Transcript Chapter 2 - Security and Privacy in an Electronic Age

Chapter 12
Security and Privacy in an Electronic Age
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy and Security
Many companies and some government
departments have lost, misplaced, or
sold confidential information—some of it
medical
 With 2014 as a target year for
computerizing medical records, effective
security for the privacy of computerized
information is a necessity

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Information
Technology
Crime such as spreading viruses
 Natural disasters such as flood or fire
 Human error

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Computer Technology
and Crime
Computer technology
has led to new forms of
crime
 Crimes using
computers and crimes
against computers


Most are both—using
computers to harm
computers
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Computer Crime

Spreading viruses—
programs that
reproduce
themselves and
harm computers
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Computer Crime (cont)

Theft of information


Breaking into private databases, for
example, hospital databases, and
misusing information
Theft of services

Theft of cable TV
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Computer Crime (cont)

Fraud


Using a computer program to illegally
transfer money from one account to
another
Software piracy

Illegally copying copyrighted software
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Identity Theft
An identity thief needs only a few
pieces of information (such as Social
Security number, mother’s maiden
name) to steal your identity
 Among those who find out who stole
their identity, half are members of the
family or household

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Identity Theft (cont)
Identity theft rose between 2000 and
2003, however, it has now stabilized
 Currently 68% of victims do not
experience any financial loss

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Current Threats to
Computer Systems

Spyware


Software that can be installed without the user’s
knowledge to track their actions on a computer.
Adware may:


Display unwanted popup advertisements on your
monitor
Be related to the sites you search on the Web or
even the content of your email
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Current Threats to
Computer Systems (cont)

A fraudulent dialer can:
Connect the user with numbers without
the user’s knowledge
 Connect the user’s computer to an
expensive 900 number

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Current Threats to
Computer Systems (cont)
Keylogging can be used by anyone to
track anyone else’s keystrokes
 Malware includes many forms of malicious
hardware, software, and firmware
 Spybot Search and Destroy software can
remove malware, adware, spyware,
fraudulent dialers, and keyloggers from
your computer

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Security


Security systems try to protect computer
hardware, software, and data from harm by
restricting access, training employees, and
passing laws
Attempts at restricting access


PINs (personal identification numbers) or
passwords
Locking computer rooms and requiring employees
to carry ID cards and keys
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Security (cont)
 Biometric
methods
 Fingerprints
 Hand
prints
 Retina or iris scans
 Lip prints
 Facial thermography
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Security (cont)
 Biometrics
also include:
 Body
odor sensors; biometric
technology can use facial structure to
identify individuals
 Biometric keyboards can identify a
typist by fingerprints
 None
of these methods is foolproof
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Security (cont)


In 2006, a GAO (Government Accountability
Office) report concluded that “privacy laws do
not fully protect personal data when sold by
information resellers” like ChoicePoint
In the last 34 years, the Federal Trade
Commission “initiated more than 20
…enforcement actions…”, but does not have the
authority to penalize companies
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Backup Systems
No security system is foolproof
 A backup system is necessary

Copies of data
 Copies of software
 Off-site

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy

Privacy refers to
the right to
control your
personal
information
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy

Government databases maintained at
the local, state, and federal level
include
Tax information
 Welfare information
 Property ownership
 Driving records
 Criminal records

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy (cont)
There are legal restrictions on the
federal government and what it does
with information it collects
 There are few restrictions on state
and local jurisdictions

Some local jurisdictions sell information
 Some put the information on the Internet

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy (cont)

Private databases maintained by
corporations interested in buying
habits to personalize advertising; hold
information on:
Buying habits
 Credit rating
 Health information
 Reading habits

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy (cont)
Databases online with information
available for a fee
 The current existence of companies
that will link information from
government and private databases

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy (cont)

Real ID Act of 2005
“Directly imposes prescriptive federal
driver’s license standards” by the federal
government on the states
 Requires every American to have an
electronic identification card
 State DMVs must share all of the
information in their databases with all other
state DMVs’ databases; this creates a huge
database

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Threats to Privacy (cont)




RFID (radio frequency identification) tags
The FDA has approved the tags for medical use
In 2006 two employees of an Ohio company
had RFID tags embedded in their arms. The
company said it was “testing the technology as
a way of controlling access to a room”
These chips are very easily counterfeited
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy, Security, and Health
Care: HIPAA

Health Insurance
Portability and
Accountability Act of
1996 (HIPAA) is the
first federal legislation
to put a national floor
under the privacy of
medical information
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
HIPAA
HIPAA encourages the use of the
electronic medical record (EMR) and
encryption to protect its privacy
 HIPAA requires health care facilities
(protected entities) to conduct a risk
analysis and to address the risks

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
HIPAA (cont)
 Law
enforcement responsible for
HIPAA (the Department of Health and
Human Services Office of Civil Rights)
tends to simply respond to complaints
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
HIPPA (cont)
 The
HHS has only completed a few
compliance reviews
 Nor has the Department of Health and Human
Services Office of Civil Rights chosen to
prosecute high profile cases including “the theft
of millions of veterans records…. A California
health plan that left personal information about
patients on a public Web site for years, and a
Florida hospice that sold…personal patient
information to other hospices”
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
HIPAA (cont)
Between 2003 and 2006, there have
been 19,420 grievances, most of
them alleging privacy violations or
difficulty in getting records
 There have been two criminal
prosecutions

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
HIPAA (cont)



The government responded to 73% of the
complaints by saying there was no violation or
allowing the violating entity to fix the problem
HIPAA compliance is falling—five hundred
cases are still open; 309 may involve criminal
acts
Without enforcement a law may become
meaningless
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Medical Information Bureau
Comprised of 650 insurance companies
 Contains health information on 15 million
people
 Is used by medical insurers to help
determine insurance rates and whether
to grant or deny someone medical
coverage
 Specifically exempt from HIPAA

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Data Warehouses
Exist for the sole purpose of collecting
and selling personal information
 They sell information to credit bureaus
and to employers for background
checks
 Electronic databases are now being
linked into larger and more
comprehensive super databases

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy and Security


The USA PATRIOT Act weakens privacy
protections and requires institutions to give
government agents information without
informing the person
The future of privacy of medical information
under HIPAA and the USA PATRIOT Act
(which works against privacy) is not yet known
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Other Privacy Issues:
Telemedicine
Telemedicine raises
issues of the privacy of
medical information on
networks
 Telemedicine raises
issues of the privacy of
information that
routinely crosses state
lines

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Other Privacy Issues: E-mail



E-mail is not legally private
E-mail in a health care setting can be read
by many people, including clerks,
secretaries, and health care providers
Offices that use e-mail need to inform the
patient of who will read it, what issues may
be mentioned in e-mails, and the
turnaround time
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy and Genetic
Information
As research focuses on genetics and
an individual’s genetic probability of
developing certain diseases, privacy
issues arise
 Employers and insurance companies
could use it against employees and
consumers

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Privacy and Genetic
Information (cont)

Polls have consistently shown:
That Americans fear that genetic
information would be used against them
 One poll found that “63% of workers
would not take genetic tests if
employers could get access to the
results”

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Other Privacy Issues: The EMR
The electronic medical record (EMR),
like other information in electronic
form, is not secure
 HIPAA encourages its use
 HIPAA requires security measures for
all personally identifiable medical
information

Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Conclusion

The problems of protecting private
medical information may multiply if all
medical and health records are
digitized and put online under a
national system proposed by the
Health Information Technology
Decade
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Conclusion (cont)

A national database of health records
could improve health care by making
all your medical information
(including allergies, medications, and
most recent test results) available in
any hospital, doctor’s office and
emergency room
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.
Conclusion (cont)

If data were not secure (and as yet it
seems no data are secure):



Marketers could tailor advertising to people
with a particular disease
Lenders could disqualify people on the basis of
an estimate of how long they would live
Employers could deny employment or
promotion (although this is not legal)
Information Technology for the Health Professions, Third Edition
Lillian Burke and Barbara Weill
Copyright ©2009 by Pearson Education, Inc.
Upper Saddle River, New Jersey 07458
All rights reserved.