Keep it Confidential

1
Keep it Confidential
An Overview of Healthcare Information Security
from a Systems Approach

• Presented by
• Amber Boglin
• Amaechi Erondu
• Holly Trask
• 20 April 1998

2

• Project Overview
• Introduction
• Problem
• Exploration of Alternatives
• Implementing a Data Security Plan
• Conclusion

3
Computer-based Patient Records

• An electronic patient record that resides in a
  system designed to support users through
  availability of complete and accurate data,
  practitioner reminders and alerts, clinical
  decision support systems, links to bodies of
  medical knowledge, and other aids.

Source Institute of Medicine
4

• Last Project
• Client
• Kaiser Permanente of Ohio
• Objectives
• Reduce the cost of medical records keeping
• Improve access to patient records

5
Why we need security A short story
Community General Hospital
Hospital Lab Clerk
Daughter Lizzy
6
Lizzys Prank
Ill really screw up these peoples weekend
Informs Patient HIV Positive
Informs Patient she is both- HIV positive and
pregnant
Lizzy gains access to emergency room patient
database, As a prank she calls every one on the
list to inform men that they tested positive for
HIV and tells the women that they are
pregnant. One woman she tells that she has tested
positive for both.
(Bayard, 1)
7
Case Studies in Undefined Confidentiality Policy

• AIDS patients fear worker leaked list...
• Casual conversations of patient status in a small
  town...
• Teen daughter of hospital laboratory clerk calls
  blood work patients and tells them they are HIV
  positive...
• Violation of privacy with celebrity medical
  records

8

• Project Overview
• Introduction
• Problem
• Exploration of Alternatives
• Implementation a Data Security Plan
• Conclusion

9
Security of Healthcare Information

• Security is the protection of information
  systems against unauthorized access to or
  modification of information, whether in storage,
  processing, or transit, and against the denial of
  service to authorized users or the provision of
  service to unauthorized users, including those
  measure necessary to detect, document and counter
  such threats.

Source National Research Council, 1991
10
Flow of Personal Health Information
Direct Pt. Care Dr. Office Clinic Hospital Nursing
Facility institutions
Support Activities Service payers Quality
Reviews Admin. Reviews
Social Users Insurance Elig Employers Licensing
Public Health Medical Research Welfare
Commercial Users Marketing Profit/Risk Mgmt Drug
Usage
Source Alan Westin,1976
11

• 1996 Poll Data
• 75 survey respondents feared their health care
  information would be used for purposes other than
  health care services.
• 27 reported that their medical information had
  been improperly disclosed at sometime.
• 35 of those who had been affected said the
  disclosure has resulted in embarassment and
  personal harm.

(Bard, 1)
12
Threats to Information Confidentiality

• Insiders make innocent mistakes
• People are curious
• Insiders knowing divulge information
• Outsider attacks
• Unrestrained secondary use-there is money to be
  made

Rindfleisch, 1998
13
(No Transcript)
14

• Project Overview
• Introduction
• Problem
• Exploration of Alternatives
• Implementing a Data Security Plan
• Conclusion

15
Features of a Security System

• Authentication
• Authorization
• Integrity
• Audit Trails
• Disaster Prevention/Recovery
• Secure Data Storage
• Transmission

Source Computer-based Patient Record Institute
16
Authentication

• Providing assurance regarding the identity of a
  subject or object

Source ASTM E1762
17
Authentication Features

• The system
• permits passwords of sufficient length such that
  they are unique for every user
• provides the ability to inform a user of the last
  time the system was accessed with the users ID
  code
• provides reports of current inventory of users,
  Ids and access authorities

18
Authorization

• The granting of rights (to information), which
  includes the granting of access based on access
  rights

Source ISO 7498-2
19
Authorization Features

• The system
• allows defined access to specific data elements,
  files, menus, commands and networks based on
  users patient care responsibilities by user,
  function and location
• has a time-out feature that automatically signs a
  user off a terminal if left unattended for a
  defined period of time
• can determine who is accessing a patient record
  at any point in time through on-line inquiry

20
Integrity

• Refers to the accuracy, consistency and
  completeness of data, a program, a system, or a
  network

Source National Research Council, 1991
21
Integrity Features

• The system
• provides data management features that eliminate
  the redundant maintenance of duplicate patient
  data
• supports anti-virus software
• is protected from unauthorized access via the
  Internet through the use of firewalls,
  cryptography and other authentication devices

22
Audit Trails

• The results or reports of monitoring each
  operation on information

Source National Research Council, 1991
23
Audit Trail Features

• The system
• logs and reports all violations of system
  security procedures
• allows sign-on identification to tag on-line
  transaction audit records for reporting
  capabilities
• supports the ability to use third-party audit
  packages

24
Disaster Prevention Recovery

• The process of an organization restoring data
  loss in the event of a fire, natural disaster,
  vandalism or system failure

Source CPRI, July 1996
25
Disaster Prevention Recovery Features

• The system
• provides a backup process that can be performed
  in a dynamic mode so that the system can be
  operational 24 hours/day
• provides a data archiving process based on system
  administrator criteria
• can recover to the point of failure if disaster
  occurs

26
Secure Data Storage

• The establishment and maintenance of data in a
  protected place

27
Transmission

• The remote exchange of data between
  person-program, person-person or program-program

Source Longley, 1987
28
Data Storage Transmission Features

• The system
• supports the ability to import export data
• provides interface to allow archival of data
• secures dial-in access, unique user IDs and
  passwords, limited access times and limited
  connection duration

29

• Technological Approaches to Securing Patient Data
• Access Control/User Authentication
• Passwords
• Tokens
• Firewalls
• Data Authentication
• Digital Signatures
• Biometrics user authentication
• Key Management
• Key management issues for public key cryptography
• Audit trails
• Digital notary time stamp

30
Firewalls

• A combination of hardware and software components
  used to protect an internal network, or intranet,
  from potential security breaches by way of
  external or public access networks such as the
  Internet.
• Firewall Functions
• A firewall acts as a barrier between a network
  of machines that operate under a common security
  policy.
• A firewall does not protect from inside attacks.

Source American Academy of Family Physicians
Family Practice Management lead article, May 1997.
31
Source Rindfleisch, 25
32
Encryption
Uses mathematical formulas to scramble
information like credit card numbers to make them
unreadable to computer users who lack a software
key that can decode encrypted data. Encryption
Functions Keys This system uses two different
keys to encrypt a message and another to decrypt
the message. Public Keys The system uses a key
that is publicly available to to decrypt
messages. Usually this key is widely distributed
so anyone who obtains it can send an encrypted
message to the person who has his public key.
(Source Bard, 3)
33
Rindfleisch,40
34
The Systems Development Life Cycle

• Proper policy Planning
• Analysis of the problem
• Designing or Prototyping a Solution
• Implementation of the Solutions
• Support, Maintenance and Education

35

• Project Overview
• Introduction
• Problem
• Exploration of Alternatives
• Implementing a Data Security Plan
• Conclusion

36
Confidentiality Project Planning

• Understanding laws and regulations
• Organization-specific documentation of
  information security policies, standards and
  procedures
• Senior management support concerning the
  corporate direction for information security in
  writing

37
Policy Planning Understanding Key Legislation

• Privacy Act of 1974
• Emergency Medical Treatment and Active Labor Act
• Patient Self-Determination Act
• Freedom of Information Act
• Your organizations confidentiality policy!

38
Problem Analysis

• Review the current and proposed security network
  architecture
• Assess existing security technology and document
  current problems
• Identify document various human factors issues
  concerning security
• Interview physicians for suggestions in creating
  a security model based on best practices

39
Planning for Human Error

• Outside access to internal, personal information
• Individuals may make money by selling information
• Employee disclosure of personal patient
  information
• accidental
• on purpose

40
Designing or Prototyping a Solution

• Develop model the proposed security
  architecture with various diagrams
• Match institution-wide patient record security
  policies to proposed model
• Evaluate third-party computerized patient record
  security tools
• Develop user training and security/confidentiality
  awareness training
• Develop EMR information security roles
  responsibilities
• Develop standards for technology usage upgrades

41
Solution Implementation

• Designate implementation project management
  leaders
• Integrate constant physician involvement with CPR
  security plan implementation
• Create implementation time line and plan
  guidelines
• Pilot the security/confidentiality policies
  procedures and user manuals for security
  technology
• Post the policies and plan organization-wide user
  training to master the new technologies to secure
  patient data
• Conduct an implementation review, including
  representative clinical and administrative users

42
Support, Maintenance and Education

• Evaluate re-visit final implementation
  checklist
• Schedule an ongoing CPR security awareness
  training program
• Designate CPR security compliance review board
  schedule quarterly progress reports
• Review current healthcare data security personnel
  responsibility descriptions and update them
  reflect the new security/confidentiality plan

43
Implementation Cost Analysis

• Systems RFP information

44

• Project Overview
• Introduction
• Problem
• Exploration of Alternatives
• Implementing a Data Security Plan
• Conclusion

45
Conclusions Recommendations

• Necessary integration of CPR data security
  policies with emerging proposed security
  technology
• Team involvement between physicians, other
  clinical staff in implementing secure plans for
  CPR information systems
• Plan for disaster recovery of CPR information
• Clarify internal security policies to external
  organizations
• Pilot test the technology to simulate internal
  external security attacks
• Clarify document consequences for CPR security
  attacks and violations