1 / 37

Confidentiality, Privacy, and Security

Confidentiality, Privacy, and Security. William A. Yasnoff, MD, PhD Oregon Health Division. Overview. Definitions Fair Information Practices Policies and Procedures Legislation Authentication Encryption Firewalls WWW security. Definitions.

thi
Télécharger la présentation

Confidentiality, Privacy, and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division

  2. Overview • Definitions • Fair Information Practices • Policies and Procedures • Legislation • Authentication • Encryption • Firewalls • WWW security

  3. Definitions • PRIVACY: The right of individuals to hold information about themselves in secret, free from the knowledge of others.

  4. Definitions (continued) • CONFIDENTIALITY: The assurance that information about identifiable persons, the release of which would constitute an invasion of privacy for any individual, will not be disclosed without consent except as allowed by law.

  5. Definitions (continued) • SECURITY: The mechanisms by which confidentiality policies are implemented in computer systems, including provisions for: • Access control • Integrity • Availability

  6. Definitions (continued) • IDENTIFIABLE INFORMATION: Any information, including but not limited to demographic information, which will identify or may reasonably lead to the identification of one or more specific individuals.

  7. Definitions (continued) • CONFIDENTIAL DATABASE: Any collection or grouping of information about individuals maintained by the Division in electronic form which is not comprised solely of public records subject to release on request, and the release of which could represent a breach of confidentiality. . . .

  8. Definitions (continued) • . . . Such information includes, but is not limited to demographic information, medical or testing histories, clinical information, employment or financial status, the results of special studies, participation in or exclusion from specific programs, sources of . . .

  9. Definitions (continued) • . . . information, or new collections of information derived from the linkage of one or more previously existing confidential databases.

  10. Fair Information Practices • Relevance • Integrity • Written Purpose • Need-to-Know Access • Correction • Consent

  11. 1. Relevance • All information collected should be necessary and relevant to public health or required by law. • individuals entitled to privacy • benefits of information should outweigh privacy concerns • collection not overly burdensome, intrusive, or coercive

  12. 2. Integrity • The integrity of information should be protected. • prevent loss, interception, misuse • maintain accurate, complete, timely data • no unauthorized alteration or destruction

  13. 3. Written Purpose • All information collected should be consistent with written public health purposes and/or required by law. • databases must have written purpose(s) • usage restricted to stated purpose(s) • linkage of databases considered a new database

  14. 4. Need-to-Know Access • All confidential information should be accessible only on a need-to-know basis, both internally and externally. • confidentiality agreements for all personnel • access terminated when duties change • no redisclosure • external release for research requires IRB approval

  15. 5. Correction • Individuals should have access to information about themselves and the ability to correct this information to the extent allowed by law. • maintain public list of all databases • name of database • description of information included • information sources (non-confidential) • disputed data must be marked

  16. 6. Consent • Information must be collected with the consent of the individual except as required by law. • informed consent • purpose of information collection • data protections in place • consequences of withholding information • no consent if waived by law

  17. Confidentiality Policies • Fair Information Practices • Data Release Restrictions • Personnel Agreements

  18. Data Release Restrictions • Release without review is restricted • Denominator > 50 [population data] • Denominator > 10 [cohort data]

  19. Personnel Issues • All personnel to sign confidentiality agreements periodically • Special provisions for data system administrators

  20. Confidentiality Provisions • Definition of confidential information • Need-to-know access only • No redisclosure • If questions, ask supervisor • Breach will result in disciplinary action • Confidentiality must be maintained indefinitely

  21. Data System Administrators • Information used only as needed for administration of computer system • Access granted to others only in accordance with established policies and procedures • Disciplinary action for violations may be termination on first offense

  22. Legislation • Health Insurance Portability and Accountability Act (HIPAA) [1996] • privacy standards by August 1997 • security standards by February 1998 • universal health identifier • Fair Health Information Practices (bill introduced in 105th Congress)

  23. Security • Authentication • Encryption • Firewalls • WWW

  24. Authentication • Who are you talking to? • Methods • what the user knows (password) • what the user has (smartcard) • what the user is (biometrics)

  25. Passwords • Longer is better • Never use dictionary words • word1;word2 is good working model • Never write or store passwords • On network, passwords often travel in the clear

  26. End-to-End Authentication • Cryptography based • Challenge-response • response generated with encryption • challenge varies to defeat interception • Time synchronized • password depends on time of day • user-carried device generates password • good for system administrators

  27. Kerberos • User asks “key server” for access to target system • Key server creates message, encrypts with user key, sends • User decrypts message, then encrypts with “access key” of target system • Key server sends “session key” to user and target system (both encrypted)

  28. Kerberos • Key server must be secure • Allows mediation by third party of access among multiple systems • Potential model for electronic medical record exchange • Developed at MIT

  29. Cryptography • Convert plaintext into message readable only with “key” • DES = data encryption standard • 64 bit message • 56 bit key • uses repeated substitution, transposition • breakable in reasonable time with large computer system (31 hrs @ $100K, 20 minutes @ $10 MM)

  30. Cryptography • Triple-DES • apply DES three times • three different keys (168 bits total) • now used for automated teller transactions

  31. Public Key Cryptography • Public Key • in phone directory • Private Key • known only to recipient • Message encrypted with either key can be decrypted with the other • sender encrypts with one key, receiver decrypts with the other key

  32. RSA Cryptography • Public key is product p x q • Private key is factors p, q • Security derived from difficulty in computing factors p, q if pq is large • Larger key size provides more security

  33. Firewalls • Separate, dedicated computer system • Filters packets based on source and/or destination • Mount disks read only • Eliminate all unnecessary commands and services • Minimum number of user accounts

  34. Firewalls as Proxy Servers • Firewall connects to outside system, not your system • By acting as your “proxy”, your system is protected from the outside system • Can be used for • telnet (session) • ftp (file transfer)

  35. Intrusion Detection • Look for unusual access patterns or activity • Types of evaluation • statistical • rule-based • Example: lock account after 3 failed login attempts • Assume all systems are subject to attempted unauthorized use

  36. WWW Security • server scripts (Java) can execute programs on your machine! • Types of WWW security • SSL = secure sockets layer • secure “pipe” between two machines • transparent to application • S-HTTP = secure HTTP • secure “envelopes” for messages • built into browsers

  37. Security Pearls • Back up key files • Use encryption on sensitive data • Use good passwords • Network security requires expertise • authentication • encryption • firewalls

More Related