1 / 32

Medical Record Security

Medical Record Security. Bob Horwatt CS665 April 19, 2007 WVU. Overview. Brief HIPAA Explanation Personal Experience Current Problems One Possible Solution Conclusion Questions. HIPAA. HIPAA. HIPAA – Health Insurance Portability and Accountability Act of 1996

natane
Download Presentation

Medical Record Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Medical Record Security Bob Horwatt CS665 April 19, 2007 WVU

  2. Overview • Brief HIPAA Explanation • Personal Experience • Current Problems • One Possible Solution • Conclusion • Questions Bob Horwatt - CS665 - WVU

  3. HIPAA Bob Horwatt - CS665 - WVU

  4. HIPAA • HIPAA – Health Insurance Portability and Accountability Act of 1996 • Established new standards for the movement and uses of health care information • Privacy – Confidentiality • Security – of Electronic Medical Records (EMR) Bob Horwatt - CS665 - WVU

  5. HIPAA • Administrative Issues – Transfer of Information standards • These regulations have a major impact on the day-to-day functioning of the nation's hospitals and affect virtually every department of every entity that provides or pays for health care. Bob Horwatt - CS665 - WVU

  6. HIPAA • Pharmacies • Nursing Home/Group Home • Doctors – Dentist, Physicians, Chiropractors, Physical Therapists, etc. Bob Horwatt - CS665 - WVU

  7. Personal Experience Bob Horwatt - CS665 - WVU

  8. Personal Experience • Not just Electronic Data. • Pill Bottles • Hard Copies of Medical Information • Prescriptions • Etc. Bob Horwatt - CS665 - WVU

  9. Current Issues Bob Horwatt - CS665 - WVU

  10. Current Issues • Patients • Uncomfortable with Cyberspace • Secure Transfer of Information • Access Control • Legal Issues • Employee Education Bob Horwatt - CS665 - WVU

  11. Current Issues • Who is Responsible for Security Breaches? • Standardization of Security Measures • Financial Costs Bob Horwatt - CS665 - WVU

  12. Current Issues • Security Usually Takes Place After a Breach • Misnomer of External Intruders • Majority of Breaches Occur from an Inside Source • Accidental Disclosure of Information • Insider Curiosity • Subordination • etc. Bob Horwatt - CS665 - WVU

  13. Current Issues • Management Needs to Ensure Safeguards • Networks Tend to be Wide Open • System Developers Need to Consider Security when Developing these Applications • HIPAA Must Track All Instances of Access to Sensitive Data Bob Horwatt - CS665 - WVU

  14. Current Issues • Access Control Only Applies to the Local Security Domain • Need to have Access Control Across Multiple Domains Bob Horwatt - CS665 - WVU

  15. Possible Solution Bob Horwatt - CS665 - WVU

  16. Possible Solution Trust Negotiation and Surrogate Trust Negotiation • Brigham Young University (2003) Bob Horwatt - CS665 - WVU

  17. Possible Solution Trust Negotiation Bob Horwatt - CS665 - WVU

  18. Possible Solution • This Solves Authentication and Authorization • Secure Transactions • Bilateral, Iterative Digital Credentials Exchange • Digital Credential Attributes • Identifying Information • Licensing Certificates • Association Membership Bob Horwatt - CS665 - WVU

  19. Possible Solution • Public Key Cryptography Guarantees Credentials are Unforgettable and Verifiable • Trust Negotiations also Rely on Access Control Policies. • Services • Data • Credentials • Other Policies Bob Horwatt - CS665 - WVU

  20. Possible Solution • These Credentials Provides a User with Specific Resources • Policies May Grant or Refuse a User Access to resources in Real-Time Bob Horwatt - CS665 - WVU

  21. Trust Negotiation Scenario Bob Horwatt - CS665 - WVU

  22. Possible Solution Image Source [1] Bob Horwatt - CS665 - WVU

  23. Possible Solution Surrogate Negotiation Bob Horwatt - CS665 - WVU

  24. Possible Solution • Involves Wireless Technology • This Produces Many Difficulties • Difficulties Arise from • The Broadcast Nature • Data Transmitted in all directions simultaneously • Resource Limitations • Bandwidth • Processing Capabilities • Battery Life • Unreliable Connections • etc. Bob Horwatt - CS665 - WVU

  25. Possible Solution • Despite this Mobile Health Alliance States Wireless Transmissions Meet the Same Requirements as Wired Transmissions • One Problem: • The Algorithms are Intense Cryptographic Calculations • Wireless Items have Limited Computing Power • Need Reliable Access to the Internet Bob Horwatt - CS665 - WVU

  26. Possible Solution • Surrogate Trust Networks Provide a Flexible Model to Overcome these Shortcomings • Network Proxies • Software Agents • Modern Cryptography Systems Bob Horwatt - CS665 - WVU

  27. Surrogate Trust Negotiation Scenario Bob Horwatt - CS665 - WVU

  28. Possible Solution Bob Horwatt - CS665 - WVU

  29. Conclusion • Global Expansion of EMR is Necessary for Improving Patient Care • Past EMR Systems have been Hindered by Poor Security Systems • Mainly in Handling Access Control • Trust Negotiation is a New Approach for Authenticating and Authorizing • Surrogate trust Negotiation Extends Security to Mobile Devices Bob Horwatt - CS665 - WVU

  30. Conclusion • These Security Systems have enormous Potential to Improve Security in Healthcare Systems Bob Horwatt - CS665 - WVU

  31. References • [1] Trust Negotiation for Authentication and Authorization in Healthcare Information Systems. David K. Vawdrey, Tore L. Sundelin, Kent E Seamons, and Charles D. Knutson Brigham Young University • [2] Security Issues for Implementation of E-Medical Records Terry Huston • [3] CMS Centers for Medicare and Medicaid Services http://www.cms.hhs.gov/SecurityStandard/ • [4] United States Department of Health and Human Services http://www.hhs.gov/ocr/hipaa/ • [5] HIPAA - Health Insurance Portability and Accountability Act of 1996 http://www.hipaa.org/ Bob Horwatt - CS665 - WVU

  32. Questions Bob Horwatt - CS665 - WVU

More Related