701 likes | 906 Vues
Information Security in Medical Informatics Nicholas Davis UW-Madison, Division of Information Technology. Overview. Introduction How Information is Critical in Healthcare Security Problems in a healthcare environment Medical Records Privacy US Laws Technology Developments
E N D
Information Security in Medical InformaticsNicholas DavisUW-Madison, Division of Information Technology
Overview • Introduction • How Information is Critical in Healthcare • Security Problems in a healthcare environment • Medical Records Privacy • US Laws • Technology Developments • Digital certificates and PKI • Password crackers • Packet sniffers • Port scanners
Evolving Landscape in Healthcare Information Security • Minimal disclosure • Risk analysis at core • Auditing procedures • Authentication • Access profile • Emergency procedures for systems failing open vs. failing closed
Major Areas of Concern • Audit trails • Printing, data transfers (FAX) • Authentication of sender and receiver • Non-repudiation • Network access • Training and awareness • Thin clients vs. thick clients
How Information Exchange Has Evolved Over the Past 25 years • Patient care: instant access to current, correct, readable data • Data transfer to other external treatment facilities • Prescriptions – written vs. electronic • Insurance and billing business processes • Notification of infectious diseases to state and federal authorities • Telemedicine (DICOM)
Security Issues in the Real World Healthcare Environment • Networks not integrated • Testing labs have disparate systems • Doctors' PCs largely uncontrolled and unprotected • Workstations not tied to individuals, often shared among several people • This environment encourages poor security practices
Controlling Access to Sensitive Systems – Security Means Added Complexity • Data protection conflicts with ease of use • Password management poses problems • Medical and non-medical staff don’t cooperate • Non-medical use a reality • Shared responsibilities complicate audit trail • Medicine is a high-stress job. Healthcare professionals just want to do their job without hassle from technology • Access rights, read, write, append
Role Based Access Control How much patient data should be available to • Treating physicians? • Consulting physicians? • Medical students? • Pharmacy staff? • Dietary staff? • Outpatient treatment personnel after patient discharge? • Employees in multi-facility applications (clinics) • Vendors (Managed Care reps, technicians)? • Information technology staff? • Volunteers?
Role Based Access Control • Individual users should not be assigned rights – too difficult to track and change as roles evolve • Users should belong to groups • Groups should be granted access rights • Policy should be established for regular audits and updates of group membership (semester / academic year, etc/)
Social Engineering Threats • What is Social Engineering? • In person impersonation • Telephone impersonation • Brute force attacks
Social Engineering • Online discharge summaries available to everyone in hospital. A little bit of information is all people need to gain trust – vicious circle • Do use your system access rights to let someone else on the system • Criminals use patient info for blackmail • Staff use patient data to get dates or to stalk victims. Everyone can become spooky given the right circumstances
Moving From Paper to Electronic Auditing Paper records let medical-records staff monitor usage; usually highly professional Paper records provide good security simply because of lower accessibility However, paper records are really hard to search and use.
Electronic Auditing Hybrid systems use online databases with manual input of usage records. Can be tedious and potential exists for error. Modern systems create audit entries as Systems are accessed. Use audit and reporting software to analyze records.
Having Tracks Is Not Good Enough Who will analyze audit trails? Need exception reports Public Knowledge that an audit trail exists is a deterrent to misuse.
Historical Medical Information Access Challenges • Risk from poorly-controlled data access • Fears are hindering effective use • Limited awareness, little understanding among healthcare professionals • Ineffecient access methods • Inadequate controls drawn from other work environments
There Is Hope! • Education is essential! • Develop Informatics Risk Management Committee with members representing a true cross section of your operating environment • Resources must be assigned to improve security (Security costs real money) • Requirements are stringent but must be met • Passwords make people feel better, but a stronger system for authentication and authorization needs to be adopted • Security awareness must be an ongoing process
Why is Privacy of Medical Records So Important? • Doctor patient relationship • Privacy and Confidentiality: Different? • Regulations Affecting Patient Records (HIPAA is of primary concern) If you can meet HIPAA, you are gold! • Basic Principle of Medical Informatics Security: Need to know basis
Medical Record Security • Technology has always incited worry • Rights of privacy Unreasonable intrusion Appropriation of name, appearance Unreasonable publicity Misrepresentation
Government Regulations • Privacy Act of 1974 • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • State-Specific Privacy & Security Laws • Electronic Signature Act of 2000
HIPAA • Goals of HIPAA • HIPAA Approach – Authenticate – Protect – Provide Assurance • Penalties in HIPAA • Expectations & Impacts of HIPAA are vague at best • HIPAA Privacy Rules
HIPAA Goals • Tie the healthcare industry together • Save money • Increase productivity and efficiency • Lower the costs of products based on implementing a more limited number of standards • Lower administrative and back-office costs by lowering error rates, creating cleaner claims, speeding payments • Lower the costs of maintaining and managing the healthcare IT infrastructure
The Use of Electronic Signatures • Electronic Signatures in Global and National Commerce Act • Allows e-signatures to have same legal weight as pen-and-ink signatures • Currently determined on a state by state basis
Electronic Signatures • Effects on HIPAA are as yet uncertain • Remains to be seen what will be accepted as “electronic signature” • Image of signature? • Cryptographic signature?
The Technology • Card/token systems • People would leave tokens behind • Card-swipe systems • People would leave systems logged on after they left • Biometric systems • Expensive + user resistance • Same problem of failure to log off • Proximity card/token systems promising
Proximity Based Authentication and Authorization • Usually radio-frequency responders • Base station recognizes token • Communicates with access-control system • Initiates automatic logon • Can have two-factor authentication • Immediate screen lock when user leaves • Can even have session follow staff members • Instant access to screen anywhere • Reduces delays
Usernames and Passwords • Why do we have usernames and passwords? • Authenticate and Authorize • Why are usernames and passwords a bad idea? • Theft, sniffing, shoulder surfing, brute force attacks, concurrent usage, intentional sharing to thwart technical controls.
One Time Password Devices • RSA SecurID • Addresses many username/password concerns • Time based • Event based • Only good for authentication
Digital Certificates • What is a digital certificate? • Authentication • Authorization • Non-repudiation • Encryption • Email, documents, system access, physical access
The Threats of Portable Data • Theft and misappropriation • Consistency and version control • Lack of an authoritative source
The Importance of Systems That Fail Open • Failing open vs. failing closed • Reasonable assurance depends on risk at hand • What might be acceptable in the ER might not be acceptable in the Foot and Ankle Clinic
Takeaways From Today’s Session • It is your job to protect PHI • Just because you can’t see it happening, don’t assume it isn’t happening • Retain only necessary data • Don’t circumvent technical controls
The Hacker’s Credo – Play By the Rules • Contrary to popular belief, hackers don’t break the rules • Hackers find weaknesses in the rules and then exploit those weaknesses • Only the king has access to the gold……I guess I’ll have to become a king!
Protecting Email With a Digital Certificate • Digitally sign your messages • Encrypt email to others • Try it out today in the computer lab
What is PKI? • PKI is the acronym for Public Key Infrastructure. • The PKI system ensures confidentiality, authenticity, integrity and non-repudiation of electronic data. • Principles of public key cryptography and the public-private key relationship are the basis for any PKI • The Infrastructure part of PKI is the underlying system needed to issue keys and certificates and to publish public information.
Confidentiality, Authenticity, Integrity, and Non-repudiation As the “wired world” progresses, we will become increasingly reliant upon electronic communication both within and outside of the UW-Madison campus network. We want to be careful to protect our online identity and confidential information. PKI can help us with this.
Confidentiality Means that the information contained in the message is kept private and only the sender and the intended recipient will be able to read it
Authenticity Verification that the people with whom we are corresponding actually are who they claim to be
Integrity Verification that the information contained in the message is not tampered with, accidentally or deliberately, during transmission
Non-repudiation There can be no denial on the part of the sender of having sent a message that is digitally signed
How does PKI accomplish all of these things? • Data Encryption • Digital Signature • Root Authorities
Encryption refers to the conversion of a message into an unintelligible form of data, with the aim of ensuring confidentiality • Decryption is the reversal of encryption; it is the process of transforming encrypted data back into an intelligible message • In public key cryptography, encryption and decryption are performed with the use of a pair of public and private keys
The public and private key pair is comprised of two distinct and uniquely matched strings of numbers. • The public key is available to everyone and a private key is personal and confidential, known to and maintained by the designated owner. • Although related, it is computationally infeasible to derive the private key from the public key and vice-versa. When one of the keys in the key pair is used for encryption, the other key has to be used for decryption.
This relationship of public to private keys not only enables protection of data confidentiality, but also provides for the creation of a digital signature, which serves to ensure the authenticity and integrity of the message as well as its non-repudiation by the sender
Digital SignatureAddresses the issues of authenticity, integrity and non-repudiation. Like its hand-written counterpart, a digital signature proves authorship of a particular message. Technically, a digital signature is derived from the content of the sender's message in combination with his private key, and can be verified by the recipient using the sender's public key to perform a verification operation.
Digital Certificates and Certificate Authorities • A digital certificate is a digital document that proves the relationship between the identity of the holder of the digital certificate and the public key contained in the digital certificate. It is issued by a trusted third party called a Certificate Authority (CA.) Our digital certificate contains our public key and other attributes that can identify us.
When a person sends a digitally signed message to another person, the recipient may verify the validity of the signature via a mathematical operation, using the sender’s chained public key to verify the digital signature created by the sender.
How is a certificate issued? When a person applies for a digital certificate from a CA, the CA usually checks the person's identity and then generates the key pair on the user’s computer. Alternatively, the CA may generate the key pair for the person and deliver the private key to the person via secure means. The private key is kept by the person (stored on the person's computer or possibly on a smart card)
Encryption Example • Peter wants to send Ann his super secret resume.
Encrypting an email (continued) • Peter encrypts using Ann’s public key • Ann decrypts using her private key
Encryption (Continued) If Ann wishes to send Peter a confidential reply, she encrypts her message using Peter's public key. Peter then uses his private key to decrypt and read Ann's reply.