locking the backdoor computer security and medical office practice l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Locking the Backdoor: Computer Security and Medical Office Practice PowerPoint Presentation
Download Presentation
Locking the Backdoor: Computer Security and Medical Office Practice

Loading in 2 Seconds...

play fullscreen
1 / 21

Locking the Backdoor: Computer Security and Medical Office Practice - PowerPoint PPT Presentation


  • 172 Views
  • Uploaded on

Locking the Backdoor: Computer Security and Medical Office Practice. Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology. A case of confidentiality. Dr. B employs an office manager who also does transcription and completes dialysis billing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Locking the Backdoor: Computer Security and Medical Office Practice' - rusty


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
locking the backdoor computer security and medical office practice

Locking the Backdoor: Computer Security and Medical Office Practice

Dr. Maury Pinsk, FRCPC

University of Alberta

Division of Pediatric Nephrology

a case of confidentiality
A case of confidentiality
  • Dr. B employs an office manager who also does transcription and completes dialysis billing.
  • Takes work home to complete.
  • Home computer crash requiring repair
  • Computer “irretrievable”; replaced.
  • Requested “wipe the old hard drive”
  • The phone call 3 months later…
slide3
Computer hard drive recycled to new setup and resold
  • New purchaser finds medical transcription files stored on the hard drive, and releases to local paper.
  • Patients involved interviewed by paper
  • Dr. B gets a call from a lawyer or two…..
what are the issues for dr b and patient heath information
What are the issues for Dr. B and patient heath information?
  • Limiting access to information
  • Improving confidentiality
  • Keeping the integrity of medical information
who has access
Who has access?
  • Office employees with need to access medical information (e.g.: nurse, booking, billing)
  • Office staff with no need to access medical information (e.g.: night cleaning staff)
  • Cyberspace (i.e.: everyone)
through what route do they have access
Through what route do they have access?
  • Single computer
  • Server / Network within the institution or office
  • Internet
where how is information stored
Where/How is information stored?
  • Fixed
    • Server (remote)
    • Hard drive
  • Mobile
    • Compact disks (CD) or DVDs
    • Floppy, tape, jaz, or zip drives
    • Memory sticks or data keys
when is information accessible
When is information accessible?
  • From office when open
  • From outside 24/7
methods to improve security in the office
Methods to improve security in the office
  • Computer access
  • Information storage and backup
  • Internet access
simple things to control access or theft
Simple things to control access or theft
  • Password login
    • In place on most OS
  • Password protected files
    • In place in most WP and accounting applications
  • Chained computer
  • Locked desk
  • Locked office
information storage
Fixed storage

Often can establish permissions to access folders

Safer to have remote server (damage)

Mobile storage

Can be locked away

Can removed just as easy

Not generally durable storage

Magnetic storage– corrupted data after 10 years with some forms such as floppies and zip

Less with data keys and flash cards

Information storage
information backup
Information backup
  • Best to have a system remote from office
    • Fire
    • Surges
      • Get a protector!
    • Computer crashes
  • Back up should be real-time
  • Best if combined with encryption or password access
internet access
Internet access
  • A computer with access to internet is vulnerable
    • Broadband (cable) >> dialup
    • Standalone >> network
    • Monitored access / Access on demand
    • No access (not practical)
internet access14
Internet access
  • Ways to help
    • Firewall

= a set of instructions limiting what data channels of your internet connection can be accessed from outside and in some cases, by whom

AND what programs can access the internet from within your computer

firewalls what channels
Firewalls – what channels?
  • Data incoming and outgoing is organized in channels
    • e.g.: E-mail, Internet, DNS lookup
  • Can allow data to flow into or out of:
    • Any
    • None
    • Some
firewalls a checkpoint
Firewalls – a checkpoint
  • What it can do : audit
    • What type of data (email, internet and file types)
    • How frequently / how many attempts
    • Where it is going (limiting internet access to certain sites)
    • Low level data content censoring (out and ingoing)
firewalls
Firewalls
  • What it can’t do
    • Intentional bypass of the system
      • E.g.: Social engineering
        • Password changes, phone numbers, credit card numbers etc.
    • Protect against viruses entering
      • Some can prevent multiple distributions from occurring
firewalls18
Firewalls
  • Helpful if you have layered security needs to a computer/network
  • If something is completely confidential/high sensitivity…

IT SHOULD BE ISOLATED FROM THE NETWORK

return to dr b what can be done
Return to Dr. B – What can be done?
  • Establish policy that patient data doesn’t leave office
  • If it has to leave the office:
    • Password protect/encrypt all files
    • Delete all files when transferred back to the office
    • Store transcription work on mobile media that comes back to the office
within the office
Within the office…
  • Lock computer access and or password protect login
  • Isolate patient information from internet
  • Educate your patients and staff about your confidentiality standards
further resources
Further resources
  • HIPAA Privacy regulations
    • http://www.hhs.gov/ocr/hipaa/
  • More on Firewalls
    • http://www.faqs.org/faqs/firewalls-faq/
  • Basic Primer on computer security
    • http://www.cert.org/