Chap 9 Privacy and Security

INFORMATION TECHNOLOGY
for the Health Professions

Fourth Edition
CHAPTER 9
Security and
Privacy in an
Electronic Age
Information Technology for the Health Professions, Fourth Edition

Lillian Burke • Barbara Weill
Learning Objectives
• Learn on overview about privacy and

security
• Threats to Information Technology –
before and current
• Threats to privacy
• To know how HIPAA plays role in
security
• To identify other privacy issues in
healthcare
Privacy and Security
• Many companies and some government

departments have lost, misplaced, or
sold confidential information—some of
it medical.
• With 2014 as a target year for
computerizing medical records,
effective security for the privacy of
computerized information is a
necessity.

Threats to Information Technology
• Crime such as spreading viruses

• Natural disasters such as flood or fire
• Human error

Computer Technology
and Crime
• Computer technology has led to new
forms of crime.
• Crimes using computers and crimes
against computers:
▪ Most are both—using computers to
harm computers

Computer Crime – types
• Spreading viruses
▪ Programs that reproduce themselves
and harm computers
▪ Aim to destroy organization’s network,
data and system
▪ Eg: committing fraud and scams over
Internet, software piracy

Computer Crime
• Theft of information
▪ Breaking into private databases, such as
hospital databases, and misusing
information
• Theft of services
▪ Theft of cable TV

Computer Crime
• Fraud/scam
▪ Using a computer program to illegally
transfer money from one account to
another
▪ Printing payroll checks to oneself
▪ False insurance claims
▪ Call from unfamiliar number
• Software piracy
▪ Illegally copying copyrighted software
Identity Theft
• Someone using your private information to

assume your identity.
• An identity thief needs only a few pieces of
information (such as Social Security number,
mother's maiden name) to steal your identity.
• Among those who find out who stole their
identity, half are members of the family or
household of the victim.
• Many states have passed laws against identity
theft.

Identity Theft
• Identity theft is now at a low point.

• In 2010, the average amount that
fraud victims had to pay had increased
from $387.00 to $681.00 due to new
account fraud.
• 2009–2010—Data breaches, which put
your identity at risk, have increased
33%.

Current Threats to Computer
Systems
• Spyware
▪ Software that can be installed without
user's knowledge to track their actions
on a computer . Eg: adware
• Adware
▪ May display unwanted popup
advertisements on your monitor
▪ May be related to the sites you search
on the Web or even the content of your
e-mail .adware
Systems
• A fraudulent dialer/phone fraud can:
▪ Connect the user with numbers without the
user's knowledge
▪ Connect the user's computer to an expensive
charging numbers

Systems
• Phishing involves sending fraudulent
messages via e-mail or instant
message that seems to be from a
legitimate source.

Systems
• A Trojan horse appears to be a normal
program, such as a computer game, but
conceals malicious functions.
• It hide seemingly harmless program or
trick you to download it.
• An e-mail bomb is attack towards email
inbox that sends so much e-mail to one
address that the server stops working.
https://www.youtube.com/watch?v=3kTP
8_UPrrM
Systems
• Botnets can remove software or send
spam.botnet

Systems
• Keylogging can be used by anyone to
track anyone else's keystrokes, web site
visited, email address typed.keylogger
• Malware includes many forms of malicious
hardware, software, and firmware.

Security
• Security systems try to protect

computer hardware, software, and data
from harm by restricting access,
training employees, and passing laws.
• Attempts at restricting access:
▪ PINs (personal identification numbers)
or passwords
▪ Locking computer rooms and requiring
employees to carry ID cards and keys

Security
• Biometric methods
▪ Fingerprints
▪ Hand prints
▪ Retina or iris scans
▪ Lip prints
▪ Facial thermography

Security
• Biometrics also include:

▪ Body odor sensors
▪ Facial structure scans
▪ Iris and retina scans
▪ Keyboards that can identify a person by
behavior, fingerprint, voice, or gait
• None of these methods is foolproof.

Security
• On April 12, 2011, assistant director of

the FBI's cyberdivision, Gordon Snow,
told the Senate Judiciary Crime and
Terrorism Subcommittee that criminals
can “penetrate any system that is
accessible from the Internet.”

Security
• This means, he continued, that

“government networks and the nation's
critical infrastructure could be
degraded, disrupted, or destroyed.”
Even when a crime is detected, it is
very difficult to know where it
originated or who did it.

Backup Systems
• No security system is foolproof.

• A backup system is necessary:
▪ Copies of data
▪ Copies of software
▪ Off-site (over the Internet)

Figure 12.3
Federal laws intended to protect computer systems and privacy of individuals.

Figure 12.3 (continued)

Figure 12.3 (continued)

Privacy
• Privacy refers to the right to control

your personal information.
PRIVACY SECURITY
defined as the appropriate •commonly referred to as
use of data. When the confidentiality,
companies and merchants availability, and integrity of
use data or information that data.
is provided or entrusted to •all of the practices and
them, the data should be processes that are in place
used according to the to ensure data isn't being
agreed purposes. used or accessed by
unauthorized individuals or
parties.

Threats to Privacy
1) Government databases maintained at

the local, state, and federal level
include:
▪ Tax information
▪ Welfare information
▪ Property ownership
▪ Driving records
▪ Criminal records

Threats to Privacy
• RFID (radio frequency identification)

tags:
▪ Personal data link to RFID
▪ The FDA has approved the tags for
medical use.
▪ These chips are very easily
counterfeited.

Threats to Privacy
• There are legal restrictions on the

federal government and what it does
with information it collects.
• There are few restrictions on state and
local jurisdictions:
▪ Some local jurisdictions sell information.
▪ Some put the information on the
Internet.

Threats to Privacy
2) Private databases maintained by

corporations interested in buying habits
to personalize advertising. These
databases hold information on:
▪ Buying habits
▪ Credit rating
▪ Health information
▪ Reading habits

Threats to Privacy
3) Databases online with information

available for a fee
• Information from government
databases can be linked to private
databases by using Social Security
numbers.

Privacy, Security, and Health
Care: HIPAA and HITECH
• Health Insurance Portability and
Accountability Act of 1996 (HIPAA) is
the first federal legislation to put a
national law under the privacy of
medical information.
• HITECH extends the privacy protections
of HIPAA.

HIPAA and HITECH
• HIPAA and HITECH encourage the use

of the electronic medical record (EMR)
and encryption to protect its privacy.
• HIPAA requires health care facilities
(protected entities) to conduct a risk
analysis and to address the risks.

HIPAA and HITECH
• Until recently, the Department of

Health and Human Services preferred
to work for voluntary compliance and
settle complaints through corrective
action plans.

HIPAA and HITECH
• However, in July 2008, for the first

time, a covered entity was required to
pay a fine. After receiving 31
complaints about one company, the
OCR and CMS investigated and required
it to pay $100,000.
• There has also been an increase in
criminal prosecutions by the
Department of Justice.

Data Warehouses
• Some private data warehouses exist for

the sole purpose of collecting and
selling personal information.
• They sell information to credit bureaus
and to employers for background
checks.
• Electronic databases are now being
linked into larger and more
comprehensive super databases.
Other Privacy Issues:
1)Telemedicine
• Telemedicine raises issues of the
privacy of:
▪ Medical information on networks
▪ Information that routinely crosses state
lines

2)E-mail
• E-mail is not legally private.
• E-mail in a health care setting can be
read by many people, including clerks,
secretaries, and health care providers.
• Offices that use e-mail need to inform
the patient of who will read it, what
issues may be mentioned in e-mails,
and the turnaround time.

3)Genetic Information
• As research focuses on genetics and an
individual's genetic probability of
developing certain diseases, privacy
issues arise.

Genetic Information
• GINA, the Genetic Information
Nondiscrimination Act, became law on
May 21, 2008.
▪ Basic purpose is to protect people from
discrimination by health insurers and
employers based on genetic
information.

Genetic Information
• The latest updates on GINA, effective in
2011, clarify who the law covers in
regard to employment: applicants,
trainees, apprentices, and current and
former employees.

4) EMR
• The electronic medical record (EMR),
like other information in electronic
form, is not secure.
• HIPAA and HITECH encourage its use.
• HIPAA and HITECH require security
measures for all personally identifiable
medical information.

Security Breaches
• Events that potentially put a person's

name, Social Security number, driver's
license number, medical record, or
financial record (credit or debit card)
potentially at risk, either in electronic
or paper form.

Security Breaches
• Most of the breaches were by covered

entities, but some involved business
associates. They supplied information
to unauthorized access, theft, loss of
information, hacking.
• HITECH extended HIPAA's privacy
protections to business associates of
covered entities.

Conclusion
• If medical and health records are

digitized and put online, then
encryption is compulsory.
• A national database of health records
could improve health care by making all
your medical information (including
allergies, medications, and most recent
test results) available in any hospital,
doctor's office, and emergency room.

Conclusion
• Currently, data is not secure. As a

result:
▪ Marketers can tailor advertising to
people with a particular disease.
▪ Lenders can disqualify people on the
basis of an estimate of how long they
would live.
▪ Employers can deny employment or
promotion (although this is not legal).


Chap 9 Privacy and Security

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chap 9 Privacy and Security

Uploaded by

Copyright:

Available Formats

INFORMATION TECHNOLOGY

for the Health Professions

Information Technology for the Health Professions, Fourth Edition

• Learn on overview about privacy and

• Many companies and some government

Information Technology for the Health Professions, Fourth Edition

• Crime such as spreading viruses

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• Someone using your private information to

Information Technology for the Health Professions, Fourth Edition

• Identity theft is now at a low point.

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• Security systems try to protect

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• Biometrics also include:

Information Technology for the Health Professions, Fourth Edition

• On April 12, 2011, assistant director of

Information Technology for the Health Professions, Fourth Edition

• This means, he continued, that

Information Technology for the Health Professions, Fourth Edition

• No security system is foolproof.

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• Privacy refers to the right to control

Information Technology for the Health Professions, Fourth Edition

1) Government databases maintained at

Information Technology for the Health Professions, Fourth Edition

• RFID (radio frequency identification)

Information Technology for the Health Professions, Fourth Edition

• There are legal restrictions on the

Information Technology for the Health Professions, Fourth Edition

2) Private databases maintained by

Information Technology for the Health Professions, Fourth Edition

3) Databases online with information

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• HIPAA and HITECH encourage the use

Information Technology for the Health Professions, Fourth Edition

• Until recently, the Department of

Information Technology for the Health Professions, Fourth Edition

• However, in July 2008, for the first

Information Technology for the Health Professions, Fourth Edition

• Some private data warehouses exist for

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

Information Technology for the Health Professions, Fourth Edition

• Events that potentially put a person's

Information Technology for the Health Professions, Fourth Edition

• Most of the breaches were by covered

Information Technology for the Health Professions, Fourth Edition