRICTACCESSTO DATA AND APPLICATIONS  Implementing access controls bolsters healthcare data protection by restricting access to patient information and certain applications to only those users who require access to perform their jobs. Access restrictions require user authentication, ensuring that only authorized users have access to protected data. Multi- factor authentication is a recommended approach, requiring users to validate that they are in fact the person authorized to access certain data and applications using two or more validation methods including:  Information known only to the user, such as a password or PIN number  Something that only the authorized user would possess, such as a card or key  Something unique to the authorized user, such as biometrics (facial recognition, fingerprints, eye scanning)
Security of health data: HOWTO PROTECT HEALTHCARE DATA  3. IMPLEMENT DATA USAGE CONTROLS  Protective data controls go beyond the benefits of access controls and monitoring to ensure that risky or malicious data activity can be flagged and/or blocked in real time. Healthcare organizations can use data controls to block specific actions involving sensitive data, such as web uploads, unauthorized email sends, copying to external drives, or printing. Data discovery and classification play an important supporting role in this process by ensuring that sensitive data can be identified and tagged to receive the proper level of protection.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  4. LOG AND MONITOR USE  Logging all access and usage data is also crucial, enabling providers and business associates to monitor which users are accessing what information, applications, and other resources, when, and from what devices and locations.These logs prove valuable for auditing purposes, helping organizations identify areas of concern and strengthen protective measures when necessary.When an incident occurs, an audit trail may enable organizations to pinpoint precise entry points, determine the cause, and evaluate damages.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  5. ENCRYPT DATA AT RESTAND INTRANSIT  Encryption is one of the most useful data protection methods for healthcare organizations. By encrypting data in transit and at rest, healthcare providers and business associates make it more difficult (ideally impossible) for attackers to decipher patient information even if they gain access to the data. HIPAA offers recommendations but doesn’t specifically require healthcare organizations to implement data encryption measures; instead, the rule leaves it up to healthcare providers and business associates to determine what encryption methods and other measures are necessary or appropriate given the organization’s workflow and other needs.  Health IT Security outlines the two key questions that healthcare organizations should ask in determining an appropriate level of encryption and when encryption is needed.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  6. SECURE MOBILE DEVICES  Increasingly, healthcare providers and covered entities utilize mobile devices in the course of doing business, whether it’s a physician using a smartphone to access information to help them treat a patient or an administrative worker processing insurance claims. Mobile device security alone entails a multitude of security measures, including:  Managing all devices, settings, and configurations  Enforcing the use of strong passwords  Enabling the ability to remotely wipe and lock lost or stolen devices  Encrypting application data  Monitoring email accounts and attachments to prevent malware infections or unauthorized data exfiltration  Educating users on mobile device security best practices  Implementing guidelines or whitelisting policies to ensure that only applications meeting pre-defined criteria or having been pre-vetted can be installed  Requiring users to keep their devices updated with the latest operating system and application updates  Requiring the installation of mobile security software, such as mobile device management solutions
Security of health data: HOWTO PROTECT HEALTHCARE DATA  7. MITIGATE CONNECTED DEVICE RISKS  When you think of mobile devices, you probably think of smartphones and tablets. But the rise of the Internet ofThings (IoT) means that connected devices are taking all kinds of forms. In the healthcare field, everything from medical devices like blood pressure monitors to the cameras used to monitor physical security on the premises may be connected to a network.To maintain adequate connected device security:  Maintain IoT devices on their own separate network  Continuously monitor IoT device networks to identify sudden changes in activity levels that may indicate a breach  Disable non-essential services on devices before using them, or remove non-essential services entirely before use  Use strong, multi-factor authentication whenever possible  Keep all connected devices up-to-date to ensure that all available patches are implemented
Security of health data: HOWTO PROTECT HEALTHCARE DATA  8. CONDUCT REGULAR RISKASSESSMENTS  While having an audit trail helps to identify the cause and other valuable details of an incident after it occurs, proactive prevention is equally important. Conducting regular risk assessments can identify vulnerabilities or weak points in a healthcare organization’s security, shortcomings in employee education, inadequacies in the security posture of vendors and business associates, and other areas of concern. By evaluating risk across a healthcare organization periodically to proactively identify and mitigate potential risks, healthcare providers and their business associates can better avoid costly data breaches and the many other detrimental impacts of a data breach, from reputation damage to penalties from regulatory agencies.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  9. BACK UP DATATO A SECURE, OFFSITE LOCATION  Cyberattacks can expose sensitive patient information but they can also compromise data integrity or availability – look no further than ransomware for an example of the impact these incidents can have. Even a natural disaster impacting a healthcare organization’s data center can have disastrous consequences if data isn’t properly backed up.That’s why frequent offsite data backups are recommended, with strict controls for data encryption, access, and other best practices to ensure that data backups are secured. Offsite data backups are an essential component of disaster recovery, too.
Security of health data: HOWTO PROTECT HEALTHCARE DATA  10. CAREFULLY EVALUATETHE SECURITYAND COMPLIANCE POSTURE OF BUSINESSASSOCIATES  Because healthcare information is increasingly transmitted between providers and among covered entities for the purposes of facilitating payments and delivering care, a careful evaluation of all potential business associates is one of the most crucial security measures healthcare organizations can take.These clarifications and changes including:  Third-party applications and services such as Google Apps are considered business associates when those services or apps are used to maintain PHI. In such cases, the third-party service would be considered a business associate, and therefore, a contract would be required.  Any subcontractors who create or maintain PHI are subject to compliance regulations.This change alone has a substantial trickle- down effect and is a serious consideration for all healthcare organizations.
Potential technical approaches to health data privacy and security  Technological security tools are essential components of modern distributed health care information systems. At the highest level, they serve five key functions:  1. Availability—ensuring that accurate and up-to-date information is available when needed at appropriate places;  2. Accountability—helping to ensure that health care providers are responsible for their access to and use of information, based on a legitimate need and right to know;  3. Perimeter identification—knowing and controlling the boundaries of trusted access to the information system, both physically and logically;  4. Controlling access—enabling access for health care providers only to information essential to the performance of their jobs and limiting the real or perceived temptation to access information beyond a legitimate need; and  5. Comprehensibility and control—ensuring that record owners, data stewards, and patients understand and have effective control over appropriate aspects of information privacy and access.
ThankYou!

Recommended

Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docxRunning head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
susanschei
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
Jacob Li
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
LarisaAlbanians
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Maintaining Patient Data Security at Hospitals.pptx
Maintaining Patient Data Security at Hospitals.pptxMaintaining Patient Data Security at Hospitals.pptx
Maintaining Patient Data Security at Hospitals.pptx
MocDoc
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptx
comstarndt
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 

Recommended

Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docxRunning head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
Running head EFFECTIVENESS OF HEALTH CARE IT SYSTEMS 1EFFE.docx
susanschei
 
Best_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdfBest_practices-_Access_controls_for_medical_devices (1).pdf
Best_practices-_Access_controls_for_medical_devices (1).pdf
Jacob Li
 
Cybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdfCybersecurity Measures and Privacy Protection.pdf
Cybersecurity Measures and Privacy Protection.pdf
LarisaAlbanians
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Maintaining Patient Data Security at Hospitals.pptx
Maintaining Patient Data Security at Hospitals.pptxMaintaining Patient Data Security at Hospitals.pptx
Maintaining Patient Data Security at Hospitals.pptx
MocDoc
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
ISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptxISMS End-User Training Presentation.pptx
ISMS End-User Training Presentation.pptx
comstarndt
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
Bharath Rao
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
Kimarie Brown
 
Information security
Information securityInformation security
Information security
Sanjay Tiwari
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
RSIS International
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordsanaleeerie
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
AHMED ZINHOM
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla borokayla_ann_30
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
MassEHealth
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docx
Wawire Wycliffe
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
Kristie Allison
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
ESET North America
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
JustinFinch11
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Fundamentals of Information Security..pdf
Fundamentals of Information Security..pdfFundamentals of Information Security..pdf
Fundamentals of Information Security..pdf
Zahid Hussain
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
ssuserf9c51d
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptxCOMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
Arti Parab Academics
 

More Related Content

Similar to Health Informatics- Module 5-Chapter 1.pptx

Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
Kimarie Brown
 
Information security
Information securityInformation security
Information security
Sanjay Tiwari
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
CitiusTech
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
RSIS International
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordssamuelerie
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health recordsanaleeerie
 
Data security
Data securityData security
Data security
AbdulBasit938
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
AHMED ZINHOM
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla borokayla_ann_30
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
MassEHealth
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docx
Wawire Wycliffe
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
Kristie Allison
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
ESET North America
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
JustinFinch11
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Fundamentals of Information Security..pdf
Fundamentals of Information Security..pdfFundamentals of Information Security..pdf
Fundamentals of Information Security..pdf
Zahid Hussain
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
ssuserf9c51d
 

Similar to Health Informatics- Module 5-Chapter 1.pptx (20)

Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
Legal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing InformaticsLegal and Ethical Considerations in Nursing Informatics
Legal and Ethical Considerations in Nursing Informatics
 
Information security
Information securityInformation security
Information security
 
Securing Mobile Healthcare Application
Securing Mobile Healthcare ApplicationSecuring Mobile Healthcare Application
Securing Mobile Healthcare Application
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health records
 
Security in electronic health records
Security in electronic health recordsSecurity in electronic health records
Security in electronic health records
 
Data security
Data securityData security
Data security
 
Legal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informaticsLegal and ethical considerations in nursing informatics
Legal and ethical considerations in nursing informatics
 
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boroEhr by jessica austin, shaun baker, victoria blankenship and kayla boro
Ehr by jessica austin, shaun baker, victoria blankenship and kayla boro
 
MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15MeHI Privacy & Security Webinar 3.18.15
MeHI Privacy & Security Webinar 3.18.15
 
Protection of Patient Information.docx
Protection of Patient Information.docxProtection of Patient Information.docx
Protection of Patient Information.docx
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
mHealth Security: Stats and Solutions
mHealth Security: Stats and SolutionsmHealth Security: Stats and Solutions
mHealth Security: Stats and Solutions
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
Data Security and Confidentiality in eCTD Publishing Tools Safeguarding Sensi...
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Fundamentals of Information Security..pdf
Fundamentals of Information Security..pdfFundamentals of Information Security..pdf
Fundamentals of Information Security..pdf
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 

More from Arti Parab Academics

COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptxCOMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 5.pptx
COMPUTER APPLICATIONS Module 5.pptxCOMPUTER APPLICATIONS Module 5.pptx
COMPUTER APPLICATIONS Module 5.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 1 CAH.pptx
COMPUTER APPLICATIONS Module 1 CAH.pptxCOMPUTER APPLICATIONS Module 1 CAH.pptx
COMPUTER APPLICATIONS Module 1 CAH.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 3.pptx
COMPUTER APPLICATIONS Module 3.pptxCOMPUTER APPLICATIONS Module 3.pptx
COMPUTER APPLICATIONS Module 3.pptx
Arti Parab Academics
 
COMPUTER APPLICATIONS Module 2.pptx
COMPUTER APPLICATIONS Module 2.pptxCOMPUTER APPLICATIONS Module 2.pptx
COMPUTER APPLICATIONS Module 2.pptx
Arti Parab Academics
 
Health Informatics- Module 5-Chapter 2.pptx
Health Informatics- Module 5-Chapter 2.pptxHealth Informatics- Module 5-Chapter 2.pptx
Health Informatics- Module 5-Chapter 2.pptx
Arti Parab Academics
 
Health Informatics- Module 5-Chapter 3.pptx
Health Informatics- Module 5-Chapter 3.pptxHealth Informatics- Module 5-Chapter 3.pptx
Health Informatics- Module 5-Chapter 3.pptx
Arti Parab Academics
 
Health Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxHealth Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptx
Arti Parab Academics
 
Health Informatics- Module 3-Chapter 2.pptx
Health Informatics- Module 3-Chapter 2.pptxHealth Informatics- Module 3-Chapter 2.pptx
Health Informatics- Module 3-Chapter 2.pptx
Arti Parab Academics
 
Health Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxHealth Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptx
Arti Parab Academics
 
Health Informatics- Module 4-Chapter 2.pptx
Health Informatics- Module 4-Chapter 2.pptxHealth Informatics- Module 4-Chapter 2.pptx
Health Informatics- Module 4-Chapter 2.pptx
Arti Parab Academics
 
Health Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptxHealth Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptx
Arti Parab Academics
 
Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptx
Arti Parab Academics
 
Health Informatics- Module 2-Chapter 2.pptx
Health Informatics- Module 2-Chapter 2.pptxHealth Informatics- Module 2-Chapter 2.pptx
Health Informatics- Module 2-Chapter 2.pptx
Arti Parab Academics
 
Health Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptxHealth Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptx
Arti Parab Academics
 
Health Informatics- Module 2-Chapter 3.pptx
Health Informatics- Module 2-Chapter 3.pptxHealth Informatics- Module 2-Chapter 3.pptx
Health Informatics- Module 2-Chapter 3.pptx
Arti Parab Academics
 
Health Informatics- Module 2-Chapter 1.pptx
Health Informatics- Module 2-Chapter 1.pptxHealth Informatics- Module 2-Chapter 1.pptx
Health Informatics- Module 2-Chapter 1.pptx
Arti Parab Academics
 
Health Informatics- Module 1-Chapter 2.pptx
Health Informatics- Module 1-Chapter 2.pptxHealth Informatics- Module 1-Chapter 2.pptx
Health Informatics- Module 1-Chapter 2.pptx
Arti Parab Academics
 
Health Informatics- Module 1-Chapter 3.pptx
Health Informatics- Module 1-Chapter 3.pptxHealth Informatics- Module 1-Chapter 3.pptx
Health Informatics- Module 1-Chapter 3.pptx
Arti Parab Academics
 

More from Arti Parab Academics (20)

COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptxCOMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
COMPUTER APPLICATIONS Module 1 HPSY - Copy.pptx
 
COMPUTER APPLICATIONS Module 5.pptx
COMPUTER APPLICATIONS Module 5.pptxCOMPUTER APPLICATIONS Module 5.pptx
COMPUTER APPLICATIONS Module 5.pptx
 
COMPUTER APPLICATIONS Module 1 CAH.pptx
COMPUTER APPLICATIONS Module 1 CAH.pptxCOMPUTER APPLICATIONS Module 1 CAH.pptx
COMPUTER APPLICATIONS Module 1 CAH.pptx
 
COMPUTER APPLICATIONS Module 3.pptx
COMPUTER APPLICATIONS Module 3.pptxCOMPUTER APPLICATIONS Module 3.pptx
COMPUTER APPLICATIONS Module 3.pptx
 
COMPUTER APPLICATIONS Module 2.pptx
COMPUTER APPLICATIONS Module 2.pptxCOMPUTER APPLICATIONS Module 2.pptx
COMPUTER APPLICATIONS Module 2.pptx
 
Health Informatics- Module 5-Chapter 2.pptx
Health Informatics- Module 5-Chapter 2.pptxHealth Informatics- Module 5-Chapter 2.pptx
Health Informatics- Module 5-Chapter 2.pptx
 
Health Informatics- Module 5-Chapter 3.pptx
Health Informatics- Module 5-Chapter 3.pptxHealth Informatics- Module 5-Chapter 3.pptx
Health Informatics- Module 5-Chapter 3.pptx
 
Health Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptxHealth Informatics- Module 4-Chapter 3.pptx
Health Informatics- Module 4-Chapter 3.pptx
 
Health Informatics- Module 3-Chapter 2.pptx
Health Informatics- Module 3-Chapter 2.pptxHealth Informatics- Module 3-Chapter 2.pptx
Health Informatics- Module 3-Chapter 2.pptx
 
Health Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptxHealth Informatics- Module 4-Chapter 1.pptx
Health Informatics- Module 4-Chapter 1.pptx
 
Health Informatics- Module 4-Chapter 2.pptx
Health Informatics- Module 4-Chapter 2.pptxHealth Informatics- Module 4-Chapter 2.pptx
Health Informatics- Module 4-Chapter 2.pptx
 
Health Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptxHealth Informatics- Module 3-Chapter 3.pptx
Health Informatics- Module 3-Chapter 3.pptx
 
Health Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptxHealth Informatics- Module 3-Chapter 1.pptx
Health Informatics- Module 3-Chapter 1.pptx
 
Health Informatics- Module 2-Chapter 2.pptx
Health Informatics- Module 2-Chapter 2.pptxHealth Informatics- Module 2-Chapter 2.pptx
Health Informatics- Module 2-Chapter 2.pptx
 
Health Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptxHealth Informatics- Module 1-Chapter 1.pptx
Health Informatics- Module 1-Chapter 1.pptx
 
Health Informatics- Module 2-Chapter 3.pptx
Health Informatics- Module 2-Chapter 3.pptxHealth Informatics- Module 2-Chapter 3.pptx
Health Informatics- Module 2-Chapter 3.pptx
 
Health Informatics- Module 2-Chapter 1.pptx
Health Informatics- Module 2-Chapter 1.pptxHealth Informatics- Module 2-Chapter 1.pptx
Health Informatics- Module 2-Chapter 1.pptx
 
Health Informatics- Module 1-Chapter 2.pptx
Health Informatics- Module 1-Chapter 2.pptxHealth Informatics- Module 1-Chapter 2.pptx
Health Informatics- Module 1-Chapter 2.pptx
 
Health Informatics- Module 1-Chapter 3.pptx
Health Informatics- Module 1-Chapter 3.pptxHealth Informatics- Module 1-Chapter 3.pptx
Health Informatics- Module 1-Chapter 3.pptx
 

Recently uploaded

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
GeoBlogs
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
RaedMohamed3
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
bennyroshan06
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
Fundacja Rozwoju Społeczeństwa Przedsiębiorczego
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
Jisc
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 

Recently uploaded (20)

Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Fish and Chips - have they had their chips
Fish and Chips - have they had their chipsFish and Chips - have they had their chips
Fish and Chips - have they had their chips
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdfESC Beyond Borders _From EU to You_ InfoPack general.pdf
ESC Beyond Borders _From EU to You_ InfoPack general.pdf
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 

Health Informatics- Module 5-Chapter 1.pptx

  • 2. Module 5: Chapter 1 INFORMATION PRIVACY AND SECURITY HEALTH INFORMATICS ETHICS BIOINFORMATICS
  • 3. Module Content  Information Privacy and Security:TheValue and Importance of Health Information Privacy, security of health data, potential technical approaches to health data privacy and security.  Health Informatics Ethics: Artificial Intelligence, Machine Learning, and Ethics with respect to Healthcare informatics. Standards and Public Policy.  Bioinformatics: Bioinformatics, Healthcare Informatics and Analytics for Improved Healthcare System, Intelligent Monitoring and Control for Improved Healthcare System.
  • 4. LearningObjectives  TheValue and Importance of Health Information Privacy  Security of health data  Potential technical approaches to health data privacy and security
  • 5. TheValue and Importance of Health Information Privacy  With a verifiable need to protect health information well established, there is a need to cover the information security aspects.  How is health data protected against exposure?  How does an increasingly targeted industry turn the tide against the news stories, hackers, criminals, and identity thieves?  More importantly, what mechanisms are medical professionals likely to witness firsthand in the battle to keep the attacks at bay?
  • 6. TheValue and Importance of Health Information Privacy  There are a variety of reasons for placing a high value on protecting the privacy, confidentiality, and security of health information.  Some theorists depict privacy as a basic human good or right with intrinsic value.They see privacy as being objectively valuable in itself, as an essential component of human well-being.  They believe that respecting privacy (and autonomy) is a form of recognition of the attributes that give humans their moral uniqueness.  The more common view is that privacy is valuable because it facilitates or promotes other fundamental values, including ideals of personhood such as:  Personal autonomy (the ability to make personal decisions)  Individuality  Respect  Dignity and worth as human beings
  • 7. BasicSecurity Principles  The shift towards electronic health records, personal health records, health information exchanges, and web- based health applications creates a security challenge of incredible proportions.  How does one secure the most private of personal information, health data?  According to the International Information Systems Security Certification Consortium (ISC), among others, there are three pillars of information security (confidentiality, availability, and integrity) that are fundamental to protecting information technology solutions such as health information technology (HIT).  Security measures are instituted collectively to meet one or more of these primary goals, with the end result being one where confidentiality, availability and integrity are all covered.
  • 8. BasicSecurity Principles  The CIA SecurityTriad.  This concept combines three components—confidentiality, integrity, and availability—to help guide security measures, controls, and overall strategy. The CIA security triad is comprised of three functions: Confidentiality. A system’s ability to ensure that only the correct, authorized user/system/resource can view, access, change, or otherwise use data. Integrity. A system’s ability to ensure that the system and information is accurate and correct. Availability. A system’s ability to ensure that systems, information, and services are available the vast majority of time.
  • 9. Confidentiality  In a non-security sense, confidentiality is your ability to keep something secret. In the real world, we might hang up blinds or put curtains on our windows.We might ask a friend to keep a secret.  Confidentiality also comes into play with technology. It can play out differently on a personal-use level, where we useVPNs or encryption for our own privacy-seeking sake.We might turn off in-home devices that are always listening.  But in enterprise security, confidentiality is breached when an unauthorized person can view, take, and/or change your files.  Confidentiality is significant because your company wants to protect its competitive edge—the intangible assets that make your company stand out from your competition.  Confidentiality is roughly equivalent to privacy. Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. It is common for data to be categorized according to the amount and type of damage that could be done if it fell into the wrong hands. More or less stringent measures can then be implemented according to those categories.
  • 10. Integrity  In computer systems, integrity means that the results of that system are precise and factual.  In the data world, it’s known as data trustworthiness—can you trust the results of your data, of your computer systems?  When securing any information system, integrity is one function that you’re trying to protect.  You don’t want bad actors or human error to, on purpose or accidentally, ruin the integrity of your computer systems and their results.  Integrity involves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people (for example, in a breach of confidentiality).
  • 11. Availability  Availability is a term widely used in IT—the availability of resources to support your services. In security, availability means that the right people have access to your information systems.  If a user with privilege access has no access to her dedicated computer, then there is no availability.  Availability is a large issue in security because it can be attacked.  An attack on your availability could limit user access to some or all of your services, leaving your scrambling to clean up the mess and limit the downtime.  Availability means information should be consistently and readily accessible for authorized parties.This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
  • 12. Security of health data  Protecting data in the healthcare industry is no easy feat. Healthcare providers and their business associates must balance protecting patient privacy while delivering quality patient care and meeting the strict regulatory requirements. Because protected health information (PHI) is among an individual’s most sensitive (and for criminals, valuable) private data, the guidelines for healthcare providers and other organizations that handle, use, or transmit patient information include strict data protection requirements that come with hefty penalties and fines if they’re not met.  The data protection best practices for healthcare organizations including: 1. Educating Healthcare Staff 2. Restricting Access to Data and Applications 3. Implementing Data Usage Controls 4. Logging and Monitoring Use 5. Encrypting Data 6. Securing Mobile Devices 7. Mitigating Connected Device Risks 8. Conducting Regular RiskAssessments 9. Utilizing Off-Site Data Backup 10. Carefully Evaluating theCompliance of Business Associates
  • 13. Security of health data: HOWTO PROTECT HEALTHCARE DATA  1. EDUCATE HEALTHCARE STAFF  The human element remains one of the biggest threats to security across all industries, but particularly in the healthcare field. Simple human error or negligence can result in disastrous and expensive consequences for healthcare organizations. Security awareness training equips healthcare employees with the requisite knowledge necessary for making smart decisions and using appropriate caution when handling patient data.
  • 14. Security of health data: HOWTO PROTECT HEALTHCARE DATA  2. RESTRICTACCESSTO DATA AND APPLICATIONS  Implementing access controls bolsters healthcare data protection by restricting access to patient information and certain applications to only those users who require access to perform their jobs. Access restrictions require user authentication, ensuring that only authorized users have access to protected data. Multi- factor authentication is a recommended approach, requiring users to validate that they are in fact the person authorized to access certain data and applications using two or more validation methods including:  Information known only to the user, such as a password or PIN number  Something that only the authorized user would possess, such as a card or key  Something unique to the authorized user, such as biometrics (facial recognition, fingerprints, eye scanning)
  • 15. Security of health data: HOWTO PROTECT HEALTHCARE DATA  3. IMPLEMENT DATA USAGE CONTROLS  Protective data controls go beyond the benefits of access controls and monitoring to ensure that risky or malicious data activity can be flagged and/or blocked in real time. Healthcare organizations can use data controls to block specific actions involving sensitive data, such as web uploads, unauthorized email sends, copying to external drives, or printing. Data discovery and classification play an important supporting role in this process by ensuring that sensitive data can be identified and tagged to receive the proper level of protection.
  • 16. Security of health data: HOWTO PROTECT HEALTHCARE DATA  4. LOG AND MONITOR USE  Logging all access and usage data is also crucial, enabling providers and business associates to monitor which users are accessing what information, applications, and other resources, when, and from what devices and locations.These logs prove valuable for auditing purposes, helping organizations identify areas of concern and strengthen protective measures when necessary.When an incident occurs, an audit trail may enable organizations to pinpoint precise entry points, determine the cause, and evaluate damages.
  • 17. Security of health data: HOWTO PROTECT HEALTHCARE DATA  5. ENCRYPT DATA AT RESTAND INTRANSIT  Encryption is one of the most useful data protection methods for healthcare organizations. By encrypting data in transit and at rest, healthcare providers and business associates make it more difficult (ideally impossible) for attackers to decipher patient information even if they gain access to the data. HIPAA offers recommendations but doesn’t specifically require healthcare organizations to implement data encryption measures; instead, the rule leaves it up to healthcare providers and business associates to determine what encryption methods and other measures are necessary or appropriate given the organization’s workflow and other needs.  Health IT Security outlines the two key questions that healthcare organizations should ask in determining an appropriate level of encryption and when encryption is needed.
  • 18. Security of health data: HOWTO PROTECT HEALTHCARE DATA  6. SECURE MOBILE DEVICES  Increasingly, healthcare providers and covered entities utilize mobile devices in the course of doing business, whether it’s a physician using a smartphone to access information to help them treat a patient or an administrative worker processing insurance claims. Mobile device security alone entails a multitude of security measures, including:  Managing all devices, settings, and configurations  Enforcing the use of strong passwords  Enabling the ability to remotely wipe and lock lost or stolen devices  Encrypting application data  Monitoring email accounts and attachments to prevent malware infections or unauthorized data exfiltration  Educating users on mobile device security best practices  Implementing guidelines or whitelisting policies to ensure that only applications meeting pre-defined criteria or having been pre-vetted can be installed  Requiring users to keep their devices updated with the latest operating system and application updates  Requiring the installation of mobile security software, such as mobile device management solutions
  • 19. Security of health data: HOWTO PROTECT HEALTHCARE DATA  7. MITIGATE CONNECTED DEVICE RISKS  When you think of mobile devices, you probably think of smartphones and tablets. But the rise of the Internet ofThings (IoT) means that connected devices are taking all kinds of forms. In the healthcare field, everything from medical devices like blood pressure monitors to the cameras used to monitor physical security on the premises may be connected to a network.To maintain adequate connected device security:  Maintain IoT devices on their own separate network  Continuously monitor IoT device networks to identify sudden changes in activity levels that may indicate a breach  Disable non-essential services on devices before using them, or remove non-essential services entirely before use  Use strong, multi-factor authentication whenever possible  Keep all connected devices up-to-date to ensure that all available patches are implemented
  • 20. Security of health data: HOWTO PROTECT HEALTHCARE DATA  8. CONDUCT REGULAR RISKASSESSMENTS  While having an audit trail helps to identify the cause and other valuable details of an incident after it occurs, proactive prevention is equally important. Conducting regular risk assessments can identify vulnerabilities or weak points in a healthcare organization’s security, shortcomings in employee education, inadequacies in the security posture of vendors and business associates, and other areas of concern. By evaluating risk across a healthcare organization periodically to proactively identify and mitigate potential risks, healthcare providers and their business associates can better avoid costly data breaches and the many other detrimental impacts of a data breach, from reputation damage to penalties from regulatory agencies.
  • 21. Security of health data: HOWTO PROTECT HEALTHCARE DATA  9. BACK UP DATATO A SECURE, OFFSITE LOCATION  Cyberattacks can expose sensitive patient information but they can also compromise data integrity or availability – look no further than ransomware for an example of the impact these incidents can have. Even a natural disaster impacting a healthcare organization’s data center can have disastrous consequences if data isn’t properly backed up.That’s why frequent offsite data backups are recommended, with strict controls for data encryption, access, and other best practices to ensure that data backups are secured. Offsite data backups are an essential component of disaster recovery, too.
  • 22. Security of health data: HOWTO PROTECT HEALTHCARE DATA  10. CAREFULLY EVALUATETHE SECURITYAND COMPLIANCE POSTURE OF BUSINESSASSOCIATES  Because healthcare information is increasingly transmitted between providers and among covered entities for the purposes of facilitating payments and delivering care, a careful evaluation of all potential business associates is one of the most crucial security measures healthcare organizations can take.These clarifications and changes including:  Third-party applications and services such as Google Apps are considered business associates when those services or apps are used to maintain PHI. In such cases, the third-party service would be considered a business associate, and therefore, a contract would be required.  Any subcontractors who create or maintain PHI are subject to compliance regulations.This change alone has a substantial trickle- down effect and is a serious consideration for all healthcare organizations.
  • 23. Potential technical approaches to health data privacy and security  Technological security tools are essential components of modern distributed health care information systems. At the highest level, they serve five key functions:  1. Availability—ensuring that accurate and up-to-date information is available when needed at appropriate places;  2. Accountability—helping to ensure that health care providers are responsible for their access to and use of information, based on a legitimate need and right to know;  3. Perimeter identification—knowing and controlling the boundaries of trusted access to the information system, both physically and logically;  4. Controlling access—enabling access for health care providers only to information essential to the performance of their jobs and limiting the real or perceived temptation to access information beyond a legitimate need; and  5. Comprehensibility and control—ensuring that record owners, data stewards, and patients understand and have effective control over appropriate aspects of information privacy and access.