Upload
kimarie-brown
View
1.395
Download
5
Tags:
Embed Size (px)
Citation preview
LEGAL AND ETHICAL CONSIDERATIONS IN NURSING INFORMATICSInformation Security and Confidentiality
Learning OutcomesLearning Outcomes
1. Differentiate between privacy, confidentiality, information privacy, and information security.
2. Discuss how information system security affects privacy, confidentiality, and security.
3. Identify potential threats to system security and information.
Learning OutcomesLearning Outcomes
4. Discuss security measures designed to protect information.
5. Compare and contrast available methods of authentication in terms of levels of security, costs, and ease of use.
6. Distinguish between appropriate and inappropriate password selection and processing.
Learning OutcomesLearning Outcomes
7. Identify common examples of confidential forms and communication seen in healthcare settings and identify proper disposal techniques for each.
8. Discuss the impact that Internet technology has on the security of health-related information.
SecuritySecurity
Information security and confidentiality of personal information represent major concerns in today’s society amidst growing reports of stolen and compromised information.
ConfidentialityConfidentiality
In the USA, the protection of healthcare information is mandated by the Health Insurance Portability and Accountability Act (HIPAA) and the Joint Commission requirements.
PrivacyPrivacy
A state of mind, freedom from intrusion, or control over the exposure of self or of personal information
Significance of PrivacySignificance of Privacy
Key concept to understanding significance of information security and privacy
Includes right to determine what information is collected, how it is used, and the ability to review collected information for accuracy and security
International movement to protect privacy
ConfidentialityConfidentiality
A situation in which a relationship has been established and private information is shared with the expectation that it will not be re-disclosed
Key to client treatment
Information/Data PrivacyInformation/Data Privacy
The right to choose the conditions and extent to which information and beliefs are shared and the right to ensure accuracy of information collected
Information SecurityInformation Security
…the protection of information against threats to its integrity, inadvertent disclosure, or availability determines the survivability of a system
Information System SecurityInformation System Security
Ongoing protection of both information housed on the system and the system itself from threats or disruption
Primary goals
Protection of client confidentiality Protection of information integrity Ready availability of information when needed
Security PlanningSecurity Planning
Saves time and money
Guards against: Downtime Breeches in confidentiality Loss of consumer confidence Cybercrime Liability Lost productivity
Helps ensure compliance with regulatory body/laws
Steps to SecuritySteps to Security
Assessment of risks and assets
An organizational plan
A “culture” of security
The establishment and enforcement of policies
Threats to System Security Threats to System Security and Informationand Information Thieves
Hackers and crackers
Denial of service attacks
Terrorists
Viruses, worms
Flooding sites
Power fluctuations
Revenge attacks
Threats to System Security Threats to System Security and Informationand Information Pirated Web sites
Poor password management
Compromised device
Fires and natural disasters
Human error
Unauthorized insider access
Security Measures Security Measures
• Firewalls– barrier created from software and hardware
• Antivirus and spyware detection
• User sign-on and passwords or other means of identity management
• Access on a need-to-know basis- level of access
• Automatic sign-off
• Physical restrictions to system access
Identity ManagementIdentity Management
Area that deals with identifying individuals in a system and controlling their access to resources within that system by associating user rights and restrictions with the established identity
AuthenticationAuthentication
Process of determining whether someone is who he or she professes to be
Methods: access codes logon passwords digital certificates public or private keys used for encryption and
biometric measures
PasswordPassword
Collection of alphanumeric characters that the user types into the computer
May be required after the entry of an access code or user name
Assigned after successful system training
Inexpensive but not the most effective means of authentication
Password Selection and Password Selection and HandlingHandling
Do: Choose passwords that
are 8-12 characters long.
Avoid obvious passwords.
Keep your password private- ie, do not share.
Change password frequently.
Do not: Post or write down
passwords.
Leave computers or applications running when not in use.
Re-use the same password for different systems.
Use the “browser save” feature.
BiometricsBiometrics
Identification based on a unique biological trait, such as: a fingerprint voice or iris pattern retinal scan hand geometry face recognition ear pattern smell blood vessels in the palm gait recognition
Antivirus SoftwareAntivirus Software
Computer programs that can locate and eradicate viruses and other malicious programs from scanned memory sticks, storage devices, individual computers, and networks
Spyware Detection SoftwareSpyware Detection Software
Spyware a type of software that installs itself without
the user’s permission, collects passwords, PIN numbers, and account numbers and sends them to another party
Spyware Detection Software Detects and eliminates spyware
Proper Handling and Disposal Proper Handling and Disposal
Acceptable uses
Audit trails to monitor access
Encourage review for accuracy
Establish controls for information use after hours and off site
Shred or use locked receptacles for the disposal of items containing personal health information
The Impact of the InternetThe Impact of the Internet
Introduces new threats E-mail and instant messages may carry
personal health information that can be intercepted
Unapproved use of messages or Web sites can introduce malicious programs
Web sites used for personal health information may be inappropriately accessed
Implications for Mobile Implications for Mobile ComputingComputing Devices are easily stolen.
Devices should require authentication and encryption to safeguard information security.
Devices should never be left where information may be seen by unauthorized viewers.
Verify wireless networks before use.
Implications for Mobile Implications for Mobile ComputingComputing
Responsibility for information and information system security is shared
Reference
Hebda, T. & Czar, P. (2013). Handbook of informatics for nurses and health care professionals (5th ed.). Upper Saddle River, New Jersey: Pearson.