Contenu connexe Similaire à Mobile devices and applications in healthcare: Security and Compliance Risks (20) Plus de data brackets (20) Mobile devices and applications in healthcare: Security and Compliance Risks1. The New Trend in Healthcare IT
Mobile Devices and
Applications in Healthcare:
Security & Compliance Risks
We will be starting in a moment … Visit us at www.ehr20.com
info@ehr20.com 802-448-2255
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
2. Mobile Devices and Applications in Healthcare The New Trend in Healthcare IT
Security & Compliance Risks
30 May, 2012
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
3. The New Trend in Healthcare IT
Webinar Objectives
• To review mobile security and compliance
requirements
• To share trends and challenges in mobile
devices and applications deployment
• To provide guidelines for preparing and
securing sensitive ePHI data
3
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
4. The New Trend in Healthcare IT
Who we are …
EHR 2.0 Mission: To assist healthcare organizations
develop and implement practices to secure IT systems
and comply with HIPAA/HITECH regulations.
o Education(Training, Webinar & Workshops)
o Consulting Services
o Toolkit(Tools, Best Practices & Checklist)
Goal: To make compliance an meaningful and painless experience, while
building capability and confidence.
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
5. The New Trend in Healthcare IT
HIPAA Titles - Overview
5
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
6. The New Trend in Healthcare IT
HIPAA Security Rule
6
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
7. The New Trend in Healthcare IT
HIPAA Information Security Model
Confidentiality
Limiting information access and
disclosure to authorized users (the right
people)
Integrity
Trustworthiness of information
resources (no inappropriate changes)
Availability
Availability of information resources (at
the right time)
7
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
8. The New Trend in Healthcare IT
PHI(Protected Health Information)
Health
Information
Individually
Identifiable
Health
Information
PHI
8
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
9. ePHI – 18 Identifiers The New Trend in Healthcare IT
Identifiers Examples
Name Max Bialystock
1355 Seasonal Lane
Address (all geographic subdivisions smaller than state,
including street address, city, county, or ZIP code)
Dates related to an individual Birth, death, admission, discharge
212 555 1234, home, office, mobile etc.,
Telephone numbers
212 555 1234
Fax number
Email address LeonT@Hotmail.com, personal, official
Social Security number 239-68-9807
Medical record number 189-88876
Health plan beneficiary number 123-ir-2222-98
Account number 333389
Certificate/license number 3908763 NY
Any vehicle or other device serial number SZV4016
Device identifiers or serial numbers Unique Medical Devices
Web URL www.rickymartin.com
Internet Protocol (IP) address numbers 19.180.240.15
Finger or voice prints finger.jpg
Photographic images mypicture.jpg
Any other characteristic that could uniquely
Social Media Profile
identify the individual
9
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
10. Trends in Healthcare IT The New Trend in Healthcare IT
Informatics Collaboration
Mobile EHR
Computing HIE
10
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
11. The New Trend in Healthcare IT
Technology/Communication Devices
Communication Devices to enable WiFi Connectivity
Desktop/Laptop with WiFi Connectivity
Mobile Phones Mobile Tablet Devices
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
12. The New Trend in Healthcare IT
Mobile Devices and Apps in Healthcare
Desktop/Laptop
• Applications ranging from CPOE & appointment
scheduler to medical billing & nursing suite
• Web Applications
Mobile Phones Mobile Tablet Devices
• Scheduling
• Dictation
• Image Processing: X-Ray
• Scheduling Review
• Patient Alert • Web Applications
• Dictation • Primary Care/Ambulatory
• Web Applications Care
• Professional Nursing Suite
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
13. The New Trend in Healthcare IT
Trends in Mobile Devices (Healthcare)
Mobile Devices
• Declining Desktop Market
• Proliferation of more smart phone devices & tablets
from various manufacturers (Apple, Samsung, LG,
Nokia, etc)
• Access to Web based healthcare Applications
Using known Devices
• Bring Your Own Device (BYOD)
• Making significant inroads as 90% of employees
prefer
• Make healthcare professionals more productive
Data Processing using Cloud Computing
Sophisticated Network Switches & Gears
• Address higher network bandwidth
• Provide better security & Access Control
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
14. The New Trend in Healthcare IT
Challenges in Mobile Devices & Applications
Need Standardization
• Need better standardization on choice of devices
• Unable to block BYOD trend
• Standard practices for picking web applications
Data Structure, Volume, & Complexity
• Increased Volume of Data needs higher network
bandwidth
• Require sophisticated network switches and gears to
accommodate the increased demand in data and
improve “Quality of Service (QoS)”
• Existence Structured, Unstructured, & Semi-
structured data challenges data security measures
More users
• Ease of use of application increases more users
• Users with different roles and responsibilities pose
segregation of duties and conflict of interest issues
• Need better security & Access Control mechanism
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
15. The New Trend in Healthcare IT
Compliance & Security Requirements for Mobile Applications
Choice of Devices & Applications
• Need to impose healthcare policy to manage BYOD
trend
• Security & Compliance best practices to be imposed on
choice of devices and choosing applications
Security & Compliance Policies
• Need to comply with HIPAA/HITECH
requirements for addressing
• Regulatory Standards and Conventions
• Authentication & Access Control
• Mis-configurations
• Data Security Standards
• Information Processing Standards
• Provider Privacy
• Patient Privacy
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
16. The New Trend in Healthcare IT
Security & Compliance Recommendations & Best Practices for Mobile Apps
Security & Compliance Best Practices
• HIPAA/HITECH validated checklist of best
practices for addressing
• Standard for choosing mobile devices and
applications
• Mobile applications:
• Authentication & Access Control
• Segregation of Duties (SoD) and Conflict
of Interest (CoI) issues
• Data Validation
• Data Security Standards
• Data Confidentiality
• Data Loss (51% due to insecure mobile
usage)
• Mis-configurations
• Best practices against Phishing & Mobile
Malware
• Cryptography
• Denial of Service (DoS)
• WiFi Security best practices
• Control access to Apple’s random apps like
© 2012 EHR 2.0. All rights reserved.To purchase reprints ofAppStore
this document, please email info@ehr20.com.
17. The New Trend in Healthcare IT
Top 5 Mobile Security Guidelines
Areas Description
Access Control Controls in place over authorizing the user of the device
Encryption Technology in place to protect data at rest.
Backups How, when and where backups are handled.
How the device is managed remotely, if at all. This includes the
Remote
ability to restrict application access, web access, encrypt data,
Management
remotely wipe, etc.
Ensuring that sensitive data transported over the network is
encrypted. This data includes usernames and passwords, but
Insecure
encrypted. also session management information and other
Transport
data. Does the application force the use of encrypted
technologies?
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
18. The New Trend in Healthcare IT
Where do you start?
Identify mobile ePHI systems,
processes and people involved
Conduct Risk Assessment
- Platform, Solution, etc.
Use Best Practices
- Patching, AV, Remote Wipe,
Encryption
Assess and Improve
- Monitor, Evaluate and adjust
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com. 18
19. The New Trend in Healthcare IT
Additional Resources
NIST – Guidelines on Cellphone and PDA Security
- SP800-124
19
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
20. Risk Assessment of Technology
The New Trend in Healthcare IT
• Laptops, Desktops
• Storage Devices
• Networking devices (Routers,
Switches & Wireless)
• Medical Devices
• Scanners, fax and photocopiers
• VoIP
Any device that
• Smart-phones, Tablets (ipad,
electronically stores or
transmits information PDAs)
using a software • Cloud-based services
program
20
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
21. The New Trend in Healthcare IT
EHR 2.0 Services
Toolkit
• BA, HIPAA/HITECH Assessment, OCR
• Self-prepare, Prepare and Prepare Plus
Education
• Workshop, Training, Private Webinars
• 1-4 hours, Role-based and Customized
Consulting
• Security, Compliance and HC Experts
• Project Specific
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
22. The New Trend in Healthcare IT
Upcoming Events
• Next Live Webinars
EHR Adoption Challenges(6/6)
Meaningful Use Risk Analysis (6/13)
Sign-up at ehr20.com/webinars
• Visit us at www.ehr20.com
802-448-2255 info@ehr20.com
22
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.
23. The New Trend in Healthcare IT
Questions?
E-mail: info@ehr20.com
Call: 802-448-2255
23
© 2012 EHR 2.0. All rights reserved.To purchase reprints of this document, please email info@ehr20.com.