1 confidentiality, privacy, and security william a. yasnoff, md, phd oregon health division
TRANSCRIPT
![Page 1: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/1.jpg)
1
Confidentiality, Privacy, and Security
William A. Yasnoff, MD, PhD
Oregon Health Division
![Page 2: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/2.jpg)
2
Overview
Definitions Fair Information Practices Policies and Procedures Legislation Authentication Encryption Firewalls WWW security
![Page 3: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/3.jpg)
3
Definitions
PRIVACY: The right of individuals to hold information about themselves in secret, free from the knowledge of others.
![Page 4: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/4.jpg)
4
Definitions (continued)
CONFIDENTIALITY: The assurance that information about identifiable persons, the release of which would constitute an invasion of privacy for any individual, will not be disclosed without consent except as allowed by law.
![Page 5: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/5.jpg)
5
Definitions (continued)
SECURITY: The mechanisms by which confidentiality policies are implemented in computer systems, including provisions for:
–Access control
– Integrity
–Availability
![Page 6: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/6.jpg)
6
Definitions (continued)
IDENTIFIABLE INFORMATION: Any information, including but not limited to demographic information, which will identify or may reasonably lead to the identification of one or more specific individuals.
![Page 7: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/7.jpg)
7
Definitions (continued)
CONFIDENTIAL DATABASE: Any collection or grouping of information about individuals maintained by the Division in electronic form which is not comprised solely of public records subject to release on request, and the release of which could represent a breach of confidentiality. . . .
![Page 8: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/8.jpg)
8
Definitions (continued)
. . . Such information includes, but is not limited to demographic information, medical or testing histories, clinical information, employment or financial status, the results of special studies, participation in or exclusion from specific programs, sources of . . .
![Page 9: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/9.jpg)
9
Definitions (continued)
. . . information, or new collections of information derived from the linkage of one or more previously existing confidential databases.
![Page 10: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/10.jpg)
10
Fair Information Practices
Relevance Integrity Written Purpose Need-to-Know Access Correction Consent
![Page 11: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/11.jpg)
11
1. Relevance
All information collected should be necessary and relevant to public health or required by law.– individuals entitled to privacy– benefits of information should outweigh
privacy concerns– collection not overly burdensome, intrusive,
or coercive
![Page 12: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/12.jpg)
12
2. Integrity
The integrity of information should be protected.– prevent loss, interception, misuse– maintain accurate, complete, timely data– no unauthorized alteration or destruction
![Page 13: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/13.jpg)
13
3. Written Purpose
All information collected should be consistent with written public health purposes and/or required by law. – databases must have written purpose(s)– usage restricted to stated purpose(s)– linkage of databases considered a new
database
![Page 14: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/14.jpg)
14
4. Need-to-Know Access
All confidential information should be accessible only on a need-to-know basis, both internally and externally.– confidentiality agreements for all personnel– access terminated when duties change– no redisclosure– external release for research requires IRB
approval
![Page 15: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/15.jpg)
15
5. Correction
Individuals should have access to information about themselves and the ability to correct this information to the extent allowed by law.– maintain public list of all databases» name of database
» description of information included
» information sources (non-confidential)
– disputed data must be marked
![Page 16: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/16.jpg)
16
6. Consent
Information must be collected with the consent of the individual except as required by law.– informed consent» purpose of information collection
» data protections in place
» consequences of withholding information
– no consent if waived by law
![Page 17: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/17.jpg)
17
Confidentiality Policies
Fair Information Practices Data Release Restrictions Personnel Agreements
![Page 18: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/18.jpg)
18
Data Release Restrictions
Release without review is restricted
Denominator > 50 [population data]
Denominator > 10 [cohort data]
![Page 19: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/19.jpg)
19
Personnel Issues
All personnel to sign confidentiality agreements periodically
Special provisions for data system administrators
![Page 20: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/20.jpg)
20
Confidentiality Provisions
Definition of confidential information Need-to-know access only No redisclosure If questions, ask supervisor Breach will result in disciplinary action Confidentiality must be maintained
indefinitely
![Page 21: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/21.jpg)
21
Data System Administrators
Information used only as needed for administration of computer system
Access granted to others only in accordance with established policies and procedures
Disciplinary action for violations may be termination on first offense
![Page 22: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/22.jpg)
22
Legislation
Health Insurance Portability and Accountability Act (HIPAA) [1996]– privacy standards by August 1997– security standards by February 1998– universal health identifier
Fair Health Information Practices (bill introduced in 105th Congress)
![Page 23: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/23.jpg)
23
Security
Authentication Encryption Firewalls WWW
![Page 24: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/24.jpg)
24
Authentication
Who are you talking to? Methods– what the user knows (password)– what the user has (smartcard)– what the user is (biometrics)
![Page 25: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/25.jpg)
25
Passwords
Longer is better Never use dictionary words word1;word2 is good working model Never write or store passwords On network, passwords often travel in the
clear
![Page 26: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/26.jpg)
26
End-to-End Authentication Cryptography based Challenge-response– response generated with encryption– challenge varies to defeat interception
Time synchronized– password depends on time of day– user-carried device generates password– good for system administrators
![Page 27: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/27.jpg)
27
Kerberos User asks “key server” for access to target
system Key server creates message, encrypts with
user key, sends User decrypts message, then encrypts with
“access key” of target system Key server sends “session key” to user
and target system (both encrypted)
![Page 28: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/28.jpg)
28
Kerberos
Key server must be secure Allows mediation by third party of access
among multiple systems Potential model for electronic medical
record exchange Developed at MIT
![Page 29: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/29.jpg)
29
Cryptography
Convert plaintext into message readable only with “key”
DES = data encryption standard– 64 bit message– 56 bit key– uses repeated substitution, transposition– breakable in reasonable time with large
computer system (31 hrs @ $100K, 20 minutes @ $10 MM)
![Page 30: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/30.jpg)
30
Cryptography
Triple-DES– apply DES three times– three different keys (168 bits total)– now used for automated teller transactions
![Page 31: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/31.jpg)
31
Public Key Cryptography
Public Key– in phone directory
Private Key– known only to recipient
Message encrypted with either key can be decrypted with the other– sender encrypts with one key, receiver
decrypts with the other key
![Page 32: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/32.jpg)
32
RSA Cryptography
Public key is product p x q Private key is factors p, q Security derived from difficulty in
computing factors p, q if pq is large Larger key size provides more security
![Page 33: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/33.jpg)
33
Firewalls
Separate, dedicated computer system Filters packets based on source and/or
destination Mount disks read only Eliminate all unnecessary commands and
services Minimum number of user accounts
![Page 34: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/34.jpg)
34
Firewalls as Proxy Servers
Firewall connects to outside system, not your system
By acting as your “proxy”, your system is protected from the outside system
Can be used for– telnet (session)– ftp (file transfer)
![Page 35: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/35.jpg)
35
Intrusion Detection Look for unusual access patterns or activity Types of evaluation– statistical– rule-based
Example: lock account after 3 failed login attempts
Assume all systems are subject to attempted unauthorized use
![Page 36: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/36.jpg)
36
WWW Security
server scripts (Java) can execute programs on your machine!
Types of WWW security– SSL = secure sockets layer» secure “pipe” between two machines
» transparent to application
– S-HTTP = secure HTTP» secure “envelopes” for messages
» built into browsers
![Page 37: 1 Confidentiality, Privacy, and Security William A. Yasnoff, MD, PhD Oregon Health Division](https://reader033.vdocument.in/reader033/viewer/2022051619/56649db55503460f94aa743f/html5/thumbnails/37.jpg)
37
Security Pearls
Back up key files Use encryption on sensitive data Use good passwords Network security requires expertise– authentication– encryption– firewalls