1 / 20

Scott Van Heest IT Specialist, Data Analysis and Support Team, NPCR, CDC Denise Farmer

ABSTRACT PLUS VERSION 3: Security Standards Upheld. Scott Van Heest IT Specialist, Data Analysis and Support Team, NPCR, CDC Denise Farmer CDC/NPCR Contractor. National Center for Chronic Disease Prevention and Health Promotion.

crush
Download Presentation

Scott Van Heest IT Specialist, Data Analysis and Support Team, NPCR, CDC Denise Farmer

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ABSTRACT PLUS VERSION 3: Security Standards Upheld Scott Van Heest IT Specialist, Data Analysis and Support Team, NPCR, CDC Denise Farmer CDC/NPCR Contractor National Center for Chronic Disease Prevention and Health Promotion NAACCR 2010 Annual ConferenceQuebec City, CanadaJune 24, 2010 Division of Cancer Prevention and Control

  2. Background NPCR program standards require registries to have data security procedures in place to ensure cancer registry data are available only to those who need to use it for legitimate purposes Controlling access to data helps ensure patient privacy and data confidentiality Abstract Plus version 3, has improved software features to uphold security standards

  3. Abstract Plus Purpose Summarize the medical record into an electronic report of cancer diagnosis and treatment by abstractors and other individuals or groups who work with cancer data Conduct casefinding, reabstracting (blind or un-blinded), and recoding audits of reporting facilities and central registry coding staff CDC provides support and consultation to state central registries for their state-specific customization and distribution of the Registry Plus software

  4. Abstract Plus Functions Used to abstract, code, and audit cancer cases using standard data items and codes Supports abstraction and auditing of all data items in national standard data sets, including all text fields and state-specific data items Entered abstracts are validated by customizable edits, allowing for interactive error correction while abstracting Customized by central registries for distribution to and use by hospitals and other reporting sources Also used for special projects and start-up registries

  5. Security Features Options to configure security policies Form-based authentication, and Challenge Questions for individual users User passwords stored and encrypted using a one-way hash method Microsoft Access encrypted databases Microsoft SQL Server database option Role-based access

  6. Results: Application Preferences Security Policies Security Challenge Questions Password Expiration, Re-use, and Password Expression (restrictions) options Database options

  7. Security Policies Options for challenge question setup and use Options for password expiration, re-use and password restrictions

  8. Security Questions Add or remove challenge questions to be presented to the user • Security Challenge Questions can be added or removed from current list of questions

  9. Password Expression Use default Edit Test custom password restrictions • Customized password restrictions can be set via regular expression, or the default expression can be used

  10. Database Options SQL Server options

  11. MS Access Encrypted Databases Password protected access outside application User passwords encrypted in database Common database access needs met through menu selections Support available for database customization

  12. MS SQL Server Database Option Requires SQL Server database management for abstract database Allows multi-user abstract database access, with record locking Requires database connection string for setup SQL Server offers inherent security features Login same as MS Access option Database option included in title bar

  13. Role-based Access Facility Abstractors (login access): Add, edit, delete, print, and export abstracts Auditors (additional password required) – perform all Facility Abstractor functions, plus: Perform casefinding, reabstracting, and recoding audits Administrators (additional password required) - perform all Facility Abstractor and Auditor functions, plus: Set application preferences Manage abstracting and auditing display types, and set up audit databases Manage user accounts and passwords Maintain Administrator/Auditor passwords

  14. Form-based Authentication Login requires valid username and password First-time access to application requires setup of user account Initial login requires setup of user’s password with challenge security questions Forgotten password can be reset by user with valid answers to challenge questions Password canbe managed by user or administrator User allowed to change password (must know old password)

  15. Creating User Account on Initial Access Enter User Name, User ID, and Initials Click Add Click Close User Name User ID User ID

  16. Initial Log In Enter User ID form new user account Enter default, initial access password (Welcome1) Update default password to new secure, user-specified password User ID Welcome1 Enter and confirm new password

  17. Define User’s Security Questions Prompted to select and answer required number of questions Each selected question must be different Verification of answers used to reset forgotten password Select questions and answers

  18. Routine Log In User ID and Password required Password is case sensitive Click Forgot Password to reset password using security questions to verify user Click Change Password to change existing, known password User ID Password

  19. Conclusions Abstract Plus version 3: Provides user-friendly, flexible options for meeting changing security standards Preserves the confidentiality, integrity, and availability of cancer registry data

  20. Thank You! Denise Farmer, dfarmer@cdc.gov Joe Rogers, jrogers@cdc.gov Sherrie Stein, sstein@cdc.gov Kathleen K. Thoburn, kthoburn@cdc.gov The findings and conclusions in this report are those of the authors and do not necessarily represent the official position of the Centers for Disease Control and Prevention. National Center for Chronic Disease Prevention and Health Promotion Division of Cancer Prevention and Control

More Related