Maintaining Security - Computer Science, Engineering Design - Lecture Slides, Slides of Computer Science

Some concept of Computer Science are Unified Modeling Language, Software Verification, Software Engineering Qualities, Software Architecture Examples, Maintaining Security, Distributed Object Computing, Biomedical Informatics. Main points of this lecture are: Maintaining Security, Privacy of Patient Information, Electronic Medical Records, Software Sample, Wireless Telecommunications, Companion Technologies, Unique Personal Identifier, Evolving Standards

Typology: Slides

2012/2013

Uploaded on 05/15/2013

raaj
raaj 🇮🇳

4.6

(8)

92 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Maintaining Security AND PRIVACY OF
PATIENT INFORMATION
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Maintaining Security - Computer Science, Engineering Design - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Maintaining Security AND PRIVACY OF

PATIENT INFORMATION

Outline

• Why Electronic Medical Records?

• Software Sample/hardware samples

• Barriers/Standards for EHR

• HIPAA Security and Privacy Regulations

• Medical data transmission requirements

• Wireline and Wireless Telecommunications

Services Security

• Security of Patient Medical Records

• References

Software/Hardware Supporting Digital

Medical Records

  • Electronic Medical Record (EMR)Software
    • Soapware - check it out $300 Starting Price see: http://soapware.com/
    • e-MDs Electronic Medical Record Support Software http://www.e-

mds.com

  • a4Healthsystems EMR and Access systems

http://www.a4healthsystems.com

  • Companion Technologies http://www.companiontechnologies.com
  • Security and Privacy - all EMRs must be protected
    • Sample approach: indigenous authentication of digital information (US Patent 6,757,828 B1 of June 29, 2004) by Signa2 http://www.gjtdc.com
    • Backup routinely onto remote servers or storage offerings

What are the Barriers to EHR and e-Health

Implementation?*

  • Lack of a Unique Personal Identifier
  • Lack of HIPAA Compliant Middleware
  • Lack of Incentives
  • No Paradigm or “First Mover” for Some System

Components

  • Evolving Standards
  • Disincentives
  • Lack of an NHIN Architecture
  • [Fear of Cost/Benefit]
  • [Corr 06]

EHR Standards Evolution*

• International Statistical Classification of Diseases

and Related Health Problems (ICD) from ICD-9 to

ICD-

• ASCI X12 Version 4010 to ASCI X12 Version

5010 (HIPAA Business Transactions)

• National Council for Prescription Drug Programs

Telecommunication Standards from version 5.1 to

version D.

• Conversion of all standards to XML

  • [Corr 06]

HIPAA Security and Privacy

Regulations

• Health Insurance Portability Assurance Act

(HIPAA)

– Security - Required stronger and more focused

provision of security around medical information

(supports maintaining of information privacy)

– Privacy - Enforces increase in privacy protections for

medical information (Not just speaking privacy-

required under penalty if failure occurs)

Medical Images Data Transmission

Requirements*

  • Source: Ferrante, F.E.,“Evolving Telemedicine/eHealth Technology,” Telemedicine and e-Health, Vol 11, Number 3, June 2005, Mary Ann Liebert, Inc Publisher, ISSN-1530-5627.

Image Type Image resolution

Image Size

Spatial Size(bits/pixel)

less Control & error bits Ultrasound 512x512 x8 256 Kbytes Other (Angiography, Endoscopy, Nuclear Med., Cardiology, Radiology) 512x512 x8 256 Kbytes

Computed Tomography 512x512 x12 384 Kbytes Magnetic Resonance Imaging 1024x1024 x12 1.5 Mbytes Digitized (Scanned) X-Ray 1024x1280 x12 1.9 Mbytes Digital Radiology 2048x2048 x8 4 Mbytes “ “ (high quality) 2048x2048 x12 6 Mbytes Mammography 4096x4096 x12 25 Mbytes

Wireless Telecommunications

Services

– Broadband Services

• 802.11n

• WiMax

– Security

• PKI

• VPN

• Secure ID

• WEP/WPA/WPA2 (802.11i)

Security of Patient Records

• Wireline Communications/Computer Access

  • Database Encryption
  • Public Private Key access control
  • Routine Password Control and Management
  • Isolation of Database Server from outside access
    • except via Virtual Private Network (VPN) and Secure ID hand-held

devices or Secure Private Key system

• Wireless Communications

  • Wire Equivalent Privacy (WEP)
    • Poorly designed, vulnerable
  • Wireless Protocol Architecture (WPA)& WPA
    • Improved Security Encoding
    • Enterprise Security Offering (Both WPA and WPA2 now available for

Wireless operations as alternate to WEP)