1 / 27

Portable Devices: Convenience and/or Conundrum

Portable Devices: Convenience and/or Conundrum. Kim R. Pemble, M.S. Vice President IS and CIO SynergyHealth. Agenda. Introduction Setting the Stage Events from real life Portable Media Technology and Workflow Integration Policy and Procedure Discussion Questions and Answers.

kaida
Download Presentation

Portable Devices: Convenience and/or Conundrum

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Portable Devices: Convenience and/or Conundrum Kim R. Pemble, M.S. Vice President IS and CIO SynergyHealth

  2. Agenda • Introduction • Setting the Stage • Events from real life • Portable Media • Technology and Workflow Integration • Policy and Procedure Discussion • Questions and Answers

  3. SynergyHealth • St. Joseph’s Hospital • 80 inpatient beds • ~4,900 IP admissions, HOV ~61,000, ECC ~16,000 • Physicians in addition to WBC • New replacement hospital August 7, 2005 • West Bend Clinic and Satellites • 75 physicians • Office visits ~430,000 annually

  4. Breaking News….. Austin, Texas, police are investigating after security cameras captured video of the thief carrying out a laptop and a projector from a Seton Family of Hospitals office. http://www.informationweek.com/showArticle.jhtml?articleID=197008711 Health Care Firm Recovers Stolen Laptop “The data on the Dell laptop was encrypted and password-protected, according to a statement from William Beaumont Hospital in Royal Oak. But the car theft, which occurred Aug. 5 in Detroit, caused particular concern among hospital officials, because the affected employee's ID access code and password were written on a piece of paper that was taped to the inside of the stolen PC.” http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9002765

  5. Breaking News….. Sick Kids doctor loses data on 3,300 patients • Six weeks after Ontario's privacy commissioner ordered the Hospital for Sick Children not to remove electronic health records from the hospital, a doctor lost an external hard drive containing such records at the country's busiest airport. • The physician, who was traveling to a medical conference, packed the external hard drive so he could work while away. Though airport security was notified and a search conducted, it was never recovered. Aug 31, 2007 04:30 AM MEGAN OGILVIEHEALTH REPORTER http://www.thestar.com/living/article/251904

  6. Is Portable Media Really A“New Problem”?

  7. Portable Media and “Today’s” Mobility

  8. Technology Update… • Back in 2004, flash drives averaged about a third of a gigabyte in capacity, according to Semico Research Corp. That average is now at more than two gigabytes and is expected to top 13 gigabytes by 2010. As storage space goes up, cost has come down, making them even more popular to use. • "Over time, we're going to see these flash things increase in use, no doubt about it," said John Emerson, information technology manager for the city of Ventura, Calif. By Allison Bruce, Scripps Howard News Service, August 01, 2007 http://www.scrippsnews.com/node/25835

  9. State of the “Art” • July 25 2007 – Apple reports selling “… 9,815,000 iPods during the quarter, representing 21 percent growth over the year-ago quarter …” • (http://www.apple.com/pr/library/2007/07/25results.html)

  10. 10 More Stupid Things Smart IT People Still Do • 1. Cast a jaded eye on emerging technologies and modes of delivering technology. • 4. Look at security purely from a technical standpoint. • 5. On that note, don't lock down laptops.

  11. 10 More Stupid Things Smart IT People Still Do • 6. Consider remote users the exception rather than the rule. • 9. Keep evaluations of new technologies confined to the IT department. http://www.eweek.com/slideshow_viewer/0,1205,l=&s=27323&a=213625&po=11,00.asp?p=y

  12. Work Environment • Durable Medical Equipment sales and service • Visiting Nurse and Home Health services • Home Hospice • E-Prescribing • Providers traveling and “being on-call” • Portable dictation with VR and e-signing

  13. Work Environment • Management and Staff, business or clinical “taking work home” • “It's kind of neat we've got such dedicated people that want to work at home. We don't want to discourage that," said John Emerson, IT manager city of Ventura, Calif. • Executives and Management “traveling” • Various sites • State and National “events”

  14. Work Environment • Operational backups of data • Business continuance • Portable Media as the “medical record” of the future • Or now….

  15. Equipment To Support • Laptops • Workstations on Wheels (formerly COWs) • Tablet PCs • Personal Digital Assistants • Blackberry ™ and cell phones • USB Memory Sticks • Digital & Analog recording (e.g. still, video, audio) • In short, most of the items we reviewed previously

  16. State of the Art • August 30, 2007 Computerworld -- A second line of USB drives sold by Sony Electronics Inc. that uses rootkit tactics to hide files has been identified, and the devices' software remains on the Web, a researcher said today. Hackers using just one of the package's files can mask their attack code from some security scanners, said Mikko Hypponen, chief research officer at Helsinki, Finland-based F-Secure Corp. • Technical Toy Choices… http://www.mobilewhack.com/reviews/portable_devices/ http://newsfeedresearcher.com/data/articles_t35/idt2007.09.01.01.08.15.html#hdng0

  17. Portable Media • Organizational Responsibilities • Establish a policy on Portable Media • Educate their staff on the appropriate use of Portable Media – organizationally or personally provided • … and right of the organization to require security guards and/or audit all such media.

  18. Reasons for and Goals of Policies and Education • Establish a framework • Minimize possible adverse outcomes from loss or theft of devices • Establish an understanding of the opportunity and responsibility of appropriate use • Outline options/guidelines for appropriately securing ePHI stored on portable media • Protect the public trust in the event of loss of ePHI on portable media • Determine the organizational position regarding portable media

  19. S.W.O.T. for USB Devices • With recognition to: • http://www.itbusinessedge.com/item/?ci=13938

  20. Strengths • High-capacity network for work-at-home transport, or traveling to a remote office without a laptop • Users of a shared computer can store their own files on a USB flash drive. Multiple users of the company laptop, for example, can each use a USB flash drive to store their individual files • A support technician can use a USB drive to carry several GB of diagnostic tools, recovery tools, drivers, and critical system updates. They can also copy files to PCs and servers that do not have floppy disk or CD drives

  21. Weaknesses • The enterprise does not have a firm grasp on the business processes required to manage a USB drive initiative • The enterprise is not fully aware of the potential risks involved with a USB drive initiative • The enterprise is uncertain of how much productivity can be gained as a result of purchasing USB drives

  22. Opportunities • Cut hardware costs for transporting files. A professional who is asking for a $2,000 laptop to take project work home could possibly be served by a $1,000 desktop computer and a $50 USB drive • Flash drives as a medium for portable support software toolkits. In some configurations, a PC can be set to boot from an USB flash drive after a hard disk crash

  23. Threats • A user loses his or her USB device • A user's USB device is stolen, the data on it is stolen, or it is sold by an employee • The network becomes infected due to viruses, spyware, and other malware hiding in a USB flash drive • Non-compliance with regulatory requirements

  24. Some Guiding Principles • Recognize and mitigate risks • Introduction of malware/viruses from portable media • Policy that addresses user responsibility and accountability • Provide education • Implement technical and policy solutions that are technology neutral • Ensure that virus software scans all devices attached to the network • Update physical security guidelines/protocols to assess portable media

  25. Some Guiding Principles • Consider… • Privacy/Confidentiality Statement be placed on each device as “read me” • Establishing contact information in the event that the device is found • Short of disabling all USB ports, they are impossible to defend against.  http://labmice.techtarget.com/articles/usbflashdrives.htm http://processor.com/editorial/article.asp?article=articles%2Fp2810%2F33p10%2F33p10.asp&guid=&searchtype=&Wordlist=&bJumpTo=True

  26. Technology does not drive change at all. Technology merely enables change. It’s our collective cultural response to the options and opportunities presented by technology that drive change.Paul Saffo Culture eats Strategy for BreakfastGlyn Elwyn

  27. Next Steps… • White paper work continues and initial posting is targeted for October time frame • Draft policy will follow the white paper • Thanks to all my colleagues working on these projects. • Questions and discussion…

More Related