Home - Knowledge Center - Healthcare Technologies - Emerging Technologies

SECURITY TECHNOLOGIES

Healthcare computer systems process a lot of data and there has been rising concerns in an industry already committed to protecting patient information. The Health Information Portability and Accountability Act in the United States and the Data Protection Act in the United Kingdom, backed by the European Directive on Data Protection, are some of the laws that have been passed to patients’ privacy and confidentiality are protected whenever their details are processed by healthcare computer systems.

The onus is now on healthcare organisations to secure data on their systems as stated out in these laws. Failure to comply will result in fines being brought against the offending organisations and in some cases criminal charges.


advertisement  

Security technologies are available to assist prevent unauthorised access of patient information. Three areas that these technologies have been addressing are

  • Data Theft –This includes unauthorised copy of data and equipment theft, especially common with mobile computing devices.
  • Unauthorised access of patient data – This can occur at remote access points, where the intruder accesses data at a computer that has been left unattended. It could also occur when intruders hack externally into the a network and either access the data at the central server or ‘listen’ for data as it is being passed round the network.
  • Unintentional access of patient data – This occurs in situations where members of a healthcare organisation are not authorised to view some or all of a patient’s information but still have access to it. This can lead to events when such information is accidentally viewed.

SECURITY MEASURES

User Identification

All users logging into the information system need to be correctly and successfully identified. Typing in a password and an ID, both of which would be verified against one another, usually does this.

In large organisations with multiple systems, a single user may have a variety of passwords with multiple IDs, to access data on disparate systems. Having to remember all the passwords can be a burden and sometimes a security risk, as users might tend to write down their passwords, which can be found and used to illegally gain access to a system. Sometimes to make things easier for themselves, users might choose a password so trivial that intruders can easily guess it.

The use of single-sign technology can eliminate that problem. Single-sign technology, when installed across the various systems allows a user to have a single ID and password that can be used to log on to them. This simplifies the setting up and managing of passwords and IDs for multiple users and address the security risk that are associated with multiple passwords.

While the use of passwords is probably the most common and easiest way of identifying users, biometrics is another. Biometrics technology allows users to use distinct physical attributes about themselves such fingerprints or their iris to be scanned in order to identify themselves.

Another identification technology would be that of the smart cards. These are credit card sized plastic cards with embed microprocessor or memory chips and when used with a reader provider an adequate method of identification.

Data Access

The use of firewalls provides the first line of defence in the defence of illegal access to a network. Firewalls, which can either be software or hardware, sit between a system’s network and the outside world. It monitors and when necessary blocks traffic when triggered by a set of rules.

Unauthorised access by employees of an organisation is also a worry. The user’s profession usually determines access to information and the type of information the user is allowed to view. While medical data and sometimes therapeutic data of individual patients should be made available to certain healthcare professional (such as their designated physician), it should be made readily available to all. There are now systems that are available that can determine the level of access whenever a user logs on the system.

Data Encryption

This involves the encoding of data such that only personnel with the proper authorisation can decode and view it. The most common method of encryption is the use of the Public Key infrastructure along with digital certificates. This involves the use a secret key to encrypt information, which can then be stored or transmitted. The encrypted data is digitally certified to authenticate its validity and can only be decrypted through the use of a similar key.

The ease at which intruders can decrypt the data by other means depend son the strength of the encryption. The greater the strength, the harder it is to decrypt. 40 bits encryptions are generally considered weak and are easily decoded. Most security experts recommend encryption strengths of 128 bits or more.

This has been a bone of contention for many US organisations as the US government has placed a restriction on systems that use encryption strengths of more than 64 bits. Luckily the healthcare sector has been exempt from that rule and would definitely benefit from using systems that offer encryptions of 128 bits or more.

While software and hardware might aid organisations in securing patient data, social and organisational factors might also need to addressed as well. Installing of hardware in secure places, not writing down or choosing trivial passwords as well as periodically changing them, turning on password protected screen savers when leaving a computer unattended are just some of the things that could a long way in securing data.

 

 

QUICK LINKS
International Medical Informatics Association
American Medical Informatics Association
UK Health Informatics Society
Healthcare Information and Management Systems Society


Knowledge Center
Biomedical Informatics
Bioinformatics
Health Informatics
Healthcare Technologies
Software
Hardware
Networks
Hospital Information Systems
Healthcare Technologies Topics
The Data Protection Act 1998
The European Union Directive on Data Protection
HIPAA
Healthcare Technology Acquisition
Healthcare Technology Implementation
Enabling Healthcare Technologies
Emerging Healthcare Technologies




Copyright © 2018 Biohealthmatics.com. All Rights Reserved. Contact Us - About Us - Privacy Policy - Terms & Conditions - Resources

Can't find what you are looking for? View our Site Map