Download Maintaining Security - Computer Science, Engineering Design - Lecture Slides and more Slides Computer Science in PDF only on Docsity!
Maintaining Security AND PRIVACY OF
PATIENT INFORMATION
Outline
• Why Electronic Medical Records?
• Software Sample/hardware samples
• Barriers/Standards for EHR
• HIPAA Security and Privacy Regulations
• Medical data transmission requirements
• Wireline and Wireless Telecommunications
Services Security
• Security of Patient Medical Records
• References
Software/Hardware Supporting Digital
Medical Records
- Electronic Medical Record (EMR)Software
- Soapware - check it out $300 Starting Price see: http://soapware.com/
- e-MDs Electronic Medical Record Support Software http://www.e-
mds.com
- a4Healthsystems EMR and Access systems
http://www.a4healthsystems.com
- Companion Technologies http://www.companiontechnologies.com
- Security and Privacy - all EMRs must be protected
- Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com
- Backup routinely onto remote servers or storage offerings
What are the Barriers to EHR and e-Health
Implementation?*
- Lack of a Unique Personal Identifier
- Lack of HIPAA Compliant Middleware
- Lack of Incentives
- No Paradigm or “First Mover” for Some System
Components
- Evolving Standards
- Disincentives
- Lack of an NHIN Architecture
- [Fear of Cost/Benefit]
EHR Standards Evolution*
• International Statistical Classification of Diseases
and Related Health Problems (ICD) from ICD-9 to
ICD-
• ASCI X12 Version 4010 to ASCI X12 Version
5010 (HIPAA Business Transactions)
• National Council for Prescription Drug Programs
Telecommunication Standards from version 5.1 to
version D.
• Conversion of all standards to XML
HIPAA Security and Privacy
Regulations
• Health Insurance Portability Assurance Act
(HIPAA)
– Security - Required stronger and more focused
provision of security around medical information
(supports maintaining of information privacy)
– Privacy - Enforces increase in privacy protections for
medical information (Not just speaking privacy-
required under penalty if failure occurs)
Medical Images Data Transmission
Requirements*
- Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627.
Image Type Image resolution
Image Size
Spatial Size(bits/pixel)
less Control & error bits Ultrasound 512x512 x8 256 Kbytes Other (Angiography, Endoscopy, Nuclear Med., Cardiology, Radiology) 512x512 x8 256 Kbytes
Computed Tomography 512x512 x12 384 Kbytes Magnetic Resonance Imaging 1024x1024 x12 1.5 Mbytes Digitized (Scanned) X-Ray 1024x1280 x12 1.9 Mbytes Digital Radiology 2048x2048 x8 4 Mbytes “ “ (high quality) 2048x2048 x12 6 Mbytes Mammography 4096x4096 x12 25 Mbytes
Wireless Telecommunications
Services
– Broadband Services
• 802.11n
• WiMax
– Security
• PKI
• VPN
• Secure ID
• WEP/WPA/WPA2 (802.11i)
Security of Patient Records
• Wireline Communications/Computer Access
- Database Encryption
- Public Private Key access control
- Routine Password Control and Management
- Isolation of Database Server from outside access
- except via Virtual Private Network (VPN) and Secure ID hand-held
devices or Secure Private Key system
• Wireless Communications
- Wire Equivalent Privacy (WEP)
- Poorly designed, vulnerable
- Wireless Protocol Architecture (WPA)& WPA
- Improved Security Encoding
- Enterprise Security Offering (Both WPA and WPA2 now available for
Wireless operations as alternate to WEP)