1 / 69

Information Security in Medical Informatics Nicholas Davis UW-Madison, Division of Information Technology

Information Security in Medical Informatics Nicholas Davis UW-Madison, Division of Information Technology. Overview. Introduction How Information is Critical in Healthcare Security Problems in a healthcare environment Medical Records Privacy US Laws Technology Developments

senona
Télécharger la présentation

Information Security in Medical Informatics Nicholas Davis UW-Madison, Division of Information Technology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Security in Medical InformaticsNicholas DavisUW-Madison, Division of Information Technology

  2. Overview • Introduction • How Information is Critical in Healthcare • Security Problems in a healthcare environment • Medical Records Privacy • US Laws • Technology Developments • Digital certificates and PKI • Password crackers • Packet sniffers • Port scanners

  3. Evolving Landscape in Healthcare Information Security • Minimal disclosure • Risk analysis at core • Auditing procedures • Authentication • Access profile • Emergency procedures for systems failing open vs. failing closed

  4. Major Areas of Concern • Audit trails • Printing, data transfers (FAX) • Authentication of sender and receiver • Non-repudiation • Network access • Training and awareness • Thin clients vs. thick clients

  5. How Information Exchange Has Evolved Over the Past 25 years • Patient care: instant access to current, correct, readable data • Data transfer to other external treatment facilities • Prescriptions – written vs. electronic • Insurance and billing business processes • Notification of infectious diseases to state and federal authorities • Telemedicine (DICOM)

  6. Security Issues in the Real World Healthcare Environment • Networks not integrated • Testing labs have disparate systems • Doctors' PCs largely uncontrolled and unprotected • Workstations not tied to individuals, often shared among several people • This environment encourages poor security practices

  7. Controlling Access to Sensitive Systems – Security Means Added Complexity • Data protection conflicts with ease of use • Password management poses problems • Medical and non-medical staff don’t cooperate • Non-medical use a reality • Shared responsibilities complicate audit trail • Medicine is a high-stress job. Healthcare professionals just want to do their job without hassle from technology • Access rights, read, write, append

  8. Role Based Access Control How much patient data should be available to • Treating physicians? • Consulting physicians? • Medical students? • Pharmacy staff? • Dietary staff? • Outpatient treatment personnel after patient discharge? • Employees in multi-facility applications (clinics) • Vendors (Managed Care reps, technicians)? • Information technology staff? • Volunteers?

  9. Role Based Access Control • Individual users should not be assigned rights – too difficult to track and change as roles evolve • Users should belong to groups • Groups should be granted access rights • Policy should be established for regular audits and updates of group membership (semester / academic year, etc/)

  10. Social Engineering Threats • What is Social Engineering? • In person impersonation • Telephone impersonation • Brute force attacks

  11. Social Engineering • Online discharge summaries available to everyone in hospital. A little bit of information is all people need to gain trust – vicious circle • Do use your system access rights to let someone else on the system • Criminals use patient info for blackmail • Staff use patient data to get dates or to stalk victims. Everyone can become spooky given the right circumstances

  12. Moving From Paper to Electronic Auditing Paper records let medical-records staff monitor usage; usually highly professional Paper records provide good security simply because of lower accessibility However, paper records are really hard to search and use.

  13. Electronic Auditing Hybrid systems use online databases with manual input of usage records. Can be tedious and potential exists for error. Modern systems create audit entries as Systems are accessed. Use audit and reporting software to analyze records.

  14. Having Tracks Is Not Good Enough Who will analyze audit trails? Need exception reports Public Knowledge that an audit trail exists is a deterrent to misuse.

  15. Historical Medical Information Access Challenges • Risk from poorly-controlled data access • Fears are hindering effective use • Limited awareness, little understanding among healthcare professionals • Ineffecient access methods • Inadequate controls drawn from other work environments

  16. There Is Hope! • Education is essential! • Develop Informatics Risk Management Committee with members representing a true cross section of your operating environment • Resources must be assigned to improve security (Security costs real money) • Requirements are stringent but must be met • Passwords make people feel better, but a stronger system for authentication and authorization needs to be adopted • Security awareness must be an ongoing process

  17. Why is Privacy of Medical Records So Important? • Doctor patient relationship • Privacy and Confidentiality: Different? • Regulations Affecting Patient Records (HIPAA is of primary concern) If you can meet HIPAA, you are gold! • Basic Principle of Medical Informatics Security: Need to know basis

  18. Medical Record Security • Technology has always incited worry • Rights of privacy Unreasonable intrusion Appropriation of name, appearance Unreasonable publicity Misrepresentation

  19. Government Regulations • Privacy Act of 1974 • Health Insurance Portability and Accountability Act of 1996 (HIPAA) • State-Specific Privacy & Security Laws • Electronic Signature Act of 2000

  20. HIPAA • Goals of HIPAA • HIPAA Approach – Authenticate – Protect – Provide Assurance • Penalties in HIPAA • Expectations & Impacts of HIPAA are vague at best • HIPAA Privacy Rules

  21. HIPAA Goals • Tie the healthcare industry together • Save money • Increase productivity and efficiency • Lower the costs of products based on implementing a more limited number of standards • Lower administrative and back-office costs by lowering error rates, creating cleaner claims, speeding payments • Lower the costs of maintaining and managing the healthcare IT infrastructure

  22. The Use of Electronic Signatures • Electronic Signatures in Global and National Commerce Act • Allows e-signatures to have same legal weight as pen-and-ink signatures • Currently determined on a state by state basis

  23. Electronic Signatures • Effects on HIPAA are as yet uncertain • Remains to be seen what will be accepted as “electronic signature” • Image of signature? • Cryptographic signature?

  24. The Technology • Card/token systems • People would leave tokens behind • Card-swipe systems • People would leave systems logged on after they left • Biometric systems • Expensive + user resistance • Same problem of failure to log off • Proximity card/token systems promising

  25. Proximity Based Authentication and Authorization • Usually radio-frequency responders • Base station recognizes token • Communicates with access-control system • Initiates automatic logon • Can have two-factor authentication • Immediate screen lock when user leaves • Can even have session follow staff members • Instant access to screen anywhere • Reduces delays

  26. Usernames and Passwords • Why do we have usernames and passwords? • Authenticate and Authorize • Why are usernames and passwords a bad idea? • Theft, sniffing, shoulder surfing, brute force attacks, concurrent usage, intentional sharing to thwart technical controls.

  27. One Time Password Devices • RSA SecurID • Addresses many username/password concerns • Time based • Event based • Only good for authentication

  28. Digital Certificates • What is a digital certificate? • Authentication • Authorization • Non-repudiation • Encryption • Email, documents, system access, physical access

  29. The Threats of Portable Data • Theft and misappropriation • Consistency and version control • Lack of an authoritative source

  30. The Importance of Systems That Fail Open • Failing open vs. failing closed • Reasonable assurance depends on risk at hand • What might be acceptable in the ER might not be acceptable in the Foot and Ankle Clinic

  31. Takeaways From Today’s Session • It is your job to protect PHI • Just because you can’t see it happening, don’t assume it isn’t happening • Retain only necessary data • Don’t circumvent technical controls

  32. The Hacker’s Credo – Play By the Rules • Contrary to popular belief, hackers don’t break the rules • Hackers find weaknesses in the rules and then exploit those weaknesses • Only the king has access to the gold……I guess I’ll have to become a king!

  33. Protecting Email With a Digital Certificate • Digitally sign your messages • Encrypt email to others • Try it out today in the computer lab

  34. What is PKI? • PKI is the acronym for Public Key Infrastructure. • The PKI system ensures confidentiality, authenticity, integrity and non-repudiation of electronic data. • Principles of public key cryptography and the public-private key relationship are the basis for any PKI • The Infrastructure part of PKI is the underlying system needed to issue keys and certificates and to publish public information.

  35. Confidentiality, Authenticity, Integrity, and Non-repudiation As the “wired world” progresses, we will become increasingly reliant upon electronic communication both within and outside of the UW-Madison campus network. We want to be careful to protect our online identity and confidential information. PKI can help us with this.

  36. Confidentiality Means that the information contained in the message is kept private and only the sender and the intended recipient will be able to read it

  37. Authenticity Verification that the people with whom we are corresponding actually are who they claim to be

  38. Integrity Verification that the information contained in the message is not tampered with, accidentally or deliberately, during transmission

  39. Non-repudiation There can be no denial on the part of the sender of having sent a message that is digitally signed

  40. How does PKI accomplish all of these things? • Data Encryption • Digital Signature • Root Authorities

  41. Encryption refers to the conversion of a message into an unintelligible form of data, with the aim of ensuring confidentiality • Decryption is the reversal of encryption; it is the process of transforming encrypted data back into an intelligible message • In public key cryptography, encryption and decryption are performed with the use of a pair of public and private keys

  42. The public and private key pair is comprised of two distinct and uniquely matched strings of numbers. • The public key is available to everyone and a private key is personal and confidential, known to and maintained by the designated owner. • Although related, it is computationally infeasible to derive the private key from the public key and vice-versa. When one of the keys in the key pair is used for encryption, the other key has to be used for decryption.

  43. This relationship of public to private keys not only enables protection of data confidentiality, but also provides for the creation of a digital signature, which serves to ensure the authenticity and integrity of the message as well as its non-repudiation by the sender

  44. Digital SignatureAddresses the issues of authenticity, integrity and non-repudiation. Like its hand-written counterpart, a digital signature proves authorship of a particular message. Technically, a digital signature is derived from the content of the sender's message in combination with his private key, and can be verified by the recipient using the sender's public key to perform a verification operation.

  45. Digital Certificates and Certificate Authorities • A digital certificate is a digital document that proves the relationship between the identity of the holder of the digital certificate and the public key contained in the digital certificate. It is issued by a trusted third party called a Certificate Authority (CA.) Our digital certificate contains our public key and other attributes that can identify us.

  46. When a person sends a digitally signed message to another person, the recipient may verify the validity of the signature via a mathematical operation, using the sender’s chained public key to verify the digital signature created by the sender.

  47. How is a certificate issued? When a person applies for a digital certificate from a CA, the CA usually checks the person's identity and then generates the key pair on the user’s computer. Alternatively, the CA may generate the key pair for the person and deliver the private key to the person via secure means. The private key is kept by the person (stored on the person's computer or possibly on a smart card)

  48. Encryption Example • Peter wants to send Ann his super secret resume.

  49. Encrypting an email (continued) • Peter encrypts using Ann’s public key • Ann decrypts using her private key

  50. Encryption (Continued) If Ann wishes to send Peter a confidential reply, she encrypts her message using Peter's public key. Peter then uses his private key to decrypt and read Ann's reply. 

More Related