Unit Objectives Security and Wireless Networking, Lecture notes of Wireless Networking

Download Unit Objectives Security and Wireless Networking and more Lecture notes Wireless Networking in PDF only on Docsity! 1 Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000015. Unit Objectives • List and describe common security concerns • Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. • Describe security concerns for wireless networks and h t dd thow o a ress em • List security concerns/regulations for health care applications • Describe security safeguards used for health care applications 2Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 Security and Wireless Networking • Wireless networks unsecure by their very nature. – Home networks. – Hot spots. – Campus environments. • Wireless networks are everywhere in medical environment. – Doctors & nurses move from room-to-room constantly. 3Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 2 Wireless Device Security • Wireless Access Points (WAPs) must be configured for security: – Change default password. – Select unique SSID. – Do not broadcast SSID. – Require WPA2 authentication. – Restrict access to known devices. • Can program MAC addresses into WAP memory. 4Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 Wireless Device Security (cont’d) • Install digital certificates on sensitive devices. – Only devices with known/valid certificates can communicate on network . – Requires use of special servers. – Not usually for small offices. 5Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 • The image shows a partial browser address bar with a  valid bank certificate. • Click the gold lock to view the bank’s certificate. Wireless Device Security (cont’d) • Smartphones – All portable devices connecting to network need AV protection. – Do not use a portable device for sensitive transactions unless it is AV protected. – Do not open e-mail or attachments from unsolicited sources. • Known sources might be virus infected, meaning that they did not send the e-mail/attachment. – No exceptions. 6Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 5 HIPAA and Privacy • Privacy Rule  HIPAA requires those covered by the act to provide patients a “Notice of Privacy Practices” when care is first provided.  The Privacy Rule covers paper and electronic private health information. • Security Rule  Covers administrative, physical, and technical data safeguards that secure electronic health record data. 13Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 What is Privacy? • Most privacy law revolves around privacy between a person and the government. • According to Wikipedia, “The law of privacy regulates the type of information which may be collected and how this information may be used and stored.”  i.e., privacy relates to people. 14Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 What is Confidentiality? • Not the same as privacy. • According to Wikipedia, “Confidentiality is commonly applied to conversations between doctors and patients. Legal protections prevent physicians from revealing certain discussions with patients, even under oath in court. The rule only applies to secrets shared between physician and patient during the course of providing medical care.”  i.e., confidentiality relates to data. 15Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 6 Steps to Secure EHR & Records • Authenticate & authorize all record access – Only those with ‘need to know’ can view. – Only pertinent people can change records. – Limit who can print electronic documents. – All views and changes recorded for audit trail. • Examples: – A clerk can view the dates and charges related to an office visit but nothing about treatment. – Nurses and doctors can view medical records for patients under their care and no one else. 16Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 Steps to Secure EHR & Records (cont’d) • Device security – Apply OS critical updates immediately. – AV definitions always current. – Restrict physical access to servers. – Allow only authenticated device access. • Secure electronic communications – Encrypt all EHR communications. – Client-server environment. – Configure user accounts and groups. – Implement network access protection mechanisms. 17Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011 Steps to Secure EHR & Records (cont’d) • Web environment considerations – Implement HTTPS for all Web transactions. – Validate all data entered into Web forms. • Perform regular audits of access and changes • Implement redundant devices – Ensures that devices are available as expected. – Load balance heavily used hardware devices. • Prosecute security violations vigorously • Backup EHR data with secure storage 18Component 4/Unit 8-3 Health IT Workforce Curriculum Version 2.0/Spring 2011