1 / 21

Locking the Backdoor: Computer Security and Medical Office Practice

Locking the Backdoor: Computer Security and Medical Office Practice. Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology. A case of confidentiality. Dr. B employs an office manager who also does transcription and completes dialysis billing.

rusty
Download Presentation

Locking the Backdoor: Computer Security and Medical Office Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology

  2. A case of confidentiality • Dr. B employs an office manager who also does transcription and completes dialysis billing. • Takes work home to complete. • Home computer crash requiring repair • Computer “irretrievable”; replaced. • Requested “wipe the old hard drive” • The phone call 3 months later…

  3. Computer hard drive recycled to new setup and resold • New purchaser finds medical transcription files stored on the hard drive, and releases to local paper. • Patients involved interviewed by paper • Dr. B gets a call from a lawyer or two…..

  4. What are the issues for Dr. B and patient heath information? • Limiting access to information • Improving confidentiality • Keeping the integrity of medical information

  5. Who has access? • Office employees with need to access medical information (e.g.: nurse, booking, billing) • Office staff with no need to access medical information (e.g.: night cleaning staff) • Cyberspace (i.e.: everyone)

  6. Through what route do they have access? • Single computer • Server / Network within the institution or office • Internet

  7. Where/How is information stored? • Fixed • Server (remote) • Hard drive • Mobile • Compact disks (CD) or DVDs • Floppy, tape, jaz, or zip drives • Memory sticks or data keys

  8. When is information accessible? • From office when open • From outside 24/7

  9. Methods to improve security in the office • Computer access • Information storage and backup • Internet access

  10. Simple things to control access or theft • Password login • In place on most OS • Password protected files • In place in most WP and accounting applications • Chained computer • Locked desk • Locked office

  11. Fixed storage Often can establish permissions to access folders Safer to have remote server (damage) Mobile storage Can be locked away Can removed just as easy Not generally durable storage Magnetic storage– corrupted data after 10 years with some forms such as floppies and zip Less with data keys and flash cards Information storage

  12. Information backup • Best to have a system remote from office • Fire • Surges • Get a protector! • Computer crashes • Back up should be real-time • Best if combined with encryption or password access

  13. Internet access • A computer with access to internet is vulnerable • Broadband (cable) >> dialup • Standalone >> network • Monitored access / Access on demand • No access (not practical)

  14. Internet access • Ways to help • Firewall = a set of instructions limiting what data channels of your internet connection can be accessed from outside and in some cases, by whom AND what programs can access the internet from within your computer

  15. Firewalls – what channels? • Data incoming and outgoing is organized in channels • e.g.: E-mail, Internet, DNS lookup • Can allow data to flow into or out of: • Any • None • Some

  16. Firewalls – a checkpoint • What it can do : audit • What type of data (email, internet and file types) • How frequently / how many attempts • Where it is going (limiting internet access to certain sites) • Low level data content censoring (out and ingoing)

  17. Firewalls • What it can’t do • Intentional bypass of the system • E.g.: Social engineering • Password changes, phone numbers, credit card numbers etc. • Protect against viruses entering • Some can prevent multiple distributions from occurring

  18. Firewalls • Helpful if you have layered security needs to a computer/network • If something is completely confidential/high sensitivity… IT SHOULD BE ISOLATED FROM THE NETWORK

  19. Return to Dr. B – What can be done? • Establish policy that patient data doesn’t leave office • If it has to leave the office: • Password protect/encrypt all files • Delete all files when transferred back to the office • Store transcription work on mobile media that comes back to the office

  20. Within the office… • Lock computer access and or password protect login • Isolate patient information from internet • Educate your patients and staff about your confidentiality standards

  21. Further resources • HIPAA Privacy regulations • http://www.hhs.gov/ocr/hipaa/ • More on Firewalls • http://www.faqs.org/faqs/firewalls-faq/ • Basic Primer on computer security • http://www.cert.org/

More Related