Confidentiality, Privacy, and Security - PowerPoint PPT Presentation

1 / 37
About This Presentation
Title:

Confidentiality, Privacy, and Security

Description:

Legislation. Authentication. Encryption. Firewalls. WWW security. 3. Definitions ... Legislation. Health Insurance Portability and Accountability Act (HIPAA) [1996] ... – PowerPoint PPT presentation

Number of Views:38
Avg rating:3.0/5.0
Slides: 38
Provided by: williamaya
Category:

less

Transcript and Presenter's Notes

Title: Confidentiality, Privacy, and Security


1
Confidentiality, Privacy, and Security
  • William A. Yasnoff, MD, PhD
  • Oregon Health Division

2
Overview
  • Definitions
  • Fair Information Practices
  • Policies and Procedures
  • Legislation
  • Authentication
  • Encryption
  • Firewalls
  • WWW security

3
Definitions
  • PRIVACY The right of individuals to hold
    information about themselves in secret, free from
    the knowledge of others.

4
Definitions (continued)
  • CONFIDENTIALITY The assurance that information
    about identifiable persons, the release of which
    would constitute an invasion of privacy for any
    individual, will not be disclosed without consent
    except as allowed by law.

5
Definitions (continued)
  • SECURITY The mechanisms by which
    confidentiality policies are implemented in
    computer systems, including provisions for
  • Access control
  • Integrity
  • Availability

6
Definitions (continued)
  • IDENTIFIABLE INFORMATION Any information,
    including but not limited to demographic
    information, which will identify or may
    reasonably lead to the identification of one or
    more specific individuals.

7
Definitions (continued)
  • CONFIDENTIAL DATABASE Any collection or
    grouping of information about individuals
    maintained by the Division in electronic form
    which is not comprised solely of public records
    subject to release on request, and the release of
    which could represent a breach of
    confidentiality. . . .

8
Definitions (continued)
  • . . . Such information includes, but is not
    limited to demographic information, medical or
    testing histories, clinical information,
    employment or financial status, the results of
    special studies, participation in or exclusion
    from specific programs, sources of . . .

9
Definitions (continued)
  • . . . information, or new collections of
    information derived from the linkage of one or
    more previously existing confidential databases.

10
Fair Information Practices
  • Relevance
  • Integrity
  • Written Purpose
  • Need-to-Know Access
  • Correction
  • Consent

11
1. Relevance
  • All information collected should be necessary and
    relevant to public health or required by law.
  • individuals entitled to privacy
  • benefits of information should outweigh privacy
    concerns
  • collection not overly burdensome, intrusive, or
    coercive

12
2. Integrity
  • The integrity of information should be protected.
  • prevent loss, interception, misuse
  • maintain accurate, complete, timely data
  • no unauthorized alteration or destruction

13
3. Written Purpose
  • All information collected should be consistent
    with written public health purposes and/or
    required by law.
  • databases must have written purpose(s)
  • usage restricted to stated purpose(s)
  • linkage of databases considered a new database

14
4. Need-to-Know Access
  • All confidential information should be accessible
    only on a need-to-know basis, both internally and
    externally.
  • confidentiality agreements for all personnel
  • access terminated when duties change
  • no redisclosure
  • external release for research requires IRB
    approval

15
5. Correction
  • Individuals should have access to information
    about themselves and the ability to correct this
    information to the extent allowed by law.
  • maintain public list of all databases
  • name of database
  • description of information included
  • information sources (non-confidential)
  • disputed data must be marked

16
6. Consent
  • Information must be collected with the consent of
    the individual except as required by law.
  • informed consent
  • purpose of information collection
  • data protections in place
  • consequences of withholding information
  • no consent if waived by law

17
Confidentiality Policies
  • Fair Information Practices
  • Data Release Restrictions
  • Personnel Agreements

18
Data Release Restrictions
  • Release without review is restricted
  • Denominator gt 50 population data
  • Denominator gt 10 cohort data

19
Personnel Issues
  • All personnel to sign confidentiality agreements
    periodically
  • Special provisions for data system administrators

20
Confidentiality Provisions
  • Definition of confidential information
  • Need-to-know access only
  • No redisclosure
  • If questions, ask supervisor
  • Breach will result in disciplinary action
  • Confidentiality must be maintained indefinitely

21
Data System Administrators
  • Information used only as needed for
    administration of computer system
  • Access granted to others only in accordance with
    established policies and procedures
  • Disciplinary action for violations may be
    termination on first offense

22
Legislation
  • Health Insurance Portability and Accountability
    Act (HIPAA) 1996
  • privacy standards by August 1997
  • security standards by February 1998
  • universal health identifier
  • Fair Health Information Practices (bill
    introduced in 105th Congress)

23
Security
  • Authentication
  • Encryption
  • Firewalls
  • WWW

24
Authentication
  • Who are you talking to?
  • Methods
  • what the user knows (password)
  • what the user has (smartcard)
  • what the user is (biometrics)

25
Passwords
  • Longer is better
  • Never use dictionary words
  • word1word2 is good working model
  • Never write or store passwords
  • On network, passwords often travel in the clear

26
End-to-End Authentication
  • Cryptography based
  • Challenge-response
  • response generated with encryption
  • challenge varies to defeat interception
  • Time synchronized
  • password depends on time of day
  • user-carried device generates password
  • good for system administrators

27
Kerberos
  • User asks key server for access to target
    system
  • Key server creates message, encrypts with user
    key, sends
  • User decrypts message, then encrypts with access
    key of target system
  • Key server sends session key to user and target
    system (both encrypted)

28
Kerberos
  • Key server must be secure
  • Allows mediation by third party of access among
    multiple systems
  • Potential model for electronic medical record
    exchange
  • Developed at MIT

29
Cryptography
  • Convert plaintext into message readable only with
    key
  • DES data encryption standard
  • 64 bit message
  • 56 bit key
  • uses repeated substitution, transposition
  • breakable in reasonable time with large computer
    system (31 hrs _at_ 100K, 20 minutes _at_ 10 MM)

30
Cryptography
  • Triple-DES
  • apply DES three times
  • three different keys (168 bits total)
  • now used for automated teller transactions

31
Public Key Cryptography
  • Public Key
  • in phone directory
  • Private Key
  • known only to recipient
  • Message encrypted with either key can be
    decrypted with the other
  • sender encrypts with one key, receiver decrypts
    with the other key

32
RSA Cryptography
  • Public key is product p x q
  • Private key is factors p, q
  • Security derived from difficulty in computing
    factors p, q if pq is large
  • Larger key size provides more security

33
Firewalls
  • Separate, dedicated computer system
  • Filters packets based on source and/or
    destination
  • Mount disks read only
  • Eliminate all unnecessary commands and services
  • Minimum number of user accounts

34
Firewalls as Proxy Servers
  • Firewall connects to outside system, not your
    system
  • By acting as your proxy, your system is
    protected from the outside system
  • Can be used for
  • telnet (session)
  • ftp (file transfer)

35
Intrusion Detection
  • Look for unusual access patterns or activity
  • Types of evaluation
  • statistical
  • rule-based
  • Example lock account after 3 failed login
    attempts
  • Assume all systems are subject to attempted
    unauthorized use

36
WWW Security
  • server scripts (Java) can execute programs on
    your machine!
  • Types of WWW security
  • SSL secure sockets layer
  • secure pipe between two machines
  • transparent to application
  • S-HTTP secure HTTP
  • secure envelopes for messages
  • built into browsers

37
Security Pearls
  • Back up key files
  • Use encryption on sensitive data
  • Use good passwords
  • Network security requires expertise
  • authentication
  • encryption
  • firewalls
Write a Comment
User Comments (0)
About PowerShow.com